Bill Text: CA AB499 | 2019-2020 | Regular Session | Amended
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Personal information: social security numbers: state agencies.
Spectrum: Bipartisan Bill
Status: (Passed) 2020-09-25 - Chaptered by Secretary of State - Chapter 155, Statutes of 2020. [AB499 Detail]
Download: California-2019-AB499-Amended.html
Bill Title: Personal information: social security numbers: state agencies.
Spectrum: Bipartisan Bill
Status: (Passed) 2020-09-25 - Chaptered by Secretary of State - Chapter 155, Statutes of 2020. [AB499 Detail]
Download: California-2019-AB499-Amended.html
|
Amended
IN
Senate
July 31, 2020 |
|
Amended
IN
Senate
July 08, 2020 |
|
Amended
IN
Assembly
January 15, 2020 |
|
Amended
IN
Assembly
April 11, 2019 |
CALIFORNIA LEGISLATURE—
2019–2020 REGULAR SESSION
Assembly Bill
No. 499
| Introduced by Assembly Member Mayes (Coauthor: Assembly Member Voepel) |
February 13, 2019 |
An act to amend Section 11019.7 of the Government Code, relating to state government.
LEGISLATIVE COUNSEL'S DIGEST
AB 499, as amended, Mayes.
Personal information: social security numbers: state agencies.
Existing law prohibits a state agency from sending any outgoing United States mail to an individual that contains personal information about that individual, including, but not limited to, the individual’s social security number, telephone number, driver’s license number, or credit card account number, unless that personal information is contained within sealed correspondence and cannot be viewed from the outside of that sealed correspondence.
This bill would prohibit a state agency from sending any outgoing United States mail that contains an individual’s social security number unless the number is truncated to its last 4 digits or in specified circumstances, including when federal law requires inclusion of the social security number or when documents are mailed to a current or prospective state employee. The bill would require each state
agency that mails a an individual’s full or truncated part of a social security number to that individual to report to the Legislature, on or before September 1, 2021, regarding when and why it does so. The bill would require a state agency that, in its own estimation, is unable to comply with the restrictions on mailing social security numbers that have not been truncated to submit an annual corrective action plan to the Legislature until it is in compliance. The bill would make the reports, action plans, and related correspondence confidential and would prohibit their public disclosure. The bill would require a state agency that is not in compliance with the restrictions on mailing social security numbers that
have not been truncated to offer to provide appropriate identity theft prevention and mitigation services to any individual, at no cost to the individual, to whom it sent outgoing United States mail that contained the individual’s full social security number, as specified.
Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest.
This bill would make legislative findings to that effect.
Digest Key
Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NOBill Text
The people of the State of California do enact as follows:
SECTION 1.
Section 11019.7 of the Government Code is amended to read:11019.7.
(a) A state agency shall not send any outgoing United States mail to an individual that contains personal information about that individual, including, but not limited to, the individual’s social security number, telephone number, driver’s license number, or credit card account number, unless that personal information is contained within sealed correspondence and cannot be viewed from the outside of that sealed correspondence.(b) (1) Notwithstanding any other law, commencing on or before January 1, 2023, a state agency shall not send any outgoing United States mail to an individual that contains the individual’s social security
number unless the number is truncated to its last four digits, except in the following circumstances:
(A) Federal law requires inclusion of the social security number.
(B) The documents are mailed to a current or prospective state employee.
(C) An individual erroneously mailed a document containing a social security number to a state agency, and the state agency is returning the original document by certified or registered United States mail.
(D) The Controller is returning documents to an individual previously submitted by the individual pursuant to Chapter 7 (commencing with Section 1500) of Title 10 of Part 3 of the Code of Civil
Procedure.
(2) (A) On or before September 1, 2021, each state agency that mails a an individual’s full or truncated part of a social security number to that individual shall report to the Legislature regarding when and why it does so.
(B) A state agency that, in its own estimation, is unable to comply with the requirement of paragraph (1) of this subdivision shall submit an annual corrective action plan to the Legislature until it is in compliance with that paragraph.
(C) A report or corrective action plan required by this paragraph, and communications made in connection with these documents that bear on what mailings do and do not contain an individual’s social security number, are confidential and shall not be disclosed to the public pursuant to any state law, including, but not limited to, the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1 of the Government Code).
(3) A state agency that is not in compliance with paragraph (1) shall offer to provide appropriate identity theft prevention and mitigation services for not less than 12 months to any individual, at no cost to the individual, to whom it sent outgoing United States mail that contained the individual’s full social security number, along
with all information necessary to take advantage of the offer.
(4) (A) The requirement for submitting a report imposed under subparagraph (A) of paragraph (2) is inoperative on January 1, 2024, pursuant to Section 10231.5 of the Government Code.
(B) A report to be submitted pursuant to subparagraph (A) or (B) of paragraph (2) shall be submitted in compliance with Section 9795 of the Government Code.
(c) “Outgoing United States mail” for the purposes of this section includes correspondence sent via a common carrier, including, but not limited to, a package express service and a courier service.
(d) Notwithstanding
subdivision (a) of Section 11000, “state agency” includes the California State University.
SEC. 2.
The Legislature finds and declares that Section 1 of this act, which amends Section 11019.7 of the Government Code, imposes a limitation on the public’s right of access to the meetings of public bodies or the writings of public officials and agencies within the meaning of Section 3 of Article I of the California Constitution. Pursuant to that constitutional provision, the Legislature makes the following findings to demonstrate the interest protected by this limitation and the need for protecting that interest:By preventing public disclosure of the reports and corrective action plans of state entities that mail social security numbers to individuals,
as well as communications related to these documents, this act limits the ability of identity thieves to target mail for theft and so promotes public safety.
