SB 293: "An Act relating to electronic communication devices and to personal information."
00 SENATE BILL NO. 293 01 "An Act relating to electronic communication devices and to personal information." 02 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF ALASKA: 03 * Section 1. AS 45 is amended by adding a new chapter to read: 04 Chapter 48. Electronic Communication Devices. 05 Sec. 45.48.010. Label and information required. (a) A provider of an active 06 electronic communication device shall label the electronic communication device, an 07 item it is part of, or the packaging of the device or item clearly and conspicuously with 08 a universally accepted symbol for radio frequency identification technology, and 09 (1) distribute information to the consumer that explains the meaning of 10 the universally accepted symbol; or 11 (2) post a sign on the premises where the electronic communication 12 device is sold or issued that 13 (A) indicates that the provider is selling or issuing an electronic 14 communication device; 15 (B) explains the universally accepted symbol;
01 (C) explains how an electronic communication device may 02 send, gather, or transmit information about the consumer that can be read by an 03 unauthorized third party; and 04 (D) states whether it is technically feasible to deactivate the 05 electronic communication device, and, if technically feasible to deactivate the 06 electronic communication device, provide instructions on 07 (i) the specific location of the electronic communication 08 device in the item, if it is part of another item; and 09 (ii) how the consumer may deactivate the electronic 10 communication device. 11 (b) In this section, "universally accepted symbol" means a graphical system 12 designed to provide a standard way to show the presence, frequency, and data 13 structure of a radio frequency identification transponder; in this paragraph, 14 "transponder" means a wireless communications, monitoring, or control device that 15 picks up and automatically responds to an incoming signal. 16 Sec. 45.48.020. Consent required. Before the sale or issuance of an electronic 17 communication device, a provider of an electronic communication device that 18 transmits personal information about a consumer shall, in addition to complying with 19 the requirements of AS 45.48.010, notify the consumer that the electronic 20 communication device transmits personal information about the consumer and obtain 21 the consent of the consumer under AS 45.48.070 for the collection, maintenance, and 22 disclosure of information gathered by the electronic communication device about the 23 consumer. 24 Sec. 45.48.030. Deactivation. (a) If a consumer consents under AS 45.48.020 25 to the collection, maintenance, and disclosure of information gathered by an electronic 26 communication device on the consumer but later requests that the provider deactivate 27 the electronic communication device the consumer may be required to pay the costs 28 associated with deactivation. 29 (b) When an electronic communication device has been deactivated under (a) 30 of this section, the provider of the electronic communication device may not make the 31 electronic communication device active without obtaining the consent under
01 AS 45.48.020 of the consumer who purchased the electronic communication device. 02 Sec. 45.48.040. Coercion prohibited. A provider may not coerce a consumer 03 to keep an electronic communication device active in order for the consumer to 04 exchange, return, repair, or service an item that the electronic communication device is 05 a part of. 06 Sec. 45.48.050. Required security measures. (a) At the point of sale or 07 issuance, a provider shall use industry-accepted best standards to ensure that personal 08 information collected by using the electronic communication device is secure from 09 unauthorized access, loss, and tampering. 10 (b) A provider who retains personal information gathered through an 11 electronic communication device shall implement adequate security measures to 12 ensure that personal information collected by using the electronic communication 13 device is secure from unauthorized access, loss, and tampering. The security measures 14 must be consistent with the amount and sensitivity of the personal information being 15 stored on the system. 16 Sec. 45.48.060. Remote scanning and reading. (a) A person may not 17 remotely scan, read, attempt to remotely scan, or attempt to remotely read an 18 electronic communication device to obtain personal information on a consumer 19 without obtaining the consumer's consent under AS 45.48.070. 20 (b) This section does not prohibit scanning or reading an electronic 21 communication device or using information gathered through an electronic 22 communication device to 23 (1) comply with federal or state law; 24 (2) comply with a properly authorized civil, criminal, administrative, 25 or regulatory investigation, subpoena, or summons by an agency of the federal 26 government, state government, or a municipality; or 27 (3) respond to a judicial process or, for examination, compliance, or 28 other purposes authorized by law, to a government regulatory authority having 29 jurisdiction over the person. 30 Sec. 45.48.070. Forms of consent. (a) The consent required by AS 45.48.020 31 and 45.48.030 may be made by
01 (1) an electronic or written record; the record must, at a minimum, 02 clearly and conspicuously state the provider's privacy policy and the manner in which 03 information relating to the consumer will be collected and disseminated; or 04 (2) a deliberate act that indicates that the consumer volunteers to be 05 identified with the use of personal information gathered by, or contained within, an 06 electronic communication device; in this paragraph, "deliberate act" includes a 07 consumer voluntarily submitting the consumer's electronic communication device for 08 scanning or reading for the purpose of completing a wholesale or retail transaction. 09 (b) Consent under (a)(2) of this section that is obtained in one specific 10 situation may not apply to another specific situation unless the provider obtains in a 11 written contract the consumer's permission to apply the consent to more than one 12 specific situation. 13 Sec. 45.48.080. Enforcement. (a) The attorney general may bring an action 14 against a person who violates this chapter to enjoin further violations and to recover 15 the greater of 16 (1) the actual damages suffered by a consumer; or 17 (2) $10,000 for each separate violation. 18 (b) In (a) of this section, if multiple violations of this chapter result from a 19 single act or instance of conduct, the multiple violations are considered one violation. 20 (c) In an action under (a) of this section, a court may 21 (1) increase the damages up to three times the damages allowed by (a) 22 of this section if the person who violated this chapter has engaged in a pattern and 23 practice of violating this chapter; and 24 (2) award costs and attorney fees as provided by the rules of court. 25 Sec. 45.48.095. Definitions. In this chapter, 26 (1) "active" means not disabled, not deactivated, or not removed from 27 another item; 28 (2) "clearly and conspicuously" means reasonably understandable and 29 designed to call attention to the nature and significance of the information being 30 conveyed; 31 (3) "consumer" means an individual who buys or is issued an
01 electronic communication device for use in this state; 02 (4) "data" means signs, signals, writing, images, sounds, and other 03 information; 04 (5) "deactivate" means to disable, deactivate, or remove from an item; 05 (6) "electronic communication device" means an electronic device, 06 whether sold or issued by itself or as part of another item, that uses radio frequency 07 identification technology in 08 (A) the 902 - 928 MHz frequency range or the 2.4 GHz 09 frequency authorized by the Federal Communications Commission; or 10 (B) another frequency range authorized by the Federal 11 Communications Commission for radio frequency identification technology; 12 (7) "person" has the meaning given in AS 01.10.060, but expressly 13 includes an agency of this state, a municipality of this state, or an agency of a 14 municipality of this state; "person" does not include an agency in the judicial branch 15 of the government of this state; 16 (8) "personal information" means one of the following data elements 17 about a consumer whether used alone or with other information to identify the 18 consumer: 19 (A) first or last name; 20 (B) social security number; 21 (C) driver's license number or state identification card; 22 (D) bank account number or other financial institution account 23 number; 24 (E) credit card number or debit card number; 25 (F) automated or electronic signature; 26 (G) unique biometric data; 27 (H) an unlisted telephone number; 28 (I) medical information; 29 (J) address; 30 (K) date of birth; 31 (L) ethnicity or nationality;
01 (M) religion; 02 (N) political affiliation; 03 (O) sexual orientation; 04 (P) a private group affiliation not available in the public 05 domain; 06 (9) "provider" means a person who sells, offers to sell, or issues an 07 electronic communication device; in this paragraph, "sell" does not mean resale by a 08 consumer; 09 (10) "radio frequency identification" means a tagging and tracking 10 technology that uses electronic devices to transmit information to a remote reader.