The following is a reprint of the full text of the bill filed by Senator Barbara Bowen in the California Legislature on February 20, 2004.
An act to add Chapter 22.7 (commencing with Section 22650) to Division 8 of the Business and Professions Code, relating to business.
LEGISLATIVE COUNSEL’S DIGEST
SB 1834, as introduced, Bowen. Radio frequency identification systems.
Existing law imposes special business regulations on various businesses. Existing law defines the term “unfair competition” and provides for the assessment of civil penalties for acts of unfair competition that may be recovered in an action brought by a governmental entity or by a person acting for the interests of itself, its members, or the general public.
This bill would require a person or entity that uses radio frequency identification (RFID) systems to comply with certain conditions, including obtaining an individual?s written consent before attaching or storing personally identifiable information with data collected via an RFID tag or before any personally identifiable information collected via an RFID system is shared with a third party. The bill would make a violation of the bill an act of unfair competition that is subject to specified enforcement provisions, including actions brought by the Attorney General or a district attorney or city attorney.
Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. Chapter 22.7 (commencing with Section 22650) is added to Division 8 of the Business and Professions Code, to read:
CHAPTER 22.7. RADIO FREQUENCY IDENTIFICATION
A person or entity that uses a radio frequency identification (RFID) system that can be used to gather information about an individual shall obtain written consent from an individual before any personally identifiable information of the individual, including name, address, telephone number, or credit card number, is attached to or stored with data collected via the RFID system.
A person or entity shall obtain separate written consent from an individual before any personally identifiable information about the individual collected by an RFID system is shared with a third party.
An individual shall have the right to access his or her personally identifiable information collected through an RFID system and the opportunity to make corrections to that information.
A person or entity shall take reasonable measures to ensure that any individual data collected via an RFID system is transmitted and stored in a secure manner, and that access to the data is limited to those individuals needed to operate and maintain the RFID system.
If a retail store uses an RFID system on a consumer product, the RFID tag shall be detached or destroyed before a consumer leaves the store.
Collecting information through an RFID system that is aggregate in nature and that does not personally identify an individual is not a violation of this chapter.
A violation of this chapter is an act of unfair competition under Chapter 5 (commencing with Section 17200) of Division 7 and subject to the enforcement provisions of that chapter.