Skip to content

May 6, 2002

For More Information, Contact:
Kristina Loquist at (916) 651-4011


SACRAMENTO – Assemblyman Joe Simitian (D-Palo Alto), Chair of the Assembly Select Committee on Privacy, announced today that his legislation to enhance online privacy protection will be heard in the Assembly Judiciary Committee on Tuesday, May 7th. 

Assembly Bill 2297 contains three key provisions: It requires all entities that collect personal information online to conspicuously post a privacy policy stating what information they collect and with whom they share the information.  It explicitly makes it unlawful for an online entity to violate its posted privacy policy.  And finally, it requires that entities must notify consumers if their information may have been compromised as the result of a breach in that entity’s security.

“Although most legitimate online businesses post privacy policies on their website, not all do.  Also, the law isn’t clear on what recourse individuals may have, if any, if somebody chooses not to honor their posted privacy commitments,” said Simitian. “Right now, the only sure method of recourse is to literally make a federal case of the matter.  This bill provides for meaningful and accessible enforcement under California Law.”

“This bill imposes common sense privacy protections that protect individuals’ reasonable expectation of privacy,” explains Francisco Lobaco, Legislative Director for the American Civil Liberties Union (ACLU).

“AB 2297 provides meaningful privacy protections that will help foster the continued growth of the internet economy,” explains Simitian, who was recently named High Tech Legislator of the Year by the American Electronics Association.  “Many consumers refuse to do business online because they have little protection against abuse,” said Simitian.  “This bill provides such protection by allowing individuals to rely on a company’s posted policy, and should provide consumers with greater comfort about doing business online.”

“My goal here is simple,” said Simitian.  “Make sure online users know what their privacy protections are.  Make sure those guarantees are honored; and when security is breached, make sure that online users know it, so they can protect themselves.”