Unraveling Multimodality with Large Language Models.pdf
California Privacy Law: Resources & Protections
1. CA Privacy Law:
Resources & Protections
Joanne McNabb, Chief
Office of Privacy Protection
California Department of Consumer Affairs
Intellectual Property Society Seminar, January 20, 2004 1
2. Constitutional Right
All people are by nature free and independent
and have inalienable rights. Among these are
enjoying and defending life and liberty,
acquiring, possessing, and protecting
property, and pursuing and obtaining safety,
happiness, and privacy.
Article 1, Section 1, Constitution of the State of
California
2
3. Office of Privacy Protection
CA is only state with such an agency
Created by law passed in 2000
Purpose:
“protecting the privacy of individuals’
personal information in a manner consistent
with the California Constitution by identifying
consumer problems in the privacy area and
facilitating development of fair information
practices”
3
4. Office of Privacy Protection
Office functions
Consumer assistance
Education and information
Coordination with law enforcement
Best practice recommendations
4
5. Concerns of Contacts to OPP
40% 38%
30%
20% 17%
15%
9% 8%
10% 6%
2% 3% 3%
0%
s s s g l d l l
rn im tice etin cia i te i ca era PP
nc
e
V ict a c rk an o l ic ed en O
n
t Co eft Pr
em
a Fi ns M G
ef Th ies & Tel rU
T h ID i c th
e
ID Pol O
11/01-12/03 5
6. Education and Information
Consumer Information Sheets
ID theft prevention, victim checklist, “criminal”
ID theft
Protecting SSNs, reading privacy policies,
controlling unwanted communications
Health info privacy
Workshops and presentations
86 for consumers, 64 for business (11/01-12/03)
6
7. Work with Law Enforcement
Advisory Committee to High Tech
Crimes/Identity Theft Task Force
5 regional task forces of local, state and federal
law enforcement
Provide information on new laws via web site
Make case referrals
7
8. “Best Practice” Recommendations
Recommendations of “best practices,” beyond
legal requirements
By phone in response to requests
Written sets developed with advisory groups
SSN Confidentiality
Notification of Security Breach
8
10. Fair Information Practice Principles (FIPS)
Transparency
Collection Limitation
Purpose Specification
Use Limitation
Data Quality
Individual Participation
Security
Accountability
10
11. CA Privacy Laws & FIPs
Limits on collection of personal info
Limits on use of personal info
Requirements of notice of privacy rights
Limits on unwanted commercial communications
Requirements for data security
Requirements for individual access to personal
info
Rights & remedies for identity theft victims
11
12. Limits on Collection of Personal
Information
Ban on recording any personal info when accepting
payment by credit card
Ban on recording DL # when accepting payment by
check
Ban on collecting DL# and SSN for supermarket
club cards
Ban on wiretapping, CATV/satellite TV monitoring
Ban on state agency collecting personal info not
authorized by law or regulation (IPA)
12
13. Limits on Use of Personal Information 1
Info “swiped” from drivers licenses (except
for age verification, etc.)
Onward sharing of “marketing info” of credit
card holders subject to opt-out right
Public display of Social Security numbers
Onward sharing of personal info collected for
supermarket club cards
13
14. Limits on Use of Personal Information 2
Printing of >5 digits of credit card numbers on
electronic customer receipts
Onward sharing of residential telephone
customer calling patterns, financial info,
etc.
Use by state agency other than as
authorized by law (IPA, but cf. Public
Records Act)
14
15. Limits on Use of Personal Information 3
Onward sharing of medical info, other than
for TPO, subject to prior consent
Use of medical info for marketing
purposes, as defined
Limited access to birth/death certificates,
no SSNs or MMNs on publicly available
birth/death record indices
15
16. Limits on Use of Personal Information 4
Sharing of consumer credit & background
info, except for specified purposes, by CRAs,
Investigative RAs (but cf. FCRA/FACTA)
Sharing of personal financial info w/ 3rd
parties by financial institutions (SB 1, eff.
7/1/04)
Use of auto “black box” data for other than
vehicle safety, etc. (AB 213, eff. 7/1/04)
16
17. Notice Requirements 1
Notice of security breach involving specified
personal info
Notice to vets from county recorder re
DD214s as public records
Notice on collection of personal info by state
agencies (IPA)
Privacy policy notice in state offices and on
agency web sites
17
18. Notice Requirements 2
Notice of privacy policies/practices on
commercial web sites collecting personal info
on CA residents (AB 68, eff. 7/04)
Upon request, notice to customer of info
sharing details or opt-out opportunity (SB 27,
eff. 1/05)
Notice of presence of auto “black box” in
owner’s manual or subscription contract (AB
213, eff. 7/04)
18
19. Data Security
Destruction of customer records by businesses
by shredding, etc.
Activation process required on substitute
credit cards mailed to consumers
Credit/debit card “skimmers” outlawed
State agencies must use security safeguards to
protect personal info (IPA)
19
20. Individual Access to Information
Access to and right to correct personal info in
records of state agencies (IPA)
Access to and right to dispute personal info in
medical records (PAHRA, cf. federal HIPAA)
20
21. Limits on Commercial Communications
Do-Not-Call Registry (state/federal laws)
Ban on unsolicited commercial text messages
sent to cell phones/pagers
Ban on spam sent in violation of ISP’s policy
Ban on spam sent w/out prior consent of
recipient (but cf. federal CAN SPAM Act)
21
22. Identity Theft Rights & Remedies
Definition of crime, including possession of
documents with intent to defraud
Requirement of local police to take report
Expedited judicial process for victims
Database for victims of “criminal” ID theft
Victim rights in debt collection and against
claimants
Victim access to documents on fraudulent
accounts (but cf. FCRA/FACTA)
22
23. Joanne McNabb, Chief
Office of Privacy Protection
California Department of Consumer Affairs
400 R Street, Suite 3080
Sacramento, CA 95814
916-322-4420
www.privacy.ca.gov
866-785-9663
23