symtym

Personal Sunshine

• 1.1.05 at 1222 | # |
  

  New year brings new and sharper teeth to personal privacy in California à la (infra).

  Thwarting Big Brother | Scientific American | December 2004

  The federal government provides substantial protection of personal information in official files and maintains a “do not call” list, but overall it offers few safeguards for private data. Federal laws do not shield medical and library records and give only partial protection to financial records. The passage of antiterrorism laws in 2001 permitted more intrusive electronic surveillance. Although Congress has considered ways to guard Social Security numbers since 1991, it has failed to enact legislation. …

  Topping the list is California, where the legislature has recently passed new, stronger privacy laws and where the courts are vigilant in their enforcement. Second-place Minnesota and Hawaii, also a top-tier state, are with California in being the only states that have offices dedicated to the assurance of personal privacy. Washington State and Wisconsin tie for third place.

  Degree of Privacy Protection 2004
  (Modified from Scientific American 291:6, 33, December 2004; Privacy Journal)

  

  California Civil Code § 1798.83 | Effective 1.1.05

  • (a) Except as otherwise provided in subdivision (d), if a business has an established business relationship with a customer and has within the immediately preceding calendar year disclosed personal information that corresponds to any of the categories of personal information set forth in paragraph (6) of subdivision (e) to third parties, and if the business knows or reasonably should know that the third parties used the personal information for the third parties’ direct marketing purposes, that business shall, after the receipt of a written or electronic mail request, or, if the business chooses to receive requests by toll-free telephone or facsimile numbers, a telephone or facsimile request from the customer, provide all of the following information to the customer free of charge:
  • • (1) In writing or by electronic mail, a list of the categories set forth in paragraph (6) of subdivision (e) that correspond to the personal information disclosed by the business to third parties for the third parties’ direct marketing purposes during the immediately preceding calendar year.
    • (2) In writing or by electronic mail, the names and addresses of all of the third parties that received personal information from the business for the third parties’ direct marketing purposes during the preceding calendar year and, if the nature of the third parties’ business cannot reasonably be determined from the third parties’ name, examples of the products or services marketed, if known to the business, sufficient to give the customer a reasonable indication of the nature of the third parties’ business.
  • (b)
    • (1) A business required to comply with this section shall designate a mailing address, electronic mail address, or, if the business chooses to receive requests by telephone or facsimile, a toll-free telephone or facsimile number, to which customers may deliver requests pursuant to subdivision (a). A business required to comply with this section shall, at its election, do at least one of the following:
      • (A) Notify all agents and managers who directly supervise employees who regularly have contact with customers of the designated addresses or numbers or the means to obtain those addresses or numbers and instruct those employees that customers who inquire about the business’ privacy practices or the business’ compliance with this section shall be informed of the designated addresses or numbers or the means to obtain the addresses or numbers.
      • (B) Add to the home page of its Web site, a link either to a page titled “Your Privacy Rights” or to add the words “Your Privacy Rights,” to the home page’s link to the business’ privacy policy. If the business elects to add the words “Your Privacy Rights” to the link to the business’ privacy policy, the words “Your Privacy Rights” shall be in the same style and size of the link to the business’ privacy policy. If the business does not display a link to its privacy policy on the home page of its Web site, or does not have a privacy policy, the words “Your Privacy Rights” shall be written in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks that call attention to the language. The first page of the link shall describe a customer’s rights pursuant to this section and shall provide the designated mailing address, e-mail address, as required, or toll-free telephone number or facsimile number, as appropriate. If the business elects to add the words “Your California Privacy Rights” to the home page’s link to the business’ privacy policy in a manner that complies with this subdivision, and the first page of the link describes a customer’s rights pursuant to this section, and provides the designated mailing address, electronic mailing address, as required, or toll-free telephone or facsimile number, as appropriate, the business need not respond to requests that are not received at one of the designated addresses or numbers.
      • (C) Make the designated addresses or numbers, or means to obtain the designated addresses or numbers, readily available upon request of a customer at every place of business in California where the business or its agents regularly have contact with customers.
        The response to a request pursuant to this section received at one of the designated addresses or numbers shall be provided within 30 days. Requests received by the business at other than one of the designated addresses or numbers shall be provided within a reasonable period, in light of the circumstances related to how the request was received, but not to exceed 150 days from the date received.
    • (2) A business that is required to comply with this section and Section 6803 of Title 15 of the United States Code may comply with this section by providing the customer the disclosure required by Section 6803 of Title 15 of the United States Code, but only if the disclosure also complies with this section.
    • (3) A business that is required to comply with this section is not obligated to provide information associated with specific individuals and may provide the information required by this section in standardized format.
  • (c)
    • (1) A business that is required to comply with this section is not obligated to do so in response to a request from a customer more than once during the course of any calendar year. A business with fewer than 20 full-time or part-time employees is exempt from the requirements of this section.
    • (2) If a business that is required to comply with this section adopts and discloses to the public, in its privacy policy, a policy of not disclosing personal information of customers to third parties for the third parties’ direct marketing purposes unless the customer first affirmatively agrees to that disclosure, or of not disclosing the personal information of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option that prevents that information from being disclosed to third parties for those purposes, as long as the business maintains and discloses the policies, the business may comply with subdivision (a) by notifying the customer of his or her right to prevent disclosure of personal information, and providing the customer with a cost-free means to exercise that right.
  • (d) The following are among the disclosures not deemed to be disclosures of personal information by a business for a third parties’ direct marketing purposes for purposes of this section:
    • (1) Disclosures between a business and a third party pursuant to contracts or arrangements pertaining to any of the following:
      • (A) The processing, storage, management, or organization of personal information, or the performance of services on behalf of the business during which personal information is disclosed, if the third party that processes, stores, manages, or organizes the personal information does not use the information for a third party’s direct marketing purposes and does not disclose the information to additional third parties for their direct marketing purposes.
      • (B) Marketing products or services to customers with whom the business has an established business relationship where, as a part of the marketing, the business does not disclose personal information to third parties for the third parties’ direct marketing purposes.
      • (C) Maintaining or servicing accounts, including credit accounts and disclosures pertaining to the denial of applications for credit or the status of applications for credit and processing bills or insurance claims for payment.
      • (D) Public record information relating to the right, title, or interest in real property or information relating to property characteristics, as defined in Section 408.3 of the Revenue and Taxation Code, obtained from a governmental agency or entity or from a multiple listing service, as defined in Section 1087, and not provided directly by the customer to a business in the course of an established business relationship.
      • (E) Jointly offering a product or service pursuant to a written agreement with the third party that receives the personal information, provided that all of the following requirements are met:
        • (i) The product or service offered is a product or service of, and is provided by, at least one of the businesses that is a party to the written agreement.
        • (ii) The product or service is jointly offered, endorsed, or sponsored by, and clearly and conspicuously identifies for the customer, the businesses that disclose and receive the disclosed personal information.
        • (iii) The written agreement provides that the third party that receives the personal information is required to maintain the confidentiality of the information and is prohibited from disclosing or using the information other than to carry out the joint offering or servicing of a product or service that is the subject of the written agreement.
    • (2) Disclosures to or from a consumer reporting agency of a customer’s payment history or other information pertaining to transactions or experiences between the business and a customer if that information is to be reported in, or used to generate, a consumer report as defined in subdivision (d) of Section 1681a of Title 15 of the United States Code, and use of that information is limited by the federal Fair Credit Reporting Act (15 U.S.C. Sec. 1681 et seq.).
    • (3) Disclosures of personal information by a business to a third party financial institution solely for the purpose of the business obtaining payment for a transaction in which the customer paiad the business for goods or services with a check, credit card, charge card, or debit card, if the customer seeks the information required by subdivision (a) from the business obtaining payment, whether or not the business obtaining payment knows or reasonably should know that the third party financial institution has used the personal information for its direct marketing purposes.
    • (4) Disclosures of personal information between a licensed agent and its principal, if the personal information disclosed is necessary to complete, effectuate, administer, or enforce transactions between the principal and the agent, whether or not the licensed agent or principal also uses the personal information for direct marketing purposes, if that personal information is used by each of them solely to market products and services directly to customers with whom both have established business relationships as a result of the principal and agent relationship.
    • (5) Disclosures of personal information between a financial institution and a business that has a private label credit card, affinity card, retail installment contract, or cobranded card program with the financial institution, if the personal information disclosed is necessary for the financial institution to maintain or service accounts on behalf of the business with which it has a private label credit card, affinity card, retail installment contract, or branded card program, or to complete, effectuate, administer, or enforce customer transactions or transactions between the institution and the business, whether or not the institution or the business also uses the personal information for direct marketing purposes, if that personal information is used solely to market products and services directly to customers with whom both the business and the financial institution have established business relationships as a result of the private label credit card, affinity card, retail installment contract, or cobranded card program.
  • (e) For purposes of this section:
    • (1) “Customer” means an individual who is a resident of California who provides personal information to a business during the creation of, or throughout the duration of, an established business relationship if the business relationship is primarily for personal, family, or household purposes.
    • (2) “Direct marketing purposes” means the use of personal information to solicit or induce a purchase, rental, lease, or exchange of products, goods, property, or services directly to individuals by means of the mail, telephone, or electronic mail for their personal, family, or household purposes. The sale, rental, exchange, or lease of personal information for consideration to businesses is a direct marketing purpose of the business that sells, rents, exchanges, or obtains consideration for the personal information. “Direct marketing purposes” does not include the use of personal information (A) by bona fide tax exempt charitable or religious organizations to solicit charitable contributions, (B) to raise funds from and communicate with individuals regarding politics and government, (C) by a third party when the third party receives personal information solely as a consequence of having obtained for consideration permanent ownership of accounts that might contain personal information, or (D) by a third party when the third party receives personal information solely as a consequence

   

Add New Comment

Subscribe:  This Thread

Go to:  My Comments ·  Community Page

Thanks. Your comment is awaiting approval by a moderator.

Do you already have an account? Log in and claim this comment.