Bill Text

PDF |Add To My Favorites |Track Bill | print page

AB-608 Consumer credit reports: security freezes: protected consumers. (2017-2018)

SHARE THIS:share this bill in Facebookshare this bill in Twitter
Date Published: 01/03/2018 02:00 PM
AB608:v96#DOCUMENT

Amended  IN  Assembly  January 03, 2018
Amended  IN  Assembly  May 03, 2017
Amended  IN  Assembly  March 01, 2017

CALIFORNIA LEGISLATURE— 2017–2018 REGULAR SESSION

Assembly Bill No. 608


Introduced by Assembly Member Irwin

February 14, 2017


An act to amend Section 1546.1 of the Penal Code, relating to the Electronic Communications Privacy Act. Section 1785.11.11 of the Civil Code, relating to consumer credit.


LEGISLATIVE COUNSEL'S DIGEST


AB 608, as amended, Irwin. Electronic Communications Privacy Act. Consumer credit reports: security freezes: protected consumers.
The Consumer Credit Reporting Agencies Act permits a consumer to place a security freeze on his or her credit report to prohibit the release of the consumer’s credit reporting information, subject to certain exceptions, by making a request in writing by mail to a consumer credit reporting agency.
The act also requires a consumer credit reporting agency, in certain circumstances, to place a security freeze on behalf of a “protected consumer,” defined to include an individual under 16 years of age at the time a request for the placement of a security freeze is made, an incapacitated person, an individual for whom a guardian or conservator has been appointed, or a person in foster care under county jurisdiction who meets certain conditions. With respect to placing a security freeze for a protected consumer, a consumer credit reporting agency is required to do so if it receives a request from the protected consumer’s representative, along with certain identifying information and proof of authority to act on behalf of the protected consumer, and if that representative pays to the consumer credit reporting agency a fee, not to exceed $10 for each placement or removal of a security freeze, subject to specified exceptions.
This bill would prohibit a consumer credit reporting agency from charging fees for these services.

Existing law, the Electronic Communications Privacy Act, prohibits a government entity from compelling the production of, or access to, electronic communication information or electronic device information, as defined, without a search warrant, wiretap order, order for electronic reader records, or subpoena issued pursuant to specified conditions.

Existing law requires a warrant issued pursuant to the act to require that any information obtained through the execution of the warrant, that is unrelated to the objective of the warrant, be sealed and not be subject to further review, use, or disclosure. Existing law also provides that the warrant may require that the information be destroyed as soon as feasible after the termination of the investigation and any related investigations or proceedings.

This bill would specify the manner in which unrelated information obtained pursuant to a warrant is to be sealed, and by whom. The bill would also clarify that the information may be retained, before being destroyed, through the conclusion of any proceeding, including appellate proceedings.

Vote: MAJORITY   Appropriation: NO   Fiscal Committee: NO   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 Section 1785.11.11 of the Civil Code is amended to read:

1785.11.11.
 (a) A consumer credit reporting agency shall place a security freeze for a protected consumer if both of the following occur:
(1) The consumer credit reporting agency receives a request from the protected consumer’s representative for the placement of the security freeze pursuant to this section.
(2) The protected consumer’s representative does all of the following:
(A) Submits the request to the consumer credit reporting agency at the address or other point of contact and in the manner specified by the consumer credit reporting agency.
(B) Provides to the consumer credit reporting agency sufficient proof of identification of the protected consumer and the representative.
(C) Provides to the consumer credit reporting agency sufficient proof of authority to act on behalf of the protected consumer.

(D)Pays to the consumer credit reporting agency a fee as authorized by subdivision (i).

(b) If a consumer credit reporting agency does not have a file pertaining to a protected consumer when the consumer credit reporting agency receives a request pursuant to paragraph (1) of subdivision (a), the consumer credit reporting agency shall create a record for the protected consumer.
(c) If a protected consumer’s representative requests a security freeze, the consumer credit reporting agency shall disclose the process for placing and removing a security freeze.
(d) Within 30 days after receiving a request that meets the requirements of subdivision (a), a consumer credit reporting agency shall place a security freeze for the protected consumer. The consumer credit reporting agency shall send written confirmation of the security freeze to the address on file within 10 days of the placement of the security freeze.
(e) Unless a security freeze for a protected consumer is removed pursuant to subdivision (h) or (j), a consumer credit reporting agency shall not release the protected consumer’s consumer credit report, any information derived from the protected consumer’s consumer credit report, or any record created for the protected consumer.
(f) A security freeze for a protected consumer placed pursuant to this section shall remain in effect until either of the following occurs:
(1) The protected consumer or the protected consumer’s representative requests that the consumer credit reporting agency remove the security freeze in accordance with subdivision (h).
(2) The security freeze is removed in accordance with subdivision (j).
(g) To remove a security freeze, a protected consumer or a protected consumer’s representative shall do all both of the following:
(1) Submit a request for removal of the security freeze to the consumer credit reporting agency at the address or other point of contact and in the manner specified by the consumer credit reporting agency.
(2) Provide to the consumer credit reporting agency:
(A) If the request is made by the protected consumer:
(i) Proof that the sufficient proof of authority for the protected consumer’s representative to act on behalf of the protected consumer is no longer valid, he or she has been emancipated, or he or she is 16 years of age or older.
(ii) Sufficient proof of identification of the protected consumer.
(B) If the request is made by the representative of a protected consumer:
(i) Sufficient proof of identification of the protected consumer and the representative.
(ii) Sufficient proof of authority to act on behalf of the protected consumer.

(3)Pay to the consumer credit reporting agency a fee as authorized by subdivision (i).

(h) Within 30 days after receiving a request that meets the requirements of subdivision (g), a consumer credit reporting agency shall remove a security freeze for a protected consumer.
(i) (1)Except as provided in paragraph (2), a A consumer credit reporting agency may not charge a fee for any service performed pursuant to this section.

(2)A consumer credit reporting agency is authorized to charge a reasonable fee, not exceeding ten dollars ($10), for each placement or removal of a security freeze for a protected consumer.

(3)Notwithstanding paragraph (2), a consumer credit reporting agency shall not charge any fee pursuant to this section under any of the following circumstances:

(A)The protected consumer’s representative has received a report of alleged identity theft against the protected consumer under Section 530.5 of the Penal Code and has provided copy of the report to the consumer credit reporting agency.

(B)The request for the placement or removal of a security freeze is for a protected consumer who is under 16 years of age at the time of the request and the consumer credit reporting agency has a report pertaining to the protected consumer.

(C)The request for the placement or removal of a security freeze is for a protected consumer who has been placed in a foster care setting.

(j) A consumer credit reporting agency is authorized to remove a security freeze for a protected consumer or to delete a record of a protected consumer if the security freeze was placed or the record was created based upon a material misrepresentation of fact by the protected consumer or the protected consumer’s representative.
(k) A consumer credit reporting agency may develop procedures involving the use of telephone, mail, fax, the Internet, or other electronic media to receive and process a request for a protected consumer’s security freeze to be placed or removed.

SECTION 1.Section 1546.1 of the Penal Code is amended to read:
1546.1.

(a)Except as provided in this section, a government entity shall not do any of the following:

(1)Compel the production of or access to electronic communication information from a service provider.

(2)Compel the production of or access to electronic device information from any person or entity other than the authorized possessor of the device.

(3)Access electronic device information by means of physical interaction or electronic communication with the electronic device. This section does not prohibit the intended recipient of an electronic communication from voluntarily disclosing electronic communication information concerning that communication to a government entity.

(b)A government entity may compel the production of or access to electronic communication information from a service provider, or compel the production of or access to electronic device information from any person or entity other than the authorized possessor of the device only under the following circumstances:

(1)Pursuant to a warrant issued pursuant to Chapter 3 (commencing with Section 1523) and subject to subdivision (d).

(2)Pursuant to a wiretap order issued pursuant to Chapter 1.4 (commencing with Section 629.50) of Title 15 of Part 1.

(3)Pursuant to an order for electronic reader records issued pursuant to Section 1798.90 of the Civil Code.

(4)Pursuant to a subpoena issued pursuant to existing state law, provided that the information is not sought for the purpose of investigating or prosecuting a criminal offense, and compelling the production of or access to the information via the subpoena is not otherwise prohibited by state or federal law. Nothing in this paragraph shall be construed to expand any authority under state law to compel the production of or access to electronic information.

(5)Pursuant to an order for a pen register or trap and trace device, or both, issued pursuant to Chapter 1.5 (commencing with Section 630) of Title 15 of Part 1.

(c)A government entity may access electronic device information by means of physical interaction or electronic communication with the device only as follows:

(1)Pursuant to a warrant issued pursuant to Chapter 3 (commencing with Section 1523) and subject to subdivision (d).

(2)Pursuant to a wiretap order issued pursuant to Chapter 1.4 (commencing with Section 629.50) of Title 15 of Part 1.

(3)Pursuant to a tracking device search warrant issued pursuant to paragraph (12) of subdivision (a) of Section 1524 and subdivision (b) of Section 1534.

(4)With the specific consent of the authorized possessor of the device.

(5)With the specific consent of the owner of the device, only when the device has been reported as lost or stolen.

(6)If the government entity, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires access to the electronic device information.

(7)If the government entity, in good faith, believes the device to be lost, stolen, or abandoned, provided that the government entity shall only access electronic device information in order to attempt to identify, verify, or contact the owner or authorized possessor of the device.

(8)Except where prohibited by state or federal law, if the device is seized from an inmate’s possession or found in an area of a correctional facility or a secure area of a local detention facility where inmates have access, the device is not in the possession of an individual, and the device is not known or believed to be the possession of an authorized visitor. This paragraph shall not be construed to supersede or override Section 4576.

(9)Except where prohibited by state or federal law, if the device is seized from an authorized possessor of the device who is serving a term of parole under the supervision of the Department of Corrections and Rehabilitation or a term of postrelease community supervision under the supervision of county probation.

(10)Except where prohibited by state or federal law, if the device is seized from an authorized possessor of the device who is subject to an electronic device search as a clear and unambiguous condition of probation, mandatory supervision, or pretrial release.

(11)If the government entity accesses information concerning the location or the telephone number of the electronic device in order to respond to an emergency 911 call from that device.

(12)Pursuant to an order for a pen register or trap and trace device, or both, issued pursuant to Chapter 1.5 (commencing with Section 630) of Title 15 of Part 1.

(d)Any warrant for electronic information shall comply with the following:

(1)The warrant shall describe with particularity the information to be seized by specifying, as appropriate and reasonable, the time periods covered, the target individuals or accounts, the applications or services covered, and the types of information sought. The court may determine that it is not appropriate in the warrant described in paragraph (1) of subdivision (c) to specify time periods because of the specific circumstances of the investigation, including, but not limited to, the nature of the device to be searched.

(2)The warrant shall require that any information obtained through the execution of the warrant that is unrelated to the objective of the warrant shall be sealed by the government entity obtaining the information and shall not be subject to further review, use, or disclosure except pursuant to a court order or to comply with discovery as required by Sections 1054.1 and 1054.7. A court shall issue such an order upon a finding that there is probable cause to believe that the information is relevant to an active investigation, or review, use, or disclosure is required by state or federal law. As used in this paragraph, “sealed” means protected by means sufficient to prevent access by physical or electronic means.

(3)The warrant shall comply with all other provisions of California and federal law, including any provisions prohibiting, limiting, or imposing additional requirements on the use of search warrants. If directed to a service provider, the warrant shall be accompanied by an order requiring the service provider to verify the authenticity of electronic information that it produces by providing an affidavit that complies with the requirements set forth in Section 1561 of the Evidence Code. Admission of that information into evidence shall be subject to Section 1562 of the Evidence Code.

(e)When issuing any warrant or order for electronic information, or upon the petition from the target or recipient of the warrant or order, a court may, at its discretion, do either or both of the following:

(1)Appoint a special master, as described in subdivision (d) of Section 1524, charged with ensuring that only information necessary to achieve the objective of the warrant or order is produced or accessed.

(2)Require that any information obtained through the execution of the warrant or order that is unrelated to the objective of the warrant be destroyed as soon as feasible after the termination of the current investigation and any related investigations or proceedings, including appellate proceedings.

(f)A service provider may voluntarily disclose electronic communication information or subscriber information when that disclosure is not otherwise prohibited by state or federal law.

(g)If a government entity receives electronic communication information voluntarily provided pursuant to subdivision (f), it shall destroy that information within 90 days unless one or more of the following circumstances apply:

(1)The government entity has or obtains the specific consent of the sender or recipient of the electronic communications about which information was disclosed.

(2)The government entity obtains a court order authorizing the retention of the information. A court shall issue a retention order upon a finding that the conditions justifying the initial voluntary disclosure persist, in which case the court shall authorize the retention of the information only for so long as those conditions persist, or there is probable cause to believe that the information constitutes evidence that a crime has been committed.

(3)The government entity reasonably believes that the information relates to child pornography and the information is retained as part of a multiagency database used in the investigation of child pornography and related crimes.

(4)The service provider or subscriber is, or discloses the information to, a federal, state, or local prison, jail, or juvenile detention facility, and all participants to the electronic communication were informed, prior to the communication, that the service provider may disclose the information to the government entity.

(h)If a government entity obtains electronic information pursuant to an emergency involving danger of death or serious physical injury to a person, that requires access to the electronic information without delay, the government entity shall, within three court days after obtaining the electronic information, file with the appropriate court an application for a warrant or order authorizing obtaining the electronic information or a motion seeking approval of the emergency disclosures that shall set forth the facts giving rise to the emergency, and if applicable, a request supported by a sworn affidavit for an order delaying notification under paragraph (1) of subdivision (b) of Section 1546.2. The court shall promptly rule on the application or motion and shall order the immediate destruction of all information obtained, and immediate notification pursuant to subdivision (a) of Section 1546.2 if that notice has not already been given, upon a finding that the facts did not give rise to an emergency or upon rejecting the warrant or order application on any other ground. This subdivision does not apply if the government entity obtains information concerning the location or the telephone number of the electronic device in order to respond to an emergency 911 call from that device.

(i)This section does not limit the authority of a government entity to use an administrative, grand jury, trial, or civil discovery subpoena to do any of the following:

(1)Require an originator, addressee, or intended recipient of an electronic communication to disclose any electronic communication information associated with that communication.

(2)Require an entity that provides electronic communications services to its officers, directors, employees, or agents for the purpose of carrying out their duties, to disclose electronic communication information associated with an electronic communication to or from an officer, director, employee, or agent of the entity.

(3)Require a service provider to provide subscriber information.

(j)This section does not limit the authority of the Public Utilities Commission or the State Energy Resources Conservation and Development Commission to obtain energy or water supply and consumption information pursuant to the powers granted to them under the Public Utilities Code or the Public Resources Code and other applicable state laws.

(k)This chapter shall not be construed to alter the authority of a government entity that owns an electronic device to compel an employee who is authorized to possess the device to return the device to the government entity’s possession.