Connected devices: device protection requests.

Senator Ashby’s proposal centers a new framework for device protections that enables a survivor or a designated representative to petition an account manager to terminate or disable a perpetrator’s access to a connected device or related user account, with a clearly defined operational timeline and enforcement options. The approach also expands protective orders by incorporating internet-connected devices into the domestic violence context, ensuring device-enabled conduct can be treated within the broader safety regime.

Key provisions establish a regulatory structure for “device protection requests.” An account manager is defined as the entity that provides an internet-based or app-based user account or a manager acting on its behalf. A “connected device” is any internet-connected device that can be accessed or controlled remotely, with exclusions for peripheral components dependent on a primary device or devices older than ten years or no longer supported by the account manager. A “covered act” includes specified crimes or domestic violence-related offenses, with cross-reference to related family and penal code sections. The request must verify a covered act via a signed affidavit from a qualified provider or official records such as police reports or protective orders, confirm exclusive possession of the device, identify the device(s), and name the person whose access is to be denied. Submissions must be accepted through secure remote channels, and the process description, required documentation, and remedies must be published on the account manager’s website and mobile app. Within two business days of receiving a complete request, the account manager must either terminate or disable the perpetrator’s access or provide claro, conspicuous instructions to reset the device to a state that removes all account holders, with the reset accessible by physical proximity and not requiring the survivor to possess a credential.

Enforcement and remedies are defined to operate alongside existing laws. Civil actions may be brought by an injured party or by the state through the Attorney General, district attorneys, or city prosecutors, with courts empowered to issue injunctions and impose civil penalties up to a specified per-device amount. Penalties and other relief are allocated according to who brings the action, and prevailing plaintiffs may recover costs and attorney’s fees. The act also requires confidential handling of information submitted by survivors, disposing of such material within 90 days unless longer retention is needed to verify compliance, and prohibits disclosing data or notifying the perpetrator about termination. The chapter is severable, with explicit exemptions for entities subject to the federal Safe Connections Act and for those governed by certain vehicle-related provisions, and it clarifies that remedies are cumulative with other laws.

The bill’s amendments to the Family Code extend protective orders by recognizing internet-connected devices as a medium for coercive conduct, clarifying how device-enabled behavior fits within the scope of “disturbing the peace” and related protective orders, while preserving the availability of other remedies under the law. It also affirms that no reimbursement is required of local agencies for costs arising from these changes, consistent with the act’s broader fiscal posture. In sum, the measure creates a targeted mechanism to address technology-enabled abuse within domestic violence protections, outlining the process, verification standards, confidentiality safeguards, and civil enforcement tools available to survivors, while delineating the regulatory boundaries and interactions with existing federal and vehicle-related frameworks.