E-Privacy Measures Head to California Senate

California State Senator Debra Bowen aims to protect consumers’ privacy with two measures headed for the Senate floor.

Two privacy measures authored by Bowen (D-Redondo Beach) passed the Senate Appropriations Committee on Thursday and could be voted on by the full Senate next week.

One measure, SB 1841, would apply the same privacy protections Californians already have when using their office telephones to e-mail and other electronic communications.

SB 1841 requires employers to give employees a one-time written notice if they plan to read e-mail, track Internet use or use other electronic devices to monitor employees on or off the job. The bill requires employers to explain what will be monitored, such as employee e-mail content or location based on a GPS-chipped cell phone or car. It doesn’t require employers to tell employees each time they’re about to read an e-mail or check an employee’s whereabouts.

“Just because your boss owns the computers and pays for the Internet access
doesn’t mean he should have the right to spy on you without telling you, any
more than owning the telephone and paying the phone bill allows him to
monitor or record your personal phone conversations without letting you
know,” Bowen said in a statement. “This doesn’t prevent a company from
monitoring its employees or from firing people who misuse company equipment.
It just says if you monitor workers, at least tell them about it.”

California law sets rules about how employers can
monitor their employee’s telephone use at work, but it doesn’t cover
computer use. Bowen cited surveys showing that more than half of U.S. companies engage in some form of e-mail monitoring. “More and more businesses are buying cheap, off-the-shelf spyware to track their employees’ every click and keystroke,” her statement said.

Bowen authored three similar e-mail privacy bills in 1999, 2000, and 2001. All were vetoed. Bowen is a fierce advocate for privacy. She authored another bill setting standards for collecting information via RFID and called the CAN-SPAM act a “turkey.”

SB 1279, the other bill clearing committee on Thursday, aims to close a loophole in the state’s security breach laws. It was inspired in part by two different incidents in January 2004.

In one, Bank of America inadvertently mailed 3,800 tax forms containing people’s financial information and their Social Security numbers to the wrong recipients. In the second case, hackers broke into the computer system of the California Employment Development Department. The system held the personal information of about 90,000 people, although it was not known whether any personal information was taken.

Current law requires companies and government agencies whose computer systems are hacked into to inform people that their personal information might have been stolen. But the law is silent in cases where sensitive personal information printed on paper gets into the wrong hands, as happened with Bank of America’s mailing error. SB 1279 expands current law to require government agencies and businesses to notify people any time their personal information is exposed.

Companies don’t have to say word one if they intentionally or inadvertently hand out your information to a perfect stranger, according to Bowen’s statement. “That’s a loophole that needs to be closed.”