CALIFORNIA LEGISLATURE 20212022 REGULAR SESSION Assembly Bill No. 1391Introduced by Assembly Member ChauFebruary 19, 2021 An act to add Section 1724 to the Civil Code, relating to privacy. LEGISLATIVE COUNSEL'S DIGESTAB 1391, as introduced, Chau. Compromised data.Existing law, the California Consumer Privacy Act of 2018, authorizes a consumer whose nonencrypted and nonredacted personal information, as defined, is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of a business violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information may institute a civil action, as specified.This bill would make it unlawful for a person to sell, purchase, or utilize data, as defined, that the person knows or reasonably should know is compromised data. The bill would define the term compromised data to mean data that has been obtained or accessed pursuant to the commission of a crime.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: NO Local Program: NO Bill TextThe people of the State of California do enact as follows:SECTION 1. Section 1724 is added to the Civil Code, to read:1724. (a) As used in this section, compromised data means data, as defined in Section 502 of the Penal Code, that has been obtained or accessed pursuant to the commission of a crime.(b) It is unlawful for a person to sell, purchase, or utilize data that the person knows or reasonably should know is compromised data.
CALIFORNIA LEGISLATURE 20212022 REGULAR SESSION Assembly Bill No. 1391Introduced by Assembly Member ChauFebruary 19, 2021 An act to add Section 1724 to the Civil Code, relating to privacy. LEGISLATIVE COUNSEL'S DIGESTAB 1391, as introduced, Chau. Compromised data.Existing law, the California Consumer Privacy Act of 2018, authorizes a consumer whose nonencrypted and nonredacted personal information, as defined, is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of a business violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information may institute a civil action, as specified.This bill would make it unlawful for a person to sell, purchase, or utilize data, as defined, that the person knows or reasonably should know is compromised data. The bill would define the term compromised data to mean data that has been obtained or accessed pursuant to the commission of a crime.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: NO Local Program: NO
CALIFORNIA LEGISLATURE 20212022 REGULAR SESSION
Assembly Bill
No. 1391
Introduced by Assembly Member ChauFebruary 19, 2021
Introduced by Assembly Member Chau
February 19, 2021
An act to add Section 1724 to the Civil Code, relating to privacy.
LEGISLATIVE COUNSEL'S DIGEST
## LEGISLATIVE COUNSEL'S DIGEST
AB 1391, as introduced, Chau. Compromised data.
Existing law, the California Consumer Privacy Act of 2018, authorizes a consumer whose nonencrypted and nonredacted personal information, as defined, is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of a business violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information may institute a civil action, as specified.This bill would make it unlawful for a person to sell, purchase, or utilize data, as defined, that the person knows or reasonably should know is compromised data. The bill would define the term compromised data to mean data that has been obtained or accessed pursuant to the commission of a crime.
Existing law, the California Consumer Privacy Act of 2018, authorizes a consumer whose nonencrypted and nonredacted personal information, as defined, is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of a business violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information may institute a civil action, as specified.
This bill would make it unlawful for a person to sell, purchase, or utilize data, as defined, that the person knows or reasonably should know is compromised data. The bill would define the term compromised data to mean data that has been obtained or accessed pursuant to the commission of a crime.
## Digest Key
## Bill Text
The people of the State of California do enact as follows:SECTION 1. Section 1724 is added to the Civil Code, to read:1724. (a) As used in this section, compromised data means data, as defined in Section 502 of the Penal Code, that has been obtained or accessed pursuant to the commission of a crime.(b) It is unlawful for a person to sell, purchase, or utilize data that the person knows or reasonably should know is compromised data.
The people of the State of California do enact as follows:
## The people of the State of California do enact as follows:
SECTION 1. Section 1724 is added to the Civil Code, to read:1724. (a) As used in this section, compromised data means data, as defined in Section 502 of the Penal Code, that has been obtained or accessed pursuant to the commission of a crime.(b) It is unlawful for a person to sell, purchase, or utilize data that the person knows or reasonably should know is compromised data.
SECTION 1. Section 1724 is added to the Civil Code, to read:
### SECTION 1.
1724. (a) As used in this section, compromised data means data, as defined in Section 502 of the Penal Code, that has been obtained or accessed pursuant to the commission of a crime.(b) It is unlawful for a person to sell, purchase, or utilize data that the person knows or reasonably should know is compromised data.
1724. (a) As used in this section, compromised data means data, as defined in Section 502 of the Penal Code, that has been obtained or accessed pursuant to the commission of a crime.(b) It is unlawful for a person to sell, purchase, or utilize data that the person knows or reasonably should know is compromised data.
1724. (a) As used in this section, compromised data means data, as defined in Section 502 of the Penal Code, that has been obtained or accessed pursuant to the commission of a crime.(b) It is unlawful for a person to sell, purchase, or utilize data that the person knows or reasonably should know is compromised data.
1724. (a) As used in this section, compromised data means data, as defined in Section 502 of the Penal Code, that has been obtained or accessed pursuant to the commission of a crime.
(b) It is unlawful for a person to sell, purchase, or utilize data that the person knows or reasonably should know is compromised data.