The state of California has passed privacy and data security laws and regulations that apply across sectors. Generally, these laws apply to personal information about residents of California or activities that occur within California. Businesses operating in California must comply not only with applicable federal law, but also with relevant state privacy and security laws and regulations.

State Government Agencies

The Office assists individuals with identity theft and other privacy-related concerns, provides consumer education and information on privacy issues, coordinates with local, state and federal law enforcement on identity theft investigations, and recommends policies and practices that protect individual privacy rights.

Privacy Laws and Regulations

Constitutional Right to Privacy - California Constitution
Office of Information Security & Privacy Protection
Automobile "Black Boxes"
Bank Account Numbers, Reuse
Consumer Credit Reporting Agencies Act
California Consumer Privacy Act of 2018 (CCPA)
Court Records: Protection of Victim and Witness Information
Credit Card Address Change
Credit Card/Telephone Service Address Change
Credit Card or Check Payment
Credit Card Full Disclosure Act
Credit/Debit Card Number Truncation
Credit Card "Skimmers"
Credit Cards, Substitutes
Destruction of Customer Records
Domestic Violence Victim Privacy
Driver's License Information Confidentiality
Driver's License Information, Scanning or "Swiping"
Electronic Eavesdropping
Employment of Offenders
Fair Debt Collection Practices Act
Financial Information Privacy Act
Information Practices Act of 1977
Information-Sharing Disclosure, "Shine the Light"
Insurance Information and Privacy Protection Act
Investigative Consumer Reporting Agencies Act
Internet of Things (IoT) Security Law
Library Records, Confidentiality
Marketing to State University Alumni
Marriage Licenses, Addresses
Motor Vehicle Dealer Data Access
Public Records Act
Research Use of Personal Information
Security Breach Notice
Security of Personal Information
Social Security Number Confidentiality
Social Security Number Confidentiality in Family Court Records
Social Security Number Truncation on Pay Stubs
State Agency Privacy Policies
Supermarket Club Card Act
Telecommunications Customer Privacy
Telephone Record "Pretexting"
Veterans' Discharge Papers, Notice of Public Record Status
Voter Privacy
Warranty Cards
Wireless Network Security
Birth and Death Certificate Access
See §§ 103525, 103525.5, 103526, 103526.5, 103527, and 103528
Birth and Death Record Indices
See §§ 102230, 102231 and 102232
Legal and Civil Rights of Persons Involuntarily Detained
See § 5328
Medical Information, Collection for Direct Marketing Purposes
Medical Information Confidentiality
Mandated Blood Testing and Confidentiality to Protect Public Health
Patient Access to Health Records
Consolidation of Identity Theft Cases
Criminal Profiteering and Identity Theft
Debt Collection: Identity Theft Victim Rights, Individuals and Businesses
Document Making Devices and Identity Theft
Financial Crime Surveillance Photos and Video
Identity Theft Crime Statistics
Identity Theft: Victim Access to Records on Fraudulent Transactions or Accounts
Identity Theft
Identity Theft Conspiracy/DMV
Identity Theft: Records in "Criminal" Identity Theft
Identity Theft Victim's Rights Against Claimants
Search Warrant
Statute of Limitations
Anti-Phishing Act of 2005
Computer Spyware
Online Privacy Protection Act of 2003
Personal Information Collected on Internet
Public Officials, Online Privacy
Reproductive Health Care, Online Privacy
Spam Laws
Telemarketing: State do-not-call list
Unsolicited Cell Phone/Pager Text Ads
Cellular Telephone Number Directory
Financial Information Privacy Act
California Affiliate Sharing Rule (SB 1)

ABA v. Lockyer - On September 4, 2008, the U.S. Court of Appeals for the Ninth Circuit ruled that the affiliate sharing provision under the California Financial Information Privacy Act ("SB1") is not preempted by the FACT Act amendments to the federal FCRA. The Eastern District of California previously ruled that no portion of the SB1 affiliate sharing provision survives FACT Act preemption and even if some applications could be saved, they cannot be severed from the remainder of the statute. Reversing the district court's decision, the Ninth Circuit noted that the state legislature would prefer a narrowed version of the provision to none at all. The matter was remanded back to the trial court without instructions.