Information Practices Act of 1977.
- Expands state privacy laws to cover local government agencies and strengthens data protection requirements.
- Broadens the definition of personal information to include biometric, genetic, and neural data.
- Makes both intentional and negligent privacy violations grounds for employee discipline.
- Requires agencies to notify residents when their personal data is breached or compromised.
Assembly Member Ward's comprehensive overhaul of California's Information Practices Act extends privacy protections to local agencies while modernizing the definition of personal information to address contemporary data types. The legislation removes existing exemptions for counties, cities, school districts, and other local public agencies, requiring them to comply with state privacy standards for collecting, maintaining, and disclosing personal information.
The bill expands protected personal information categories to include biometric data, genetic information, precise geolocation data, neural data, and details about gender and sexual orientation. It also strengthens requirements for agencies handling personal data, prohibiting use beyond the original collection purpose unless authorized by state law. New provisions mandate that agencies maintain detailed records of information sources and implement specific security protocols when contractors process personal data.
Under the amended Act, both intentional and negligent violations can result in employee discipline, including termination. The bill removes the requirement that unauthorized disclosure of medical, psychiatric, or psychological information must result in economic loss or personal injury to constitute a misdemeanor offense. For data breaches affecting more than 500 California residents, agencies must notify the Attorney General and follow standardized notification procedures, including using plain language and specific formatting requirements to ensure affected individuals clearly understand the breach's impact and available remedies.
The legislation includes provisions for state reimbursement of certain local agency compliance costs, though expenses related to new criminal provisions or penalty changes are exempt from reimbursement. These changes reflect an effort to balance individual privacy rights with public access to government information while accounting for technological advances in data collection and processing.
 Anna CaballeroD Senator | Committee Member |  Not Contacted | |
 Roger NielloR Senator | Committee Member | Not Contacted | |
 Benjamin AllenD Senator | Committee Member | Not Contacted | |
 Eloise ReyesD Senator | Committee Member | Not Contacted | |
 Scott WienerD Senator | Committee Member | Not Contacted |
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 64 | 0 | 15 | 79 | PASS |
- Expands state privacy laws to cover local government agencies and strengthens data protection requirements.
- Broadens the definition of personal information to include biometric, genetic, and neural data.
- Makes both intentional and negligent privacy violations grounds for employee discipline.
- Requires agencies to notify residents when their personal data is breached or compromised.
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Assembly Member Ward's comprehensive overhaul of California's Information Practices Act extends privacy protections to local agencies while modernizing the definition of personal information to address contemporary data types. The legislation removes existing exemptions for counties, cities, school districts, and other local public agencies, requiring them to comply with state privacy standards for collecting, maintaining, and disclosing personal information.
The bill expands protected personal information categories to include biometric data, genetic information, precise geolocation data, neural data, and details about gender and sexual orientation. It also strengthens requirements for agencies handling personal data, prohibiting use beyond the original collection purpose unless authorized by state law. New provisions mandate that agencies maintain detailed records of information sources and implement specific security protocols when contractors process personal data.
Under the amended Act, both intentional and negligent violations can result in employee discipline, including termination. The bill removes the requirement that unauthorized disclosure of medical, psychiatric, or psychological information must result in economic loss or personal injury to constitute a misdemeanor offense. For data breaches affecting more than 500 California residents, agencies must notify the Attorney General and follow standardized notification procedures, including using plain language and specific formatting requirements to ensure affected individuals clearly understand the breach's impact and available remedies.
The legislation includes provisions for state reimbursement of certain local agency compliance costs, though expenses related to new criminal provisions or penalty changes are exempt from reimbursement. These changes reflect an effort to balance individual privacy rights with public access to government information while accounting for technological advances in data collection and processing.
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 64 | 0 | 15 | 79 | PASS |
Anna CaballeroD Senator | Committee Member | Not Contacted | |
Roger NielloR Senator | Committee Member | Not Contacted | |
Benjamin AllenD Senator | Committee Member | Not Contacted | |
Eloise ReyesD Senator | Committee Member | Not Contacted | |
Scott WienerD Senator | Committee Member | Not Contacted |