Bill Text: CA SB741 | 2015-2016 | Regular Session | Amended
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Mobile communications: privacy.
Spectrum: Slight Partisan Bill (Democrat 2-1)
Status: (Passed) 2015-10-08 - Chaptered by Secretary of State. Chapter 659, Statutes of 2015. [SB741 Detail]
Download: California-2015-SB741-Amended.html
Bill Title: Mobile communications: privacy.
Spectrum: Slight Partisan Bill (Democrat 2-1)
Status: (Passed) 2015-10-08 - Chaptered by Secretary of State. Chapter 659, Statutes of 2015. [SB741 Detail]
Download: California-2015-SB741-Amended.html
BILL NUMBER: SB 741 AMENDED
BILL TEXT
AMENDED IN SENATE MAY 19, 2015
INTRODUCED BY Senator Hill
( Coauthors: Senators
Anderson and Leno )
FEBRUARY 27, 2015
An act to add Article 11 (commencing with Section 53166) to
Chapter 1 of Part 1 of Division 2 of Title 5 of the Government Code,
relating to communications.
LEGISLATIVE COUNSEL'S DIGEST
SB 741, as amended, Hill. Mobile communications: privacy.
Existing law makes it a crime to manufacture, assemble, sell,
advertise for sale, possess, transport, import, or furnish to another
an a device that is primarily or
exclusively designed or intended for eavesdropping upon the
communication of another, or any device that is primarily or
exclusively designed or intended for the unauthorized interception of
reception of communications between a cellular radio telephone, as
defined, and a landline telephone or other cellular radio telephone.
Existing law additionally makes it a crime to purchase, sell, offer
to purchase or sell, or conspire to purchase or sell, any telephone
calling pattern record or list, without the written consent of the
subscriber, or to procure, obtain, attempt to obtain, or conspire to
obtain, any calling pattern record or list through fraud or deceit.
Existing law contains certain exemptions from these crimes for law
enforcement agencies.
This bill would require every local agency that operates
cellular communications interception technology, as defined, to (1)
ensure that information and data gathered through use of that
technology is protected with reasonable operational, administrative,
te chnical, and physical safeguards to ensure its
confidentiality and integrity, (2) implement and maintain reasonable
security procedures and practices in order to protect information and
data gathered through use of the technology from unauthorized
access, destruction, use, modification, or disclosure, and (3)
implement and maintain a usage and privacy policy, as specified, to
ensure that the collection, use, maintenance, sharing, and
dissemination of information and data gathered through use of the
technology is consistent with respect for an individual's privacy and
civil liberties. The bill would prohibit a local agency from
acquiring or using cellular communications interception technology
, as defined, unless that acquisition or use is
approved by a resolution or ordinance adopted by its legislature body
at a regularly scheduled public meeting of the legislative body at
which members of the public are afforded a reasonable opportunity to
comment. The bill would require that the resolution or ordinance set
forth the policies of the local agency as to authorized uses
of cellular communications interception technology, and as to the
use, protection from unauthorized disclosure, and disposal of data
obtained through that technology. If described above
in (1), (2), and (3). The bill would require that the local agency
make the usage and privacy policy available in writing and
if the local agency maintains an Internet Web site,
the bill would require the agency to conspicuously post
these the usage and privacy policies on
that site. The bill would, in addition to any other
sanctions, penalties, or remedies provided by law, authorize an
individual who has been harmed by a violation of these provisions to
bring a civil action in any court of competent jurisdiction against a
person who knowingly caused that violation.
Vote: majority. Appropriation: no. Fiscal committee: no.
State-mandated local program: no.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. Article 11 (commencing with Section 53166) is added to
Chapter 1 of Part 1 of Division 2 of Title 5 of the Government Code,
to read:
Article 11. Cellular Communications Interception
53166. (a) For purposes of this article, the following terms have
the following meanings:
(1) "Cellular communications interception technology" means any
device that intercepts mobile telephony calling information or
content, including an international mobile subscriber identity
catcher or other virtual base transceiver station that masquerades as
a cellular station and logs mobile telephony calling information.
(2) "Local agency" means any city, county, city and county,
special district, authority, community redevelopment agency, or other
political subdivision of the state, and includes every county
sheriff and city police department.
(b) Every local agency that operates cellular communications
interception technology shall do all of the following:
(1) Ensure that information and data gathered through the use of
cellular communications interception technology is protected with
reasonable operational, administrative, technical, and physical
safeguards to ensure its confidentiality and integrity.
(2) Implement and maintain reasonable security procedures and
practices in order to protect information and data gathered through
the use of cellular communications interception technology from
unauthorized access, destruction, use, modification, or disclosure.
(3) Implement and maintain a usage and privacy policy in order to
ensure that the collection, use, maintenance, sharing, and
dissemination of information and data gathered through the use of
cellular communications interception technology is consistent with
respect for an individual's privacy and civil liberties. This usage
and privacy policy shall be available in writing, and, if the local
agency has an Internet Web site, the usage and privacy policy shall
be posted conspicuously on that Internet Web site. The usage and
privacy policy shall, at a minimum, include all of the following:
(A) The authorized purposes for using cellular communications
interception technology and for collecting information or data using
that technology.
(B) A description of the employees who are authorized to use, or
access information or data collected through the use of, cellular
communications interception technology. The policy shall identify the
training requirements necessary for those authorized employees.
(C) A description of how the use of cellular communications
interception technology will be monitored to ensure compliance with
all applicable privacy laws and a process for periodic system audits.
(D) A description of reasonable measures that will be used to
ensure the accuracy of information or data gathered through the use
of cellular communications interception technology and a process to
correct errors.
(E) A description of how the local agency will comply with the
security procedures and practices implemented and maintained pursuant
to paragraph (2).
(F) The length of time information or data gathered through the
use of cellular communications interception technology will be stored
or retained, and the process the local agency will utilize to
determine if and when to destroy stored or retained information or
data.
(G) The official custodian, or owner, of information or data
gathered through the use of cellular communications interception
technology and which employees have the responsibility and
accountability for implementing this subdivision.
(H) The purpose of, and process for, sharing or disseminating
information or data gathered through the use of cellular
communications interception technology with other persons. The policy
shall also identify how the use or further sharing or dissemination
of that information or data will be restricted in order to ensure
respect for an individual's privacy and civil liberties.
(b)
(c) No local agency may acquire or use cellular
communications interception technology unless approved by its
legislative body by adoption of a resolution or ordinance authorizing
that acquisition or use.
(c)
(d) The legislative body of a local agency shall not
approve a resolution or ordinance authorizing the acquisition or use
of cellular communications interception technology, unless the
resolution or ordinance is adopted at a regularly scheduled public
meeting of the legislative body at which members of the public are
afforded a reasonable opportunity to comment upon the proposed
resolution or ordinance. The resolution or ordinance shall set forth
the policies of the local agency as to the circumstances
when cellular communications interception technology may be employed,
and usage and privacy policies, which shall include, but need not be
limited to, how data obtained through use of the technology is to be
used, protected from unauthorized disclosure, and disposed of once
it is no longer needed. required by paragraph (3) of
subdivision (b).
(d) If the local agency maintains an Internet Web site, the
cellular communications interception technology usage and privacy
policies shall be posted conspicuously on that site.
(e) In addition to any other sanctions, penalties, or remedies
provided by law, an individual who has been harmed by a violation of
this section may bring a civil action in any court of competent
jurisdiction against a person who knowingly caused that violation.
The court may award a combination of any one or more of the
following:
(1) Actual damages, but not less than liquidated damages in the
amount of two thousand five hundred dollars ($2,500).
(2) Punitive damages upon proof of willful or reckless disregard
of the law.
(3) Reasonable attorney's fees and other litigation costs
reasonably incurred.
(4) Other preliminary and equitable relief as the court determines
to be appropriate.
