Biometrics Advocacy Report
Volume II • Number 20 • Friday, December 1, 2000
In Cutting-Edge California,
Thanks in Part to Advice and Counsel from IBIA, the Governor Signs Six Privacy Protection Bills into Law that Pose Little or No Threat to Biometrics and Largely Comport with IBIA’s Privacy Principles
For decades, California has been the national pacesetter in enacting legislation that addresses new-found public issues. What California decides to legislate is a reliable leading indicator of what the other 49 states and Congress itself will legislate. In the recent past, California legislators of both parties have proposed tough restrictions on biometric technologies in the name of protecting privacy. Working through allies, particularly in the banking and retail industries, IBIA has urged sense and moderation upon Sacramento by making the case that biometrics, by their nature, protect rather than erode privacy and are powerful means to stop identity theft. The result is that misguided proposals to ban or marginalize biometrics now appear less frequently on the legislative radar screen in Sacramento. Instead, California has recently chosen to enact new laws that address privacy protection and identity theft in systemic and, on the whole, desirable ways. Specifically, on October 30, Governor Gray Davis signed into law the following six bills.
"Personal Information: Collection and Disclosure." Sponsored originally by Senator Steve Peace (D., El Cajon), this law creates no new rules to protect privacy but rather establishes an agency to inform citizens about options they may choose under current law to secure personal privacy. It creates a statewide Office of Privacy Protection in the California Department of Consumer Affairs. The Office is meant to be a central clearinghouse where consumers can file complaints alleging violation of their privacy, and secure information and advice about means to resolve disputes about invasion of their privacy.
"Customer Records: Personal Information Disposal." Sponsored originally by Assemblyman Howard Wayne (D., San Diego), this measure requires business enterprises to regularly weed out and destroy customer records containing personal information by shredding them, erasing them, or making them unreadable. The law defines personal information as "any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information." This definition does not specify biometric data as "personal information," but IBIA will monitor implementation of the law to make sure California clearly distinguishes between personal information and biometric templates, which cannot be reverse-engineered to disclose personal information. The law authorizes consumers to file lawsuits for civil damages against businesses that fail to comply with the statute.
"Credit Cards: Marketing Information." Sponsored originally by Assemblyman Mike Machado (D., Linden), this measure requires credit card companies to give consumers an opportunity each year to "opt out" of having personal information disclosed to third parties for marketing purposes. To comply, credit card issuers must offer consumers two ways to "say no" to disclosure. To opt out, consumers may either complete and mail in a preprinted form or make a toll-free phone call. The law defines marketing information as "the categorization of cardholders compiled by a credit card issuer, based on a cardholder's shopping patterns, spending history, or behavioral characteristics derived from account activity which is provided to a marketer of goods for consideration." The law specifically says that marketing information does not include "fraud prevention," a distinction that, properly interpreted, would certainly include biometric technologies. The law appears to be in concert with IBIA’s Privacy Principles, which are posted on this website.
"Consumer Credit." Sponsored originally by Senator Byron Sher (D., Palo Alto), this statute prohibits consumer credit reporting agencies from including medical information (provided for insurance purposes) in a consumer credit report. The law appears to have no direct impact on the biometric industry.
"Identity Theft: Remedies." Sponsored originally by Assemblywoman Susan Davis (D., San Diego), this law is intended to give victims of identity theft the means to seek immediate help from state courts in order to clear their names, expunge liability, and restore their identities. IBIA believes this measure is desirable.
"Identity Theft: Database." Sponsored originally by Assemblyman Tom Torlakson (D, Antioch), this law authorizes a means for victims of identity theft, assisted by law enforcement officials, to access a statewide database that documents crimes of identity theft. IBIA likewise believes this measure to be desirable.
All things considered, effective advocacy in Sacramento clearly has served the biometric industry well thus far. IBIA will remain alert in future to any threat of wrongheaded regulation of biometrics in the seminal state of California.
ibia.org
steve |
