On the last day of its legislative session Sept. 12, the California Senate gave final approval to two state privacy bills that, thanks to amendments, will have minimal effect on most direct marketers.
The first was S.B. 27, which was amended and passed Sept. 8 in the Assembly by a 75-2 vote. The bill, dubbed “Shine the Light” and introduced late last year, had passed the state Senate 26-13 on May 29. It was working its way through the Assembly since June and had been defeated 38-12 on Aug. 21, though 30 members did not vote.
As introduced by state Sen. Liz Figueroa, the bill would have required companies to keep records of all customer data that is shared with third parties offline or online for direct marketing purposes. It also would have required companies to provide a consumer with all the data that was shared and the names of the third-party data users within 30 days of a request by the consumer. It would affect any company doing business in California.
Under the amended bill, if a business has a privacy policy that gives consumers a choice not to have their personal information disclosed to third parties for marketing purposes, then it does not need to provide the consumer with the details of what data has been shared and with whom. In that case, it must notify the consumer of his ability to opt out for free.
The Senate approved the bill 26-11. If signed by Gov. Gray Davis, it would take effect Jan. 1, 2005.
The other privacy bill that passed Friday was S.B. 590, from state Sen. Jackie Speier. It would prohibit marketers from requiring customers to provide personal information irrelevant to the completion of a transaction. It also would require that businesses sharing customer data with third parties give consumers notice and the choice to opt out.
The bill was introduced Feb. 20 and passed in the Senate on May 12. Before an amendment was added in the Assembly, the bill prohibited all sharing of consumer data except for the completion of transactions.
The California Senate passed the amended bill 25-12 and sent it to Davis.
It is unclear what the governor’s position is on either amended bill.
The good news for most direct marketers is that based on the contents of the Direct Marketing Association’s Privacy Promise, which took effect July 1, 1999, all member companies should already be in compliance with S.B. 27 and S.B. 590. Under the Privacy Promise, DMA members must:
* Provide customers with annual notice of their ability to opt out of information exchanges.
* Honor customer opt-out requests not to have their contact information transferred to others for marketing purposes.
* Accept and maintain consumer requests to be on an in-house suppress file to stop receiving solicitations from your company.
* Use the DMA Preference Service suppression files for mail, telephone and e-mail lists.
If a DMA member does not follow the Privacy Promise, it faces censure, suspension or expulsion.
The Senate also passed S.B. 186, an anti-spam bill that bans the sending of unsolicited bulk commercial e-mail. Existing law prohibits individuals or businesses doing business in the state from sending unsolicited commercial e-mail unless they offer an opt-out mechanism. Existing law also requires certain unsolicited e-mail ads to contain a heading of “ADV:” or “ADV:ADLT.”
S.B. 186 would prohibit a person or entity located in or out of California from sending any unsolicited commercial e-mail ads. It also would ban the collection of e-mail addresses or registering multiple e-mail addresses for the purpose of sending unsolicited commercial e-mails to a California e-mail address.
This bill would set penalties of $1,000 per transmitted message up to $1 million per incident, as defined.
The bill passed the Senate 29-8. It passed the Assembly Sept. 8 by a 71-7 vote.
