Effective Date: February 3rd, 2019
This privacy notice discloses the privacy practices for Rhapsodic Global and our website; http://RhapsodicGlobal.org. This privacy notice applies solely to information collected by this website, except where stated otherwise. It will notify you of the following:
What information we collect;
With whom it is shared;
How it can be corrected;
How it is secured;
How policy changes will be communicated; and
How to address concerns over misuse of personal data.
Information Collection, Use, and Sharing
We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.
We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g., to ship an order.
Your Access to and Control Over Information
You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number provided on our website:
See what data we have about you, if any.
Change/correct any data we have about you.
Have us delete any data we have about you.
Express any concern you have about our use of your data
In order to use this website, a user must first complete the registration form. During registration a user is required to give certain information (such as name and email address). This information is used to contact you about the products/services on our site in which you have expressed interest. At your option, you may also provide demographic information (such as gender or age) about yourself, but it is not required.
We request information from you on our order form. To buy from us, you must provide contact information (like name and shipping address) and financial information (like credit card number, expiration date). This information is used for billing purposes and to fill your orders. If we have trouble processing an order, we'll use this information to contact you.
We do not share aggregated demographic information with any third party advertisers. This is not linked to any personal information that can identify any individual person, which we also do not share with any third party advertisers.
We may use an outside shipping company to ship orders, and a credit card processing company to bill users for goods and services. These companies do not retain, share, store or use personally identifiable information for any secondary purposes beyond filling your order.
We partner with another party to provide specific services. When the user signs up for these services, we will share names, or other contact information that is necessary for the third party to provide these services. These parties are not allowed to use personally identifiable information except for the purpose of providing these services.
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.
Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for "https" at the beginning of the address of the web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (e.g. billing or customer service) are granted access to personally identifiable information. The computers/servers on which we store personally identifiable information are kept in a secure environment.
We use "cookies" on this site. A cookie is a piece of data stored on a site visitor's hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to log in a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance their experience on our site. Usage of a cookie is in no way linked to any personally identifiable information on our site.
This web site contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.
Surveys & Contests
From time-to-time our site requests information via surveys or contests. Participation in these surveys or contests is completely voluntary and you may choose whether or not to participate and therefore disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as zip code, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of this site.
Notification of Changes
Whenever material changes are made to the privacy notice, we will notify those who have opted into receiving notification via email.
General Objective Regarding User Privacy
Other Provisions as Required by Law
California Constitution, Article 1, section 1.The state Constitution gives each citizen an "inalienable right" to pursue and obtain “privacy.”
California Law - General Privacy Laws
Automated License Plate Recognition Systems - California Civil Code §§ 1798.90.5-1798.90.55, 1798.29, 1798.82. This law regulates the privacy and usage of data collected by automated license plate recognition (ALPR) systems. It prohibits public agencies from selling or sharing the information except to another public agency, and imposes security and other requirements on system operators and on users of data from ALPR systems.
Automobile "Black Boxes" - California Vehicle Code section 9951. This law requires automobile manufacturers that install "event data recorders" in vehicles to disclose that fact in the owner's manual. It also limits the retrieval and use of data from such a device to the vehicle owner or others permitted by the owner, in response to a court order, for the purpose of improving vehicle safety, or for servicing or repairing the vehicle. Data retrieved for improving vehicle safety may not be released for any other purpose and must not reveal the owner's identity if shared with other vehicle safety organizations. Subscription services that install such devices must disclose the device's function in the subscription service agreement. Effective for vehicles manufactured after 7/1/04.
Bank Account Numbers, Reuse - California Financial Code section 4100. This law prohibits a depository institution, as defined, from using an account number previously held by a different customer until three years after the account was closed. Takes effect July 1, 2006.
California Electronic Communications Privacy Act (CalECPA) - Penal Code section 1546 et seq. This law generally requires government entities to obtain a search warrant before accessing data on an electronic device or from an online service provider.
Computer Misuse and Abuse: Criminal Sanctions - California Penal Code section 502. In general, this section makes it a crime to knowingly access and, without permission, use, misuse, abuse, damage, contaminate, disrupt or destroy a computer, computer system, computer network, computer service, computer data or computer program. Depending on the particular violation, this section can support a variety of fines and imprisonment in criminal actions as well as remedies recoverable in civil actions.
Connected Televisions - Business & Professions Code sections 22948.20-22948.25. This law prohibits the operation of a voice recognition feature in an Internet-connected television without first prominently informing the user of the feature. It also prohibits the use or sale for advertising purposes of recordings of spoken words and conversations captured by a connected television for improving its voice recognition feature.
Consumer Credit Reporting Agencies Act - California Civil Code sections 1785.1-1785.36. This law, the state counterpart of the federal Fair Credit Reporting Act, regulates consumer credit reporting agencies. It requires them, among other things, 1) to provide free copies of credit reports to consumers who have been denied credit or who are identity theft victims, 2) to block information that appears on a report as the result of identity theft, 3) to place security alerts or freezes on the files of consumers who request them,including freezes on the files of children under the age of 16 upon the request of an authorized representative,and 4) to provide, for a reasonable fee, credit score information to consumers who request it. The law provides consumer credit reporting agencies with specific permission for the disclosure of public record information lawfully obtained from an open public record, to the extent otherwise permitted by law. It also prohibits the use of consumer credit reports for employment purposes, with certain exceptions. *
1785.1 - 1785.6Chapter 1. General Provisions1785.10 - 1785.19.5Chapter 2. Obligations of Consumer Credit Reporting Agencies1785.20 - 1785.22Chapter 3. Requirements on Users of Consumer Credit Reports1785.25 - 1785.26Chapter 3.5. Obligations of Furnishers of Credit Information1785.30 - 1785.36Chapter 4. Remedies
Court Records: Protection of Victim and Witness Information - California Penal Code section 964. This law requires the district attorney and the courts in each county to establish a procedure to protect confidential personal information regarding any witness or victim contained in a police report, arrest report, or investigative report submitted to a court by a prosecutor in support of a criminal complaint, indictment, or information, or by a prosecutor or law enforcement officer in support of a search warrant or an arrest warrant.
Credit Card Address Change - California Civil Code section 1747.06. This law requires a credit card issuer that receives an application with a different address in response to a mailed unsolicited offer to verify the change of address. It also requires a credit card issuer that receives a request for an address change and within 10 days a request for an additional credit card to verify the change of address before mailing or activating the additional credit card. *
Credit Card/Telephone Service Address Change - California Civil Code section 1799.1b. This law requires a credit card issuer or telephone company that gets a request for a change of address on an account and then within a specified period receives a request for a new credit card or service to notify the consumer at the former address of record. *
Credit Card or Check Payment - California Civil Code sections 1725 and 1747.08. Any person accepting a check in payment for most goods or services at retail is prohibited from recording a purchaser's credit card number or requiring that a credit card be shown as a condition of accepting the check (Section 1725). Any person accepting a credit card in payment for most goods or services is prohibited from writing the collecting and recording cardholder's personal information on forms associated with the transaction. The law explicitly allows the collection of a zip code in a sales transaction at a gas pump or an automated cashier in a gas station and limits the use of the zip code information to the prevention of fraud. (Section 1747.08).
Credit Card Full Disclosure Act - California Civil Code sections 1748.10 - 1748.14. Allows credit card holders to opt-out of having their marketing information disclosed by credit card companies. Credit card issuers are also required to provide cardholders with a written notice of their right to prohibit the disclosure of their marketing information to marketers who disclose the cardholder's identity. This written notice must include both a preprinted form and a toll-free number which cardholders can use to exercise this right.
Credit/Debit Card Number Truncation - California Civil Code section 1747.09. No more than the last five digits of a credit card or debit card number may be printed on the customer copy of electronically printed receipts. *
Credit Card "Skimmers" - California Penal Code section 502.6. The knowing and willful possession or use, with the intent to defraud, of a device designed to scan or re-encode information from or to the magnetic strip of a payment card (a "skimmer") is punishable as a misdemeanor. The devices owned by the defendant and possessed or used in violation may be destroyed and various other computer equipment used to store illegally obtained data may be seized.
Credit Cards, Substitutes - California Civil Code section 1747.05. A credit card issuer that issues a substitute credit card must provide an activation process where consumers are required to contact the card issuer to activate the credit card before it can be used.
Customer Electrical and Natural Gas Usage Data - California Civil Code sections 1798.98-1798.99.This law extends many of the consumer privacy protections that apply to customer usage data maintained by electric and gas utilities to other third-party businesses that may handle the customer usage data. It prohibits sharing, disclosing, or otherwise making customer usage data accessible to any third party without the customer’s express content. It requires conspicuous disclosure of with whom such data will be shared and how it will be used. It requires businesses, among other things, to implement and maintain reasonable security to protect the data from unauthorized disclosure.
Data Breach Notice - California Civil Code sections 1798.29 and 1798.82. This law requires a business or a government agency that owns or licenses unencrypted computerized data that includes personal information, as defined, to notify any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The type of information that triggers the notice requirement is 1) an individual's name plus one or more of the following: Social Security number, driver's license or California Identification Card number, financial account numbers, medical information, health insurance, or information collected through an automated license plate recognition system; or 2)user ID and password or other specified credentials permitting access to online accounts. The notice must contain specific information, and it must use a title and headings, as specified. Any agency, person, or business that is required to issue a breach notice to more than 500 California residents must electronically submit a single sample copy to the Attorney General.
Disposal of Customer Records - California Civil Code sections 1798.80 - 1798.81 and 1798.84. These sections require businesses to shred, erase or otherwise modify the personal information when disposing of customer records under their control. It provides a "safe harbor" from civil litigation for a business that has come into possession of records containing personal information that were abandoned, so long as the business disposes of them as provided in the statute. *
Domestic Violence Victim Privacy - California Civil Code section 1798.79.8 This law prohibits a domestic violence victim service provider from being required to reveal the personally identifying information of its clients or potential clients as a part of applying for or receiving grants or financial assistance for its services. It defines "victim service provider" to mean a non-governmental organization that provides shelter or services to victims of domestic violence.
Driver's License Information Confidentiality - California Vehicle Code sections 1808-1821. This law puts limits on disclosures of personal information in records maintained by the DMV.
Driver's License Information, Scanning or "Swiping" - California Civil Code section 1798.90.1. Prohibits bars, car dealers and others from collecting information by swiping driver's license for any purposes other than verifying age or authenticity of the license, check verification or when legally required.
Eavesdropping or Skimming RFID - California Civil Code section 1798.79 and following. This law makes it a misdemeanor to intentionally remotely read or attempt to read another person's identification document that uses radio frequency identification (RFID), without the person's knowledge or consent. It also makes it a misdemeanor to reveal the operational system keys used in a contactless identification document. Both crimes are punishable by a jail term of up to one year and/or a fine of up to $1,500.
Electronic Eavesdropping - California Penal Code sections 630-638. Among other things, this law prohibits, with exceptions, electronic eavesdropping on or recording of private communications by telephone, radio telephone, cellular radio telephone, cable or any other device or in any other manner. Violation can result in penalties of up to $10,000 and imprisonment in county jail or state prison for up to one year (sections 631-632.7). It prohibits cable TV and satellite TV operators from monitoring or recording conversations in a subscriber's residence, or from sharing individually identifiable information on subscriber viewing habits or other personal information without written consent (section 637.5).
Electronic Eavesdropping by State Law Enforcement Officials - California Penal Code sections 629.50-629.98. With the approval of a Superior Court judge, specified law enforcement officials can intercept specifically described wire, electronic pager, or electronic cellular telephone communications. The law prescribes a procedure that requires officials to present to a Superior Court judge requests for authority to record, catalogue, maintain and report about recordings of all communications intercepted (except legally privileged communications). The law also requires authorities to notify the parties to such intercepted communications about the facts of the wiretapping activities, no later than 90 days after the termination of the activities or after the denial of an application seeking wiretapping authority. This chapter shall remain in effect only until January 1, 2015, and as of that date is repealed.
Electronic Surveillance in Rental Cars - California Civil Code section 1939.23. This law prohibits vehicle rental companies from using, accessing, or obtaining information relating to a renter's use of a rental vehicle obtained using onboard electronic surveillance technology, except in limited circumstances. It requires rental companies to obtain a renter's consent before using or disclosing information about the renter's use of the vehicle.
Employment Background Checks: Expunged Records - California Labor Code § 432.7. This law prohibits employers from asking job applicants about or using as a factor in employment decisions information about criminal records that have been expunged, sealed or dismissed.
Employment of Offenders - California Penal Code section 4017.1 and Penal Code section 5071 and California Welfare and Institutions Code section 219.5. Prison and county jail inmates may not have jobs that give them access to personal information. The same prohibitions apply to offenders performing community service in lieu of a fine or custody.
Fair Debt Collection Practices Act, California Civil Code Sections 1788 - 1788.33. This law prohibits debt collectors from engaging in unfair or deceptive acts or practices in the collection of consumer debts and requires debtors to act fairly in entering into and honoring such debts. It also requires a collector to stop collection when an alleged debtor furnishes a police report of identity theft and other information. Before resuming collection, the collector, must make a good faith determination that the information does not establish that the consumer is not responsible for the debt.
1788-1788.3Article 1. General Provisions1788.10-1788.18Article 2. Debt Collector Responsibilities1788.20-1788.22Article 3. Debtor Responsibilities1788.30-1788.33Article 4. Enforcement
Financial Information Privacy Act, California - Financial Code sections 4050 - 4060. This law prohibits financial institutions from sharing or selling personally identifiable nonpublic information without obtaining a consumer's consent, as provided. It provides for a plain-language notice of the privacy rights it confers. The law requires that (1) a consumer must "opt in" before a financial institution may share personal information with an unaffiliated third party, (2) consumers be given an opportunity to "opt out" of sharing with a financial institution's financial marketing partners, and (3) consumers be given the opportunity to "opt out" of sharing with a financial institution's affiliates, with some exceptions. When an affiliate is wholly owned, in the same line of business, subject to the same functional regulator and operates under the same brand name, an institution may share its customers' personal information with the affiliate without providing an opt-out right. *
Fourth Amendment Protection Act - California Government Code section 7599. This law prohibits the state of California from providing federal agencies with electronically stored information or metadata on any person if the state has actual knowledge that the federal request constitutes an illegal collection of that stored information or metadata.
Identification Devices, Prohibition on Bodily Implanting - California Civil Code section 52.7. This law prohibits a person from requiring, coercing, or compelling any other individual to undergo the subcutaneous implanting of an identification device. The law specifically requires that it be liberally construed to protect privacy and bodily integrity. The law also provides for the assessment of civil penalties for violation, as specified, and allows an aggrieved party to bring an action for damages and injunctive relief, subject to a 3-year statute of limitation, or as otherwise provided.
Information Practices Act of 1977 - California Civil Code section 1798 and following. This law applies to state government. It expands upon the constitutional guarantee of privacy by providing limits on the collection, management and dissemination of personal information by state agencies.
1798-1798.1Article 1. General Provisions and Legislative Findings1798.3Article 2. Definitions1798.14-1798.23Article 5. Agency Requirements1798.24-1798.24bArticle 6. Conditions of Disclosure1798.25-1798.29Article 7. Accounting of Disclosures1798.30-1798.44Article 8. Access to Records and Administrative Remedies1798.45-1798.53Article 9. Civil Remedies1798.55-1798.57Article 10. Penalties1798.60-1798.69Article 11. Miscellaneous Provisions1798.70-1798.78Article 12. Construction with Other Laws
Information-Sharing Disclosure, "Shine the Light" - California Civil Code sections 1798.83-1798.84. This law lets consumers learn how their personal information is shared by companies for marketing purposes and encourages businesses to let their customers opt-out of such information sharing. In response to a customer request, a business must provide either: 1) a list of the categories of personal information disclosed to other companies for their marketing purposes during the preceding calendar year, with the names and addresses of those companies, OR 2) a privacy statement giving the customer a cost-free opportunity to opt-out of such information sharing. Financial services companies subject to the California Financial Information Privacy Act are exempted from this law. See the Recommended Practices, pdf in relation to this law.
Insurance Information and Privacy Protection Act - California Insurance Code section 791 and following. This law sets standards for the collection, use and disclosure of personal information gathered in connection with insurance transactions by insurance companies, agents or insurance-support organizations. It generally prohibits disclosure of personal or privileged information collected or received in connection with an insurance transaction unless the disclosure (1) is authorized in writing by the individual or (2) is necessary for conducting business. The individual must be given an opportunity to opt-out of disclosure for marketing purposes.
Investigative Consumer Reporting Agencies Act - California Civil Code sections 1786-1786.60. This law regulates the activities of those who collect and communicate information for investigative reports on consumers for third parties such as employers, insurance companies and landlords.
1786-1786.2Article 1. General Provisions1786.10-1786.40Article 2. Obligations of Investigative Consumer Reporting Agencies1786.50-1786.60Article 4. Remedies
Library Records, Confidentiality - California Government Code sections 6254, 6267 and 6276.28. Registration and circulation records, of libraries supported by public funds, are confidential and are explicitly exempted from the Public Records Act.
Chapter 3.5. Inspection of Public Records:
6250-6270Article 1. General Provisions6275-6276.48Article 2. Other Exemptions from Disclosure
Locking Mail Boxes in Residential Hotels - California Civil Code section 1941.1 and Health & Safety Code section 17958.3. Effective July 1, 2008, all residential hotels must provide each residential unit with a locking mail receptacle, acceptable for mail delivery by the U.S. Postal Service. Failure to comply is a basis for considering a residential unit untenantable. The law also authorizes cities and counties to make and enforce ordinances that provide greater protections and penalties.
Marketing to State University Alumni - California Education Code sections 89090-89090.5 & 92630. This law authorizes the alumni associations of the California State University, the University of California, and Hastings College of Law to provide the names, addresses, and e-mail addresses of alumni to certain businesses ("affinity partners") for marketing purposes, provided the associations give alumni an opportunity to opt-out of having their information shared and provided the alumni have not, while students at those institutions, opted-out of information sharing.
Marriage Licenses, Addresses - California Family Code section 351.5 This law allows the parties or witnesses to a marriage to use a business address or a post office box rather than a residential address on a marriage license and certificate of registry.
Marriage Records - California Family Code section 509, California Health and Safety Code sections 102230, 102231, 103525, 103525.5, 103526, 103526.5 and 103527. These laws establish procedures for requesting a certified copy of a birth or death records. They also provide protection of specified confidential information in these records, including in marriage records. The law also requires that non-confidential marriage files contain the names of the parties and the date of the marriage.
Motor Vehicle Dealer Data Access - California Vehicle Code section 11713.3 and 11713.25 This law prohibits auto manufacturers and distributors from accessing, modifying, or extracting information from an auto dealer's computer system without providing safeguards to protect that information. It also prohibits a computer vendor from accessing, modifying, or extracting information from an auto dealer's computer system without first obtaining the dealer's express consent and providing safeguards to protect that information.
Office of Privacy Protection - California Government Code section 11549.5. Created by a state law enacted in 2000, the Office of Privacy Protection was defunded in 2012.
OpenJustice Data Act of 2016 - Business and Professions Code section 21627, Government Code section 12525.2 (amended), Penal Code sections 13010, 13010.5, 13012, 13012.6, 13013, 13014, 13023, and 13519.4. This law requires the Department of Justice to make its mandatory criminal justice statistics reports and other information related to criminal statistics available to the public through the OpenJustice Web Portal, to be updated at least yearly. [The portal is at https://openjustice.doj.ca.gov.]
Physical & Constructive Invasions of Privacy - California Civil Code section 1708.8. This law defines physical invasion of privacy in terms of trespassing in order to capture an image, sound recording or other impression in certain circumstances. It also defines constructive invasion of privacy as attempting to capture such an impression under circumstances in which the plaintiff had a reasonable expectation of privacy.
Privacy of Customer Electrical and Natural Gas Usage Data - California Civil Code sections 1798.98-1798.99. This law requires electric and gas utilities to have a customer’s express consent before sharing that customer’s usage data with any other third-party business that may handle the data. It requires utilities to disclose with what third parties they will share the customer usage data and how they will use it. It requires businesses to implement and maintain reasonable security to protect the data from unauthorized disclosure. It also prohibits a business form offering incentives or discounts for accessing the data and provides a private right of action for damages for willful violation.
Privacy Protections for Energy Consumption Data - Public Utilities Code §§ 8380 - 8381. This law extends consumer privacy protections to electrical or gas consumption data that is part of an advanced metering infrastructure or “smart grid.” The law prohibits electrical and gas utility companies from sharing customer consumption data from the smart grid with third parties, and requires companies to use reasonable security measures to protect smart grid data.
Public Records Act - California Government Code sections 6250-6268. This law applies to state and local government. It gives members of the public a right to obtain certain described kinds of documents that are not protected from disclosure by the Constitution and other laws. This law also provides some specific privacy protections.
Public Record Exemption for Sex Offense Victims - California Government Code section 6254 and California Penal Code section 293. These laws prohibit the disclosure of the names and addresses of victims of specific sex-related crimes in documents provided in response to requests for records, including responses provided under the California Public Records Act.
Reader Privacy Act - California Civil Code sections Title 1.81.15 (commencing with section1798.90). This law protects the privacy of individuals who use the services of businesses that rent, sell, lend or otherwise offer books to the public. It requires a court order or the user's affirmative consent before such a business can disclose the personal information of its users related to their use of a book, with specified exceptions, including an imminent danger of death or serious injury.
Research Use of Personal Information - California Civil Code section 1798.24 and Welfare and Institutions Code section 10850. This law authorizes a state agency to disclose personal information for certain research purposes to the University of California or a nonprofit educational institution, but requires the agency to get the approval of the Committee for the Protection of Human Subjects for the California Health and Human Services Agency before disclosing the information. It also establishes criteria for the review and approval of the request.
Security of Personal Information - California Civil Code section 1798.81.5. This law requires specified businesses to use safeguards to ensure the security of Californians' personal information (defined as name plus SSN, driver's license/state ID, financial account number, username or email address in combination with password or security question and answer, and health insurance information) and to contractually require third parties to do the same. It does not apply to businesses that are subject to certain other information security laws.
Social Security Number Confidentiality - California Civil Code sections 1798.85 and 1798.86, 1785.11.1, and 1785.11.6. This law restricts businesses and state and local agencies from publicly posting or displaying Social Security numbers. It also bans embedding SSNs on a card or document using a bar code, chip, magnetic strip or other technology, in place of removing the number as required by law. The law takes effect gradually, from 2002 through 2007. See the Recommended Practices in relation to this law.
Social Security Number Confidentiality in Family Court Records - California Family Code section 2024.5. This law establishes a procedure for keeping SSNs confidential in court filings for legal separation, dissolution, or nullification of marriage.
Social Security Number Truncation on Pay Stubs - California Labor Code section 226. This law requires employers to print no more than the last four digits of an employee's SSN, or to use an employee ID number other than the SSN, on employee pay stubs or itemized statements. Employers must comply by January 1, 2008.
Social Security Numbers in Abstracts of Judgments, Decrees, and Tax Liens - Code of Civil Procedure section 674 and California Revenue & Taxation Code section 2191.3. These laws delete the former provisions requiring that abstracts of judgments, decrees requiring the payment of money, and tax collector liens contain the full SSN of the judgment debtor or assessee. Instead, such documents may contain only the last four digits of the SSN.
Social Security Numbers in Local Government Records and Higher Education - California Civil Code section 1798.89, Commercial Code section 9526.5, Education Code section 66018.55, and Government Code section 27300 et seq. These laws require certain state and local government agencies to truncate SSNs in documents released to the public so as to display no more than the last four digits. (1) The Franchise Tax Board must truncate SSNs in documents released to the public. (2) The Secretary of State must create versions of Uniform Commercial Code filings that contain only truncated SSNs. (3) County recorders must create versions of documents recorded back to 1980 that contain only truncated SSNs, and if authorized by boards of supervisors may levy a fee to cover the cost of truncation. Also no one may record a document containing more than the last four digits of an SSN. (4) The law states the Legislature's intent that local agencies, other than county recorders, fully redact SSNs from public records before making the records publicly available, and excludes SSNs from the information that a local agency must disclose under the Public Records Act. (5) It requires the Office of Privacy Protection to create a task force to review the use of SSNs by California colleges and universities and to recommend practices to minimize such use, with a report due to the Legislature by July 1, 2010.
State Agencies: Information Security - Government Code § 11549.3. This law requires the California Information Security Office, in the Department of Technology, to conduct or require at least 35 independent security assessments of state agencies annually.
Supermarket Club Card Act - California Civil Code section 1749.60 and following. This law prohibits supermarket club card issuers (1) from requesting driver's license numbers or Social Security numbers, and (2) from selling or sharing personal customer information; limited exemption for membership card stores.
Telecommunications Customer Privacy - California Public Utilities Code sections 2891-2894.10. This law bars telecommunications companies from disclosing the calling patterns, personal financial information or other specified personal information of residential subscribers without first getting written consent of the subscriber. There are some exceptions, including disclosure for the purpose of debt collection, for responding to a 911 call, and as required by legal process. It also requires, among other things, that telephone companies must give annual notice to subscribers that calling an 800 or 900 number may result in the disclosure of the subscriber's telephone number to the called party.
Telephone Record "Pretexting" - California Penal Code section 638 This law prohibits the purchase or sale of any telephone calling pattern record or list without the written consent of the subscriber.
Unmanned Aircraft Systems (Drones): Liability - California Civil Code section 1708.8. This law expands liability for physical invasion of privacy to include a person knowingly entering into the airspace above the land of another person without permission, as provided.
Veterans' Discharge Papers, Notice of Public Record Status - California Government Code section 27337. This law addresses the risk of identity theft created when military veterans file their DD214s, which contain their SSN, with their county recorders. It requires the recorders to give such a veteran a written form indicating that the document becomes public when it is recorded.
Voter Privacy - California Elections Code sections 2194, 8105, 8202, 8204, 2166.7 and 8023, and California Government Code 6254.24 If authorized by a local board of supervisors, a local election official must make the voter registration information of specified public safety officials confidential, upon application. The application of a public safety official for confidentiality would be a public record. The law also includes a voter's signature on a voter registration card as part of confidential voter registration information and adds state and federal judges and court commissioners to the definition of public safety officials entitled to remove their home addresses and telephone numbers from public posting on the Internet.
Warranty cards - California Civil Code section 1793.1. Product warranty cards must clearly state that the consumer is not required to return the card for the warranty to take effect.
Wireless Network Security - California Business and Professions Code sections 22948.5-22948.7 This law requires devices that include an integrated and enabled wireless access point that are manufactured on or after October 1, 2007, to include a warning that advises consumers about how to protect their personal information and mitigate unauthorized use of their Internet access, and provide other specified protection measures.
Workplace Surveillance - California Labor Code section 435. This law prohibits employers from recording an employee in a restroom or room designated for changing clothes, unless authorized by court order, subject to certain exceptions.
California Law - Health Information Privacy
Birth and Death Certificate Access - California Health and Safety Code sections 103525, 103525.5, 103526, 103526.5, 103527, and 103528. Authorization is required to obtain certified copies of the birth or death certificate of another person. State and local registrars that issue non-certified copies to non-authorized applicants must print the words "informational, not a valid document to establish identity" on the copies issued.
Birth and Death Record Indices - California Health and Safety Code sections 102230, 102231, and 102232. This law exempts specified compilations of birth and death records, called indices, from disclosure under the California Public Records Act. The State Registrar is required to establish separate non-comprehensive indices for public release, which do not contain Social Security numbers or mother's maiden names. Requesters of the indices must provide proof of identity and sign a form certifying, under penalty of perjury, that they will comply with prescribed usage guidelines.
California Health Benefit Exchange, Applicant Privacy - Government Code section 100503 This provision prohibits the California Health Benefit Exchange (CoveredCA) from disclosing any personal information that the exchange obtained from an application for health care coverage to certified insurance agents or enrollment counselors without the consent of the applicants, with exceptions.
Health Facilities Data Breach - California Health & Safety Code section 1280.15. This law requires certain health facilities to prevent unlawful or unauthorized access to, or use or disclosure of, a patient's medical information. It sets fines and notification requirements for breaches of patient medical information and requires facilities to report such breaches to the California Department of Public Health.
Legal and Civil Rights of Persons Involuntarily Detained - California Welfare & Institutions Code section 5328. This law provides for the confidentiality of the records of people who are voluntarily or involuntarily detained for psychiatric evaluation or treatment.
Medical Information, Collection for Direct Marketing Purposes - California Civil Code section 1798.91. This law prohibits a business from seeking to obtain medical information from an individual for direct marketing purposes without, (1) clearly disclosing how the information will be used and shared, and (2) getting the individual's consent.
Medical Information Confidentiality - California Civil Code sections 56-56.37. This law puts limits on the disclosure of patients' medical information by medical providers, health plans, pharmaceutical companies, and many businesses organized for the purpose of maintaining medical information. It specifically prohibits many types of marketing uses and disclosures. It requires an electronic health or medical record system to protect the integrity of electronic medical information and to automatically record and preserve any change or deletion.
Chapter 1. Definitions56-56.07Chapter 2. Disclosure of Medical Information by Providers56.10-56.16Chapter 2.5. Disclosure of Genetic Test Results By a Health Care Service Plan56.17Chapter 3. Use and Disclosure of Medical Information by Employers56.20-56.245Chapter 4. Relationship of Chapters 2 and 356.25Chapter 5. Use and Disclosure of Medical and Other Information by Third Party Administrators and Others56.26-56.265Chapter 6. Relationship to Existing Law56.27-56.31Chapter 7. Violations56.35-56.37
Mandated Blood Testing and Confidentiality to Protect Public Health - California Health & Safety Code sections 120975-121020. This law protects the privacy of individuals who are the subject of blood testing for antibodies to the probable causative agent of acquired immune deficiency syndrome (AIDS).
Office of Health Information Integrity - California Health and Safety Code sections 130200. This law established the Office of Health Information Integrity in the California Health and Human Services Agency, with the mission of ensuring enforcement of state law on the confidentiality of medical information.
Patient Access to Health Records - California Health & Safety Code section 123110 and following. With minor limitations, this law gives patients the right to see and copy information maintained by health care providers relating to the patients' health conditions. The law also gives patients the right to submit amendments to their records, if the patients believe that the records are inaccurate or incomplete.
California Law - Identity Theft
Jurisdiction for Identity Theft Cases - California Penal Code section 786. Jurisdiction for a criminal action concerning identity theft may be in either the county where the theft occurred, the county where the information was illegally used, or the county in which the victim resided at the time. If multiple identity theft offenses occur in multiple jurisdictions involving the same defendant(s) and the same or substantially similar scheme, then jurisdiction for all offenses is proper in any one of the counties where an offense occurred.
Criminal Profiteering and Identity Theft - California Penal Code section 186.2. This law adds the theft of personal identifying information to the offenses specified as criminal profiteering activity and patterns of criminal profiteering activity.
Debt Collection: Business Identity Theft Victim Rights - California Civil Code sections 1788.2 and 1788.18. This law provides a firm, association, organization, partnership, business trust, company, corporation, or limited liability company with the same rights as an individual to contest any debt that has resulted from identity theft.
Debt Collection: Identity Theft Victim Rights - California Civil Code section 1788.18. This law is intended to help identity theft victims deal with debt collectors who are trying to collect debts incurred by the thief. It requires a debt collector to stop collection when an alleged debtor furnishes a police report of identity theft and other information on his status as an identity theft victim. If a collector ultimately determines that the information fails to establish that the consumer is not responsible for the debt, the collector has to notify the consumer of that determination and its basis before proceeding with collection. The bill also helps identity theft victims clear up their records by requiring debt collectors who cease collection activities to notify the creditors and consumer credit reporting agencies to which the collector previously provided adverse information.
Document Making Devices and Identity Theft - California Penal Code section 483.5. This law prohibits the possession of document-making devices with intent to use them to manufacture, alter, or authenticate a deceptive identification document. Conviction is punishable by up to one year in county jail and/or a fine of up to $1,000.
Financial Crime Surveillance Photos and Video - California Government Code section 7480. This law provides that a law enforcement agency may request, and a bank, credit union, or savings association must then provide, surveillance photographs and video recordings of a person accessing a crime victim's financial account via an ATM or from within the financial institution, as specified.
Foster Youth Identity Theft - California Welfare and Institutions Code section 10618.6. This law requires county welfare departments to check for credit files of foster youth as specified and to make arrangements for remediating any indications of identity theft in the files.
High Technology Theft Apprehension and Prosecution Program - California Penal Code sections 13848-13848.4. This law establishes the High Technology Theft Apprehension and Prosecution Program funds five regional Identity Theft Units and five High Technology Regional Crimes Task Forces. Each regional unit is comprised of local law enforcement and prosecutors from at least two counties and includes at least one state law enforcement agency investigator, as well as federal investigators and prosecutors. The law also establishes the High Technology Crime Advisory Committee, composed of members representing various governmental agencies and professional organizations, for the purpose of advising on the High Technology Theft Apprehension and Prosecution Program Trust Fund to regional task forces.
Identity Theft Crime Statistics - California Penal Code section 13012.6 This law requires the Department of Justice to include information on arrests for identity theft crimes in the annual report on criminal statistics provided to the Governor.
Identity Theft Jurisdiction - California Penal Code section 786. This law provides that the jurisdiction of a criminal action for identity theft, as defined in Penal Code section 530.55, includes the county where the theft of the information occurred, the county in which the victim resided, and the county where the information was used for an illegal purpose.
Identity Theft: Victim Access to Records on Fraudulent Transactions or Accounts - California Civil Code section 1748.95, Financial Code sections 4002 and 22470. Similar to California Penal Code section 530.8, these laws require certain types of financial institutions and other businesses to release (to a victim with a police report or to the victim's law enforcement representative) information and evidence related to identity theft. See the similar provisions in the federal Fair Credit Reporting Act, section 609(e).*
Identity Theft - California Penal Code sections 530.5-530.8. These code sections define the specific crime of identity theft, require the law enforcement agency in the victim's area to take a police report, allow a victim to get an expedited judicial ruling of factual innocence, require the Department of Justice to establish a database of identity theft victims accessible by law enforcement and victims, and require financial institutions to release information and evidence related to identity theft to a victim with a police report or to the victim's law enforcement representative. The sections establish penalties for the crime, including enhanced penalties for several groups 1) those with previous identity theft convictions, 2) those acquiring or possession personal information of 10 or more people, and 3) those who sell or otherwise convey personal information with knowledge that it will be used to commit identity theft.
Identity Theft Conspiracy/DMV - California Penal Code sections 182 and 529.7. Courts can impose fines of up to $25,000 on individuals convicted of felony conspiracy to commit ID theft. This law also makes it a misdemeanor for any unauthorized person to obtain (or assist another person in obtaining) a driver's license, identification card, vehicle registration certificate, or other official document issued by the Department of Motor Vehicles, with the knowledge that the person obtaining the document is not entitled to it.
Identity Theft: Records in "Criminal" Identity Theft - California Penal Code sections 853.5-853.6, California Vehicle code sections 40303, 40305, 40305.5, 40500 and 40504. This law helps victims clear their records when an identity thief is arrested using the victim's name. It establishes a procedure for a victim to contest a charge by submitting a thumbprint for comparison with the thumbprint taken at the time of arrest.
Identity Theft, Restitution - California Penal Code section 1202.4. This law authorizes courts to award restitution for expenses of monitoring an identity theft victim's credit report and for the costs to repair the victim's credit for a period of time reasonably necessary to make the victim whole, as specified.
Identity Theft Victim's Rights Against Claimants - California Civil Code section 1798.92-1798.97. This law protects identity theft victims who are being pursued for collection of debts which have been created by identity thieves. The law gives identity theft victims the right to bring an action against a claimant who is seeking payment on a debt NOT owed by the identity theft victim. The identity theft victim may seek an injunction against the claimant, plus actual damages, costs, a civil penalty, and other relief.
Search Warrant - California Penal Code section 1524. This law helps law enforcement in investigating identity theft cases by permitting a magistrate in the victim's county of residence to issue a search warrant for persons or property located in another county when the warrant is related to the identity theft.
Statute of Limitations - California Penal Code section 803. This bill gives victims, law enforcement, and prosecutors a reasonable opportunity to discover and investigate the crime of identity theft by specifying that the statute of limitations for the crime (and publicly filing a false or forged document) commences when the crime was discovered, instead of when it was committed.
California Law - Online Privacy
Anti-Phishing Act of 2005 - California Business and Professions Code sections 22948-22948.3. This law prohibits "phishing," the act of posing as a legitimate company or government agency in an email, Web page, or other Internet communication in order to trick a recipient into revealing his or her personal information.
Computer Spyware - California Business and Professions Code section 22947 and following. This law prohibits an unauthorized person from knowingly installing or providing software that performs certain functions, such as taking control of the computer or collecting personally identifiable information, on or to another user's computer located in California.
Cyberbullying - California Education Code section 32261. This law defines bullying as one or more acts of sexual harassment, hate violence, or intentional harassment, threats, or intimidation, directed against school district personnel or pupils, committed by a pupil or group of pupils. Bullying, including bullying committed by means of an electronic act, as defined, including a post on a social network Internet Web site, is a ground on which suspension or expulsion may be based.
Cyber Exploitation - California Penal Code sections 502, 502.01, 647, 647.8, 786 and Civil Code § 1708.85 These provisions address cyber-exploitation, sometimes called “revenge porn.” Penal Code § 647 adds to the definition of disorderly conduct the intentional distribution of an image of another person’s intimate body parts, or engagement in specified sexual acts when a) the persons in the image agreed or understood that the image was to remain private, b) the person distributing the image knows or should have known that distribution of the image will cause serious emotional distress, and c) the person depicted in the image suffers the resulting distress. Penal Code §§ 502, 502.01, 647.8, and 786 define penalties, jurisdiction, search warrants, and forfeiture as related to cyber exploitation. Civil Code § 1708.85 creates a private right of action against any person who intentionally, and without the consent of the subject, distributes such photographs or recorded images.
Cyber Sexual Bullying Education Code sections 234.2 and 48900 (amended) [See existing Education Code 32261] This law adds cyber sexual bullying to the definition of an act of bullying for which a pupil may be suspended or expelled. The law also requires the California Department of Education to include information specifically about cyber sexual bullying on a dedicated website.
Digital Privacy Rights for Minors - California Business and Professions Code sections 22580-22582. This law prohibits an operator of a website or online service directed to minors (California residents under 18) from marketing to minors products or services that the minors are legally prohibited from buying. The law also prohibits a website or online service from allowing a third party to market prohibited products to minors, or to share with a third-party the personal information of a minor so the third party can market or advertise prohibited products or services to minors. The law also applies these prohibitions to an advertising service that knows an operator’s site or service is directed to a minor. The law allows a minor, who is a registered user of the operator’s site or service, to request and obtain removal of his or her content, with exceptions.
Medical Apps - California Civil Code 56.06 This law applies the prohibitions of the Confidentiality of Medical Information Act (CMIA) to any business that offers software or hardware that is designed to allow individuals to maintain their own medical information.
Personal Information Collected on Internet - California Government Code section 11015.5. This law applies to state government agencies. When collecting personal information electronically, agencies must provide certain notices. Before sharing an individual's information with third parties, agencies must obtain the individual's written consent.
Public Officials, Online Privacy - California Government Code 6254.21. This law prohibits posting or displaying on the Internet the home address or telephone number of any elected or appointed official, as defined, if the official has made a written demand not to disclose his or her information. Entities receiving such a demand must remove the information immediately and ensure that it is not reposted.
Pupil Records Privacy: Digital Storage and Education Software - California Education Code section 49073.1. This law allows local educational agencies to contract with third parties, including cloud-based services, to store digital pupil records. The law requires these contracts to include specified provisions regarding the collection, use, and disclosure of information in pupil records. It also provides, among other things, that a contract that fails to comply with the law’s requirements be rendered void if certain conditions are satisfied.
Pupil Records: Social Media - California Education Code section 49073.6. This law prohibits schools school districts, county offices of education, and charter schools from collecting or maintaining information about pupils from social media for any purpose other than school or pupil safety. Among other things, it requires such entities to notify pupils and parents or guardians if they consider such a program and to provide an opportunity for public comment.
Reproductive Health Care, Online Privacy - California Government Code sections 6209.5, 6215.10, and 6215.12 and 6218 and following. This law protects the personal safety of reproductive health care providers, employees, volunteers, and patients by prohibiting the posting of any such person's home address, phone number, or image on the Internet, under specified circumstances.
Safe at Home Participants, Online Privacy - California Government Code sections 6206.5, 6206.7, 6208, 6209.5, 6215.3, 6215.4, 6215.7, 6215.10, 6208.1, 6208.2, 6215.12 and 6218.01. This law provides participants in the Secretary of State's confidential address program, Safe at Home (for victims of domestic violence or stalking and reproductive health care providers, employees, and volunteers) with the right to demand the removal if their personal information, including home address and phone number, from online search engines or databases, and imposes related obligations on the operators of such search engines and databases.
Student Online Personal Information Protection Act (SOPIPA) - California Business & Professions Code sections 22584 et seq. This law restricts the use and disclosure of information about K-12 students. It prohibits operators of websites or online services used primarily and designed and marketed for K-12 school purposes from using information gathered from their sites or services to target advertising to or amass profiles on K-12 students, except in furtherance of a K-12 school purpose, as defined. It also prohibits such operators from selling students’ information or, except in certain special circumstances, disclosing covered information. It requires operators to use reasonable and appropriate security practices to protect the covered information from unauthorized access or use, and to delete a student’s covered information at the controlling school or district’s request.
California Law - Unsolicited Commercial Communications
Robocalls - Public Utilities Code sections 2871-2876 - This law requires calls made by automatic dialing announcing devices, or robocalls, to be introduced by a live person. There are certain exceptions, including emergency calls form police, fire or emergency service agencies. A fact sheet on what to do about such calls (“When are robocalls legal?”) is available from the California Public Utilities Commission at www.cpuc.ca.gov.
Spam Laws - California Business and Professions Code Sections 17529 and following 17538.45. These laws regulate "spam," unsolicited commercial e-mail. Section 17529.5 concerns unsolicited commercial e-mails with misleading or falsified headers or information, and includes penalties. It applies to e-mail sent to or from a California e-mail address. It authorizes the recipient, an e-mail service provider, or the Attorney General to bring an action for actual damages and liquidated damages of $1,000 per e-mail ad sent in violation, up to $1 million per incident. It also authorizes attorney's fees and costs to a prevailing plaintiff. Section 17538.45 gives an e-mail service provider the right to sue those who send spam from its network or to its subscribers. Service providers can get civil damages up to $25,000 per day plus attorney fees. See also the federal CAN-SPAM Act.
Telemarketing: State do-not-call list - California Business and Professions Code sections 17590-17594. Californians can put their residential and cellular telephone numbers on a national do-not-call list. For program details, visit the Federal Trade Commissions web site at Do Not Call.
Unsolicited Cell Phone/Pager Text Ads - California Business and Professions Code section 17538.41. This law prohibits the sending of unsolicited text advertisements to cell phones or pagers.
Cellular Telephone Number Directory - California Public Utilities Code section 2891.1. This law requires a subscriber's express permission before a cell phone service provider can list the subscriber's number in a directory.
Federal Law - General Privacy Laws
Driver's Privacy Protection Act of 1994 - 18 U.S. Code 2721 and following. This federal law puts limits on disclosures of personal information in records maintained by State departments of motor vehicles.
Electronic Communications Privacy Act of 1986 - 18 U.S. Code sections 2510-2522, 2701-2711, 3121,1367. This law amends the federal wiretap law to cover specific types of electronic communications, such as e-mail, radio-paging devices, cell phones, private communications carriers, and computer transmissions. It also extends the ban on interception to the communications of wire or electronic communication services and sets restrictions on access to stored wire and electronic communications and transaction records.
Family Educational Rights and Privacy Act of 1974 (FERPA) - 20 U.S. Code section 1232g. This law restricts the disclosure of educational records maintained by educational agencies and institutions that receive federal funding.
Fair Credit Reporting Act (FCRA) - 15 U.S. Code sections 1681-1681u. This law is designed to promote accuracy, fairness, and privacy of information in the files of the credit bureaus that gather and sell information about consumers to creditors, employers, landlords and other businesses.
Fair Debt Collection Practices Act - 15 U.S. Code sections 1692-1692p. The purpose of this is “to eliminate abusive debt collection practices by debt collectors, to insure that those debt collectors who refrain from using abusive debt collection practices are not competitively disadvantaged, and to promote consistent State action to protect consumers against debt collection abuses.” For more information, see the FTC Fair Debt Collection guide.
Federal Privacy Act of 1974 - 5 U.S. Code section 552a. This law applies to the access to, and disclosure of, records of individuals held by federal executive and regulatory agencies. It requires such agencies, with some exemptions, to limit disclosure, provide access to the individual, and to apply basic Fair Information Practice Principles to such records containing the personal information of individual U.S. citizens and legal alien residents.
Financial Services Modernization Act of 1999, Gramm-Leach-Bliley (GLB), Privacy Rule - 15 U.S. Code sections 6801-6809. The federal GLB law permits the consolidation of financial services companies and requires financial institutions to issue privacy notices to their customers that explain their information sharing practices and give customers the opportunity to opt-out of some sharing of personally identifiable financial information with outside companies. For more information, see
Video Privacy Protection Act of 1988 - 18 U.S.Code section 2710. This law was originally intended to limit the conditions under which a video rental or sales outlet may disclose personally identifiable information about consumers, including viewing history. Even though video tapes have been practically replaced by other technology, such as DVDs and streaming video, this law still applies to such “similar audio visual materials.”Consumers have the right to opt-out from disclosure of their name and address (e.g., in a mailing list), and can sue for actual and punitive damages, and attorneys’ fees and costs, if they are harmed by a violation of this law. This law was recently amended to enable sharing of viewing history, still with consumers’ written consent, on Internet sites such as Facebook and Netflix.
Federal Law - Health Information Privacy
Health Insurance Portability and Accountability Act of 1996 (HIPAA). - 45 CFR Parts 160 and 164, Standards for Privacy of Individually Identifiable Health Information and Security Standards for the Protection of Electronic Protected Health Information. HIPAA includes provisions designed to save money for health care businesses by encouraging electronic transactions and also regulations to protect the security and confidentiality of patient information. The privacy rule took effect on April 14, 2001, with most covered entities (health plans, health care clearinghouse and health care providers who conduct certain financial and administrative transactions electronically) having until April 2003 to comply. The security rule took effect on April 21, 2003.
Federal Law - Identity Theft
Federal Identity Theft and Assumption Deterrence Act of 1998 - 18 U.S. Code section 1028. This law makes it a federal crime to produce or possess false or unauthorized identification documents, or to use another's identity to commit an activity that violates Federal law or that is a felony under state or local law.
Federal Law - Online Privacy
Children's Online Privacy Protection Act (COPPA) - 15 U.S. Code section 6501 and following. The goal of COPPA is to place parents in control over what information is collected from their young children online. With limited exceptions, COPPA and the related FTC Rule require operators of commercial web sites and online services to provide notice and get verifiable parental consent before collecting personal information from children under the age of 13. For more information, see the FTC's COPPA Web site:
Computer Fraud and Abuse Act of 1984 - 18 U.S. Code section 1030. This law makes unauthorized access to "protected computers" illegal. Protected computers include U.S. government computers, computers used in interstate or foreign commerce or communication, and computers used by financial institutions. It also prohibits trafficking in computer passwords and damaging a protected computer.
Computer Matching & Privacy Protection Act of 1988 & Amendments of 1990 - 5 U.S. Code section 552a (a)(8)-(13), (e)(12), (o), (p), (q), (r), & (u). This law amends the federal Privacy Act of 1974 and sets requirements that federal agencies must follow when performing certain automated comparisons of federal benefit program information of individuals with information held by other federal, state or local agencies.
Federal Law - Unsolicited Commercial Communications
CAN-SPAM Act of 2003 - 15 U.S. Code sections 7701-7713. The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) requires unsolicited commercial e-mail messages to be labeled (though not by a standard method) and to include opt-out instructions and the sender's physical address. Among other provisions, it prohibits the use of deceptive subject lines and false headers in such messages. The FTC is authorized (but not required) to establish a "do-not-email" registry, and certain provisions of CAN-SPAM can be enforced by State attorneys general.
Telephone Consumer Protection Act (TCPA) - 47 U.S. Code section 227. This law puts restrictions on telemarketing calls and on the use of autodialers, prerecorded messages, and fax machines to send unsolicited advertisements.