Bill Text

Bill Information


Bill PDF |Add To My Favorites | print page

SB-1172 Student Test Taker Privacy Protection Act.(2021-2022)

SHARE THIS: share this bill in Facebook share this bill in Twitter
Date Published: 09/29/2022 02:00 PM
SB1172:v95#DOCUMENT

Senate Bill No. 1172
CHAPTER 720

An act to add Chapter 22.2.7 (commencing with Section 22588) to Division 8 of the Business and Professions Code, relating to privacy.

[ Approved by Governor  September 28, 2022. Filed with Secretary of State  September 28, 2022. ]

LEGISLATIVE COUNSEL'S DIGEST


SB 1172, Pan. Student Test Taker Privacy Protection Act.
Existing law, the California Consumer Privacy Act of 2018 (CCPA), imposes various obligations on businesses with respect to personal information, as defined. The California Privacy Rights Act of 2020, approved by the voters as Proposition 24 at the November 3, 2020, statewide general election, amended, added to, and reenacted the CCPA.
The CCPA requires a business to inform consumers of the categories of personal information to be collected and the purposes for which the categories of personal information are collected or used and whether that information is sold or shared. Existing law, the Student Online Personal Information Protection Act, prohibits an operator, as defined, from, among other things, disclosing a K–12 student’s personal information, except as specified.
This bill would prohibit a business providing proctoring services in an educational setting from collecting, retaining, using, or disclosing personal information except to the extent necessary to provide those proctoring services and in other specified circumstances.
The California Privacy Rights Act of 2020 authorizes the Legislature to amend the act to further the purposes and intent of the act by a majority vote of both houses of the Legislature, as specified.
This bill would declare that its provisions further the purposes and intent of the California Privacy Rights Act of 2020.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: NO   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 Chapter 22.2.7 (commencing with Section 22588) is added to Division 8 of the Business and Professions Code, to read:
CHAPTER  22.2.7. Student Test Taker Privacy Protection Act

22588.
 (a) Notwithstanding Section 22584 of the Business and Professions Code, a business providing proctoring services in an educational setting shall collect, use, retain, and disclose only the personal information strictly necessary to provide those services.
(b) This section shall not prohibit a business from collecting, using, retaining, or disclosing personal information if doing so is necessary for any of the following:
(1) To comply with federal, state, or local law.
(2) To comply with a court order or subpoena.
(3) To comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by a federal, state, or local agency authorized by law to conduct that inquiry or investigation, or authorized to serve a subpoena or summons, as applicable.
(A) A law enforcement agency may direct a business, pursuant to a law enforcement agency-approved investigation with an active case number, not to delete a consumer’s personal information, and, upon receipt of that direction, a business shall not delete the personal information for 90 days, in order to allow the law enforcement agency to obtain a court order or subpoena to obtain the consumer’s personal information.
(B) A business that has received direction from a law enforcement agency not to delete a consumer’s personal information that otherwise would not be permissible to retain or disclose pursuant to this section shall not use or disclose the consumer’s personal information for any purpose except in response to a court order or subpoena.
(4) To cooperate with a law enforcement agency concerning conduct or activity that the business reasonably and in good faith believes to violate federal, state, or local law.
(5) To cooperate with a government agency request for emergency access to a consumer’s personal information if a natural person is at imminent risk of death or serious physical injury, provided that all of the following are met:
(A) The request is approved by a high-ranking agency officer for emergency access to a consumer’s personal information.
(B) The request is based on the agency’s good faith determination that it has a lawful basis to access the information on a nonemergency basis.
(C) The agency agrees to petition a court for an appropriate order within three days and to destroy the information if that order is not granted.
(6) To exercise or defend a legal claim.
(c) For purposes of this section, “personal information” has the same meaning as in Section 1798.140 of the Civil Code.
(d) For purposes of this section, “proctoring services” includes, but is not limited to, services offered by a business to observe, monitor, or administer an exam.

SEC. 2.

 The Legislature finds and declares that the chapter added to the Business and Professions Code by this act furthers the purpose and intent of the California Privacy Rights Act of 2020, enacted by Proposition 24 at the November 3, 2020, statewide election, within the meaning of Section 25 of Proposition 24.