Today's Law As Amended

PDF |Add To My Favorites | print page

SB-1194 Privacy: lodging and common carriers.(2017-2018)



SECTION 1.
 The Legislature finds and declares all of the following:
(a) In 1972, California voters amended the California Constitution to include the right of privacy among the “inalienable” rights of all people. The amendment established a legal and enforceable right of privacy for every Californian. Fundamental to this right of privacy is the ability of individuals to control the use of their personal information.
(b) Since California voters approved the right of privacy, the California Legislature has adopted specific mechanisms to safeguard consumer privacy, including the California Consumer Privacy Act of 2018, the Online Privacy Protection Act, the Reader Privacy Act, the Privacy Rights for California Minors in the Digital World Act, and Shine the Light, a California law intended to give Californians the ‘who, what, where, and when’ of how businesses handle consumers’ personal information.
(c) Californians frequently have to disclose their sensitive personal information to third parties in order to accomplish routine activities: apply for a job; apply for housing; raise a child; drive a car or take transportation; or stay at a hotel or motel.
(d) California law has not kept pace with these developments and the personal privacy implications surrounding the collection, use, and protection of personal information by third parties.
(e) Many businesses collect personal information from California consumers. They may know where a consumer lives, how many children a consumer has, where a consumer lives and works, where a consumer travels and where they stay on their trip, how fast a consumer drives, a consumer’s personality, sleep habits, biometric and health information, financial information, precise geolocation information, and social networks, to name a few categories.
(f) The unauthorized disclosure of personal information and the loss of privacy can have devastating effects for individuals, including financial fraud, identity theft, unnecessary costs to personal time and finances, destruction of property, harassment, reputational damage, emotional stress, and even potential physical harm.
(g) When Californians leave their homes to travel via bus or stay at lodging establishments throughout their state, they desire assurances that these businesses will respect their privacy and safeguard their personal information from improper disclosure.
(h) Protecting the privacy of personal information promotes consumer confidence and encourages both residents and visitors to travel to and within California and to patronize California businesses.
(i) Therefore, it is the intent of the Legislature to further Californians’ right to privacy by ensuring that the personal information disclosed by patrons of lodging establishments and bus companies is used for the intended business purposes and not improperly disclosed.

SEC. 2.

 Section 53.5 is added to the Civil Code, to read:

53.5.
 (a) Notwithstanding any other law, except as specified in this section, an innkeeper, hotelkeeper, motelkeeper, lodginghouse keeper, or owner or operator of an inn, hotel, motel, lodginghouse, or other similar accommodations, or any employee or agent thereof, who offers or accepts payment for rooms, sleeping accommodations, or board and lodging, or other similar accommodation, shall not disclose, produce, provide, release, transfer, disseminate, or otherwise communicate, except to a California peace officer, all or any part of a guest record orally, in writing, or by electronic or any other means to a third party without a court-issued subpoena, warrant, or order.
(b) Notwithstanding any other law, except as specified in this section, an owner or operator of a private or charter bus transportation company, or any employee or agent thereof, shall not disclose, produce, provide, release, transfer, disseminate, or otherwise communicate, except to a California peace officer, all or any part of a passenger manifest record orally, in writing, or by electronic or any other means to a third party without a court-issued subpoena, warrant, or order.
(c) “Guest record” for purposes of this section includes any record that identifies an individual guest, boarder, occupant, lodger, customer, or invitee, including, but not limited to, his or her name, social security number or other unique identifying number, date of birth, location of birth, address, telephone number, driver’s license number, other official form of identification, credit card number, or automobile license plate number.
(d) “Passenger manifest record” for purposes of this section includes any record that identifies an individual guest, passenger, customer, or invitee, including, but not limited to, his or her name, social security number or other unique identifying number, date of birth, location of birth, address, telephone number, driver’s license number, other official form of identification, credit card number, or automobile license plate number.
(e) “Court issued subpoena, warrant, or order” for purposes of this section is limited to subpoenas, warrants, or orders issued by a judicial officer. An administrative subpoena, warrant, or order is not sufficient for purposes of this section.
(f) “Third-party service provider,” for the purposes of this section, means an entity contracted to provide services outlined in the contract that has no independent right to use or share the data beyond the terms of the contract. Records shared with a third-party service provider shall be subject to limitations on further disclosure as described in subdivisions (a) and (b), except as otherwise permitted by this section.
(g) This section shall not be construed to prevent a government entity from requiring a private business to provide business records during an audit or inspection if those records omit the personal information described in subdivisions (c) and (d).
(h) This section shall not be construed to prevent a private business from providing business records containing a guest’s or passenger’s name, address, credit card number, or driver’s license number to a third-party service provider, if required, for the sole purpose of effectuating financial payment, including, approving or processing negotiable instruments, electronic fund transfers, or similar methods of payment, from a guest or passenger to the private business for a good or service, or from providing business records to a third-party service provider that the private business contracts with for business-related services.
(i) This section shall not be construed to prevent a private business from providing, where required, business records to a government entity in order to comply with state and federal laws regarding financial oversight and privacy, including, but not limited to, the federal Gramm-Leach-Bliley Act (12 U.S.C. Sec. 6801). Records shared with a government entity or in compliance with the federal Gramm-Leach-Bliley Act shall be subject to the limitations on further disclosure as described in subdivisions (a) and (b), except as otherwise permitted by this section.
(j) This section shall not be construed to prevent a private business from disclosing records in a criminal investigation if a law enforcement officer in good faith believes that an emergency involving imminent danger of death or serious bodily injury to a person requires a warrantless search, to the extent permitted by law.
(k) This section shall not be construed to compel disclosure of a guest record or passenger manifest record by an inkeeper, motelkeeper, lodginghouse keeper, or owner or operator of an inn, hotel, motel, lodginghouse, or other similar accommodation, or an owner or operator of a private or charter bus transportation company, in the absence of a court-issued subpoena, warrant, or order.