TOPSECRET

California Ballot Initiative Would Create Presumption that PII is Confidential and that Unauthorized Disclosure Causes Harm

Published On October 15, 2013 | By Mason Weisz | General, Privacy

TOPSECRETAn effort to significantly alter the privacy landscape in California has taken a step forward.  The California Secretary of State and Attorney General have given the green light to collect signatures for a ballot initiative that would amend the state’s constitution to create a presumption that personally identifiable information (“PII”) collected in a commercial or governmental context is confidential and its unauthorized disclosure causes harm:

SEC 1. Whenever a natural person supplies personally identifying information to a legal person that is engaged in collecting such information for a commercial or governmental purpose, the personally identifying information shall be presumed to be confidential and the legal person collecting such information shall use all reasonably available means to protect it from unauthorized disclosure.

SEC. 2. Harm to a natural person shall be presumed whenever his or her confidential personally identifying information has been disclosed without his or her authorization.

SEC. 3. Confidential personally identifying information may be disclosed without authorization if there is a countervailing compelling interest to do so (such as public safety or protected non-commercial free speech) and there is no reasonable alternative for accomplishing such compelling interest.

The term “personally identifying information” is defined in an extremely broad manner:

“personally identifying information” means any information which can be used to distinguish or trace a natural person’s identity, including but not limited to financial and/or health information, which is linked or linkable to a specific natural person, provided that “personally identifying information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.

If this becomes law, it would remove a significant obstacle to privacy-related lawsuits that are often dismissed for lack of harm (e.g., class action lawsuits by consumers whose personal information was compromised in a data breach).  To place the initiative on a future ballot, its proponents have until February 24, 2014 to collect 807,615 signatures.

Enhanced by Zemanta

About The Author

Mason Weisz

Mason helps clients navigate a constantly shifting web of domestic and international laws regulating data collection, marketing, data sharing, computer crime, data security, electronic surveillance, online content, children’s privacy, financial privacy, information management, and other areas of privacy and Internet law. A former web designer, he has extensive experience with issues relating to digital media, new technology and e-commerce.

Comments