Information Practices Act of 1977.
- Expands California's Information Practices Act to cover local government agencies and strengthen privacy protections.
- Broadens the definition of personal information to include biometric, genetic, and neural data.
- Requires agencies to notify residents when their unencrypted personal data is breached.
- Makes both intentional and negligent privacy violations by agency employees grounds for termination.
Assembly Member Ward's privacy legislation expands California's Information Practices Act to encompass local government agencies and broadens protections for personal data. The bill removes existing exemptions for counties, cities, school districts and other local public agencies, requiring them to follow the same data privacy standards as state entities.
The legislation updates the definition of personal information to include modern data types like neural data, precise geolocation information, biometric identifiers, and genetic information. Agencies must limit their use of personal information to originally stated purposes unless otherwise required by law. The bill also mandates that agencies establish data handling protocols aligned with state information security standards.
Under the amended provisions, both intentional and negligent privacy violations by agency employees constitute grounds for discipline, including potential termination. The bill eliminates the requirement that unauthorized disclosures of medical, psychiatric or psychological information must result in economic loss or personal injury to be punishable as misdemeanors. Agencies must notify California residents of data breaches "in the most expedient time possible," with specific requirements for notices affecting more than 500 individuals.
The measure requires agencies to maintain detailed records of information sources and data disclosures, while establishing strict conditions under which personal information can be shared. District attorneys may petition courts to compel disclosure of information when agencies fail to respond to requests within 10 working days. The legislation includes provisions for reimbursing local agencies for state-mandated costs as determined by the Commission on State Mandates.
 Joaquin ArambulaD Assemblymember | Committee Member |  Not Contacted | |
 Buffy WicksD Assemblymember | Committee Member | Not Contacted | |
 Chris WardD Assemblymember | Bill Author | Not Contacted | |
 Lisa CalderonD Assemblymember | Committee Member | Not Contacted | |
 Mike FongD Assemblymember | Committee Member | Not Contacted |
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 12 | 0 | 3 | 15 | PASS |
- Expands California's Information Practices Act to cover local government agencies and strengthen privacy protections.
- Broadens the definition of personal information to include biometric, genetic, and neural data.
- Requires agencies to notify residents when their unencrypted personal data is breached.
- Makes both intentional and negligent privacy violations by agency employees grounds for termination.
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Assembly Member Ward's privacy legislation expands California's Information Practices Act to encompass local government agencies and broadens protections for personal data. The bill removes existing exemptions for counties, cities, school districts and other local public agencies, requiring them to follow the same data privacy standards as state entities.
The legislation updates the definition of personal information to include modern data types like neural data, precise geolocation information, biometric identifiers, and genetic information. Agencies must limit their use of personal information to originally stated purposes unless otherwise required by law. The bill also mandates that agencies establish data handling protocols aligned with state information security standards.
Under the amended provisions, both intentional and negligent privacy violations by agency employees constitute grounds for discipline, including potential termination. The bill eliminates the requirement that unauthorized disclosures of medical, psychiatric or psychological information must result in economic loss or personal injury to be punishable as misdemeanors. Agencies must notify California residents of data breaches "in the most expedient time possible," with specific requirements for notices affecting more than 500 individuals.
The measure requires agencies to maintain detailed records of information sources and data disclosures, while establishing strict conditions under which personal information can be shared. District attorneys may petition courts to compel disclosure of information when agencies fail to respond to requests within 10 working days. The legislation includes provisions for reimbursing local agencies for state-mandated costs as determined by the Commission on State Mandates.
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 12 | 0 | 3 | 15 | PASS |
Joaquin ArambulaD Assemblymember | Committee Member | Not Contacted | |
Buffy WicksD Assemblymember | Committee Member | Not Contacted | |
Chris WardD Assemblymember | Bill Author | Not Contacted | |
Lisa CalderonD Assemblymember | Committee Member | Not Contacted | |
Mike FongD Assemblymember | Committee Member | Not Contacted |