Information Practices Act of 1977.
- Expands California's privacy law to cover local government agencies previously exempt from data protection rules.
- Requires agencies to notify residents promptly when their personal data is breached or compromised.
- Makes both intentional and negligent privacy violations by government employees grounds for termination.
- Criminalizes unauthorized disclosure of medical records regardless of whether harm occurred.
Assembly Member Ward's comprehensive overhaul of California's Information Practices Act extends privacy requirements to local agencies while strengthening data protection standards across government entities. The legislation removes existing exemptions for counties, cities, school districts, and other local public agencies, subjecting them to the same personal information handling requirements as state agencies.
The bill establishes more rigorous protocols for data management and disclosure. Agencies must maintain detailed records of information sources, implement specific notification requirements for data collection, and follow strict guidelines for sharing personal information. The legislation also mandates that agencies establish rules of conduct for personnel handling personal information, aligned with state administrative manuals, and restricts data usage to originally stated purposes unless otherwise required by law.
New provisions enhance breach notification requirements, requiring agencies to promptly inform affected individuals when unencrypted personal information is compromised. The bill outlines specific content and format requirements for these notifications, including mandatory reporting to the Attorney General for breaches affecting more than 500 California residents. Personal information covered under these provisions encompasses various data types, from social security numbers to biometric data and genetic information.
The legislation strengthens enforcement mechanisms by making both intentional and negligent violations of the Act grounds for employee discipline. It also modifies criminal penalties for unauthorized disclosure of medical, psychiatric, or psychological information, removing the requirement that such disclosure must result in economic loss or personal injury to constitute a misdemeanor. These changes create a more comprehensive framework for protecting personal information while maintaining necessary access for legitimate governmental purposes.
This bill was recently introduced. Email the authors to let them know what you think about it.
Introduced By
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 12 | 0 | 3 | 15 | PASS |
 Jacqui IrwinD Assembly Member | Committee Member |  Not Contacted | |
 Rebecca Bauer-KahanD Assembly Member | Committee Member | Not Contacted | |
 Cottie Petrie-NorrisD Assembly Member | Committee Member | Not Contacted | |
 Buffy WicksD Assembly Member | Committee Member | Not Contacted | |
 Chris WardD Assembly Member | Bill Author | Not Contacted |
- Expands California's privacy law to cover local government agencies previously exempt from data protection rules.
- Requires agencies to notify residents promptly when their personal data is breached or compromised.
- Makes both intentional and negligent privacy violations by government employees grounds for termination.
- Criminalizes unauthorized disclosure of medical records regardless of whether harm occurred.
This bill was recently introduced. Email the authors to let them know what you think about it.
Introduced By
Assembly Member Ward's comprehensive overhaul of California's Information Practices Act extends privacy requirements to local agencies while strengthening data protection standards across government entities. The legislation removes existing exemptions for counties, cities, school districts, and other local public agencies, subjecting them to the same personal information handling requirements as state agencies.
The bill establishes more rigorous protocols for data management and disclosure. Agencies must maintain detailed records of information sources, implement specific notification requirements for data collection, and follow strict guidelines for sharing personal information. The legislation also mandates that agencies establish rules of conduct for personnel handling personal information, aligned with state administrative manuals, and restricts data usage to originally stated purposes unless otherwise required by law.
New provisions enhance breach notification requirements, requiring agencies to promptly inform affected individuals when unencrypted personal information is compromised. The bill outlines specific content and format requirements for these notifications, including mandatory reporting to the Attorney General for breaches affecting more than 500 California residents. Personal information covered under these provisions encompasses various data types, from social security numbers to biometric data and genetic information.
The legislation strengthens enforcement mechanisms by making both intentional and negligent violations of the Act grounds for employee discipline. It also modifies criminal penalties for unauthorized disclosure of medical, psychiatric, or psychological information, removing the requirement that such disclosure must result in economic loss or personal injury to constitute a misdemeanor. These changes create a more comprehensive framework for protecting personal information while maintaining necessary access for legitimate governmental purposes.
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 12 | 0 | 3 | 15 | PASS |
Jacqui IrwinD Assembly Member | Committee Member | Not Contacted | |
Rebecca Bauer-KahanD Assembly Member | Committee Member | Not Contacted | |
Cottie Petrie-NorrisD Assembly Member | Committee Member | Not Contacted | |
Buffy WicksD Assembly Member | Committee Member | Not Contacted | |
Chris WardD Assembly Member | Bill Author | Not Contacted |