Here are several pieces of recently passed legislation and measures that survived either the truncated session or the Nov. 3 general election and could have an impact for IT companies and the entities that do business with them:
- Gov. Gavin Newsom signed Assembly Bill 904, from Assemblymember Ed Chau, D-Monterey Park, a member of the California Legislative Technology and Innovation Caucus, and it takes effect Jan. 1. It’s an attempt to clarify and modernize the definition of a tracking device and how law enforcement may make use of it. The bill comes after a U.S. Supreme Court ruling that law enforcement’s use of cellphone location information “is an invasion of personal privacy, which requires the granting of a search warrant.” The bill enlarges the definition of a tracking device from an “electronic or mechanical device that permits the tracking of the movement of a person or object” to include “any software that permits the tracking of the movement of a person or object.” Chau has emphasized the importance of California staying ahead as the tech landscape evolves and maintaining “the lead in protecting our residents against unlawful search and seizure.”
- Voters approved Proposition 24, the California Privacy Rights Act (CPRA), and most of the ballot measure will take effect Jan. 1, 2023. A successor aimed at strengthening the 2018 California Consumer Privacy Act, the CPRA takes aim at consumer rights, plainly stating it “should adjust to technological changes, help consumers exercise their rights, and assist businesses with compliance, with the continuing goal of strengthening consumer privacy.” Among its provisions, it gives consumers the right to ask businesses to delete any personal information they have collected on them — and mandates that those businesses disclose this right. The proposition defines certain personal data as sensitive, including Social Security numbers, account logins with passwords, and health data, and consumers can order businesses to limit use of such sensitive personal data. Consumers can also require businesses to correct the personal information they possess. The act also created the California Privacy Protection Agency (CPPA) to enforce consumer privacy laws, and the California Secretary of State’s Office pointed out that the act also provides at least $10 million a year in General Fund monies “to support increased state costs for CPPA operations.” Unlike some portions of the act, the agency will get underway immediately.
- State Senate Bill 588, from state Sen. Bob Archuleta, D-Pico Rivera, holds contractors’ — including IT vendors’ — feet to the fire on hiring and paying subcontractors. State law requires that at least 3 percent of contracts go to disabled veteran business enterprises (DVBEs). SB 588 “applies to contracts where the prime contractor made a commitment to use a DVBE subcontractor,” said Matt Bender, acting deputy director of the Office of Legislative Affairs in the California Department of General Services. It builds on existing law requiring contractors to certify the actual amount they paid subs, and that all payments were made. The bill, which Newsom signed in September, requires the state to hold back $10,000 from its final payment to a contractor until it provides the certification.
“This bill isn’t specific to IT; it applies to all kinds of contracts, so if your firm competes for non-IT services contracts, it could apply to those contracts, too,” Bender said at the recent California Department of Technology Vendor Forum. Mike Hewitt, president of CalDorado Group, told Techwire the bill’s impact will depend on the contract size, and “should be a percentage versus a flat fee.”
“I have also noticed that a number of RFOs (Requests for Offer) have gone out this year where the DVBE requirement is waived, so it seems like this could be perceived as being selectively applied,” Hewitt said via email.
