Bill Text

PDF |Add To My Favorites |Track Bill | print page

SB-1194 Privacy: lodging and common carriers.(2017-2018)

SHARE THIS:share this bill in Facebookshare this bill in Twitter
Date Published: 09/27/2018 09:00 PM
SB1194:v91#DOCUMENT

Senate Bill No. 1194
CHAPTER 853

An act to add Section 53.5 to the Civil Code, relating to privacy.

[ Approved by Governor  September 27, 2018. Filed with Secretary of State  September 27, 2018. ]

LEGISLATIVE COUNSEL'S DIGEST


SB 1194, Lara. Privacy: lodging and common carriers.
Existing law requires a business to take all reasonable steps to dispose of customer records within its custody or control containing personal information, including information that identifies a particular individual, such as his or her name, address, physical characteristics, or description, when the records are no longer to be retained by the business.
Existing law also prohibits a public or private employer from providing voluntary consent to an immigration enforcement agent to access, review, or obtain the employer’s employee records without a subpoena or judicial warrant.
This bill would, except as specified, prohibit specified entities that offer lodging, or any employee or agent thereof, from disclosing, producing, providing, releasing, transferring, disseminating, or otherwise communicating all or any part of a guest record, as defined, orally, in writing, or by electronic or any other means to a 3rd party, other than a California peace officer, without a court-issued subpoena, warrant, or order, as specified. The bill would also similarly prohibit an owner or operator of a private or charter bus transportation company, or any employee or agent thereof, from disclosing, producing, providing, releasing, transferring, disseminating, or otherwise communicating all or any part of a passenger manifest, as defined, orally, in writing, or by electronic or any other means to a 3rd party, other than a California peace officer, without a court-issued subpoena, warrant, or order, as specified.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: NO   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 The Legislature finds and declares all of the following:
(a) In 1972, California voters amended the California Constitution to include the right of privacy among the “inalienable” rights of all people. The amendment established a legal and enforceable right of privacy for every Californian. Fundamental to this right of privacy is the ability of individuals to control the use of their personal information.
(b) Since California voters approved the right of privacy, the California Legislature has adopted specific mechanisms to safeguard consumer privacy, including the California Consumer Privacy Act of 2018, the Online Privacy Protection Act, the Reader Privacy Act, the Privacy Rights for California Minors in the Digital World Act, and Shine the Light, a California law intended to give Californians the ‘who, what, where, and when’ of how businesses handle consumers’ personal information.
(c) Californians frequently have to disclose their sensitive personal information to third parties in order to accomplish routine activities: apply for a job; apply for housing; raise a child; drive a car or take transportation; or stay at a hotel or motel.
(d) California law has not kept pace with these developments and the personal privacy implications surrounding the collection, use, and protection of personal information by third parties.
(e) Many businesses collect personal information from California consumers. They may know where a consumer lives, how many children a consumer has, where a consumer lives and works, where a consumer travels and where they stay on their trip, how fast a consumer drives, a consumer’s personality, sleep habits, biometric and health information, financial information, precise geolocation information, and social networks, to name a few categories.
(f) The unauthorized disclosure of personal information and the loss of privacy can have devastating effects for individuals, including financial fraud, identity theft, unnecessary costs to personal time and finances, destruction of property, harassment, reputational damage, emotional stress, and even potential physical harm.
(g) When Californians leave their homes to travel via bus or stay at lodging establotelkeeper, motelkeeper, lodginghouse keeper, or owner or operator of an inn, hotel, motel, lodginghouse, or other similar accommodations, or any employee or agent thereof, who offers or accepts payment for rooms, sleeping accommodations, or board and lodging, or other similar accommodation, shall not disclose, produce, provide, release, transfer, disseminate, or otherwise communicate, except to a California peace officer, all or any part of a guest record orally, in writing, or by electronic or any other means to a third party without a court-issued subpoena, warrant, or order.
(b) Notwithstanding any other law, except as specified in this section, an owner or operator of a private or charter bus transportation company, or any employee or agent thereof, shall not disclose, produce, provide, release, transfer, disseminate, or otherwise communicate, except to a California peace officer, all or any part of a passenger manifest record orally, in writing, or by electronic or any other means to a third party without a court-issued subpoena, warrant, or order.
(c) “Guest record” for purposes of this section includes any record that identifies an individual guest, boarder, occupant, lodger, customer, or invitee, including, but not limited to, his or her name, social security number or other unique identifying number, date of birth, location of birth, address, telephone number, driver’s license number, other official form of identification, credit card number, or automobile license plate number.
(d) “Passenger manifest record” for purposes of this section includes any record that identifies an individual guest, passenger, customer, or invitee, including, but not limited to, his or her name, social security number or other unique identifying number, date of birth, location of birth, address, telephone number, driver’s license number, other official form of identification, credit card number, or automobile license plate number.
(e) “Court issued subpoena, warrant, or order” for purposes of this section is limited to subpoenas, warrants, or orders issued by a judicial officer. An administrative subpoena, warrant, or order is not sufficient for purposes of this section.
(f) “Third-party service provider,” for the purposes of this section, means an entity contracted to provide services outlined in the contract that has no independent right to use or share the data beyond the terms of the contract. Records shared with a third-party service provider shall be subject to limitations on further disclosure as described in subdivisions (a) and (b), except as otherwise permitted by this section.
(g) This section shall not be construed to prevent a government entity from requiring a private business to provide business records during an audit or inspection if those records omit the personal information described in subdivisions (c) and (d).
(h) This section shall not be construed to prevent a private business from providing business records containing a guest’s or passenger’s name, address, credit card number, or driver’s license number to a third-party service provider, if required, for the sole purpose of effectuating financial payment, including, approving or processing negotiable instruments, electronic fund transfers, or similar methods of payment, from a guest or passenger to the private business for a good or service, or from providing business records to a third-party service provider that the private business contracts with for business-related services.
(i) This section shall not be construed to prevent a private business from providing, where required, business records to a government entity in order to comply with state and federal laws regarding financial oversight and privacy, including, but not limited to, the federal Gramm-Leach-Bliley Act (12 U.S.C. Sec. 6801). Records shared with a government entity or in compliance with the federal Gramm-Leach-Bliley Act shall be subject to the limitations on further disclosure as described in subdivisions (a) and (b), except as otherwise permitted by this section.
(j) This section shall not be construed to prevent a private business from disclosing records in a criminal investigation if a law enforcement officer in good faith believes that an emergency involving imminent danger of death or serious bodily injury to a person requires a warrantless search, to the extent permitted by law.
(k) This section shall not be construed to compel disclosure of a guest record or passenger manifest record by an inkeeper, motelkeeper, lodginghouse keeper, or owner or operator of an inn, hotel, motel, lodginghouse, or other similar accommodation, or an owner or operator of a private or charter bus transportation company, in the absence of a court-issued subpoena, warrant, or order.