SB 293-ELECTRONIC COMMUNICATION DEVICES 1:37:31 PM CHAIR ELLIS announced SB 293 to be up for consideration. TREVOR FULTON, staff to Senator McGuire, sponsor of SB 293, recapped that this is a consumer protection bill protecting personal privacy and preventing theft of personal identity. The state currently doesn't have any regulation on the books and this brings state statutes up to date with this growing technology. CHAIR ELLIS asked him to explain the concerns that were expressed since the last hearing. 1:38:51 PM SENATOR BUNDE joined the committee. MR. FULTON responded that the proposed CS addressed some of those concerns. In response to Senator Bunde's question whether SB 293 was a proactive bill or addressed current problem, he reported that Ed Sniffen, Assistant Attorney General, said identity theft as a result of radio frequency identification (RFID) would be difficult to prove, but he thought it had probably already happened. Senator Bunde's second concern was how SB 293 would affect the use of federal documents like passports. Mr. Fulton said Legal Services decided it wouldn't affect federal regulations regarding those types of documents, but the CS excludes passports and other government-issue travel documents. A third question came up through public testimony about whether similar laws exist in other states. The short answer is no, but RFID has only been on the public radar for the last three years. It surfaced in 2005 and since then 50 pieces of legislation have been introduced in 27 states about it. SENATOR BUNDE said that addressed his concerns. SENATOR ELLIS asked Mr. Fulton to go through the CS. 1:41:55 PM MR. FULTON said that after discussions with the Attorney General's office, the bill drafter, the Electronic Privacy Information Center and Dr. Oliver Hedgecut, Professor of Logistics at UAA, the sponsor decided to incorporate the following changes into the draft CS. The first change is in the title that adds violations of this act to a long list of unfair trade practices already in statute. The second change is on page 1, line 7, and deletes "active" that was used in the RFID industry as a very specific term to differentiate between an active RFID device and a passive one. It wasn't used in that sense and they didn't want to cause confusion so it was deleted. The third change is on page 1, line 10, and a couple of other places and replaces "universally accepted symbol" with "industry recognized symbol". The reasoning is there is no "universally acceptable symbol" out there and several different industries use the symbols differently. They also wanted to accommodate those who are already willingly labeling their products with some sort of RFID symbol. On page 2, lines 16-31, a paragraph was deleted that required consumers to pay costs associated with the deactivation of RFID. It was thought putting that burden on the consumer's shoulders was unreasonable. A new paragraph says "a provider must delete any personal information on a reactivated RFID." They didn't want to discourage reuse of the devices, but personal information had to be purged first. The fifth change was on page 3, line 1, that replaced "coerce" and "coercion" with "require" and "requirement". "Coercion" is a stronger term and more open to interpretation, which could make proving a violation of this section more difficult. On page 3, lines 15-16, "remote" was deleted because it is superfluous; all RFID devices scan and read remotely. On page 4, lines 12-14, the "Enforcement" section was deleted because when this was added to the Unfair Trade Practices Act, there was no longer any need to specifically identify enforcement procedures. A new section was added in its place entitled "Exemption" which is where passports and other international travel documents were exempted. On page 4, lines 16-18, the definition of "active" was deleted and definitions for "activate" and "activated" were inserted. 1:47:48 PM This next section had the most substantive change, Mr. Fulton said. On page 4, lines 28-29, "that transmits, receives or stores personal information" was added after "item". This language narrows the focus of the bill only to RFID devices that transmit, receive or store personal information. "Personal information" is defined to include the types of items that consumers tend to be most sensitive about (listed on page 5). They didn't want to unnecessarily burden all the other industries, particularly supply chain management and retail industries that use RFIDs quite a bit. The final change in the CS is on page 6, lines 2-3, where a new section was inserted entitled "Section 2" that adds this act to the list of Unfair Trade Practices. 1:49:07 PM CHAIR ELLIS asked if all concerns had been addressed. MR. FULTON replied yes. DR. OLIVER HEDGECUT, Professor of Logistics, University of Alaska Anchorage, supported SB 160. He stated that Alaska does lead in this area and started its RFID research at UAA with the military. "For that very reason we are a good Petrie dish to experiment with, not only technology, but with laws and I'm very proud to be Alaskan and see that we are talking about this today." He approved of the suggested changes. ED SNIFFEN, Assistant Attorney General, said making data protection and privacy a violation of the Consumer Protection Act was a good move. SENATOR ELLIS said he supported narrowing the bill to personal privacy. 1:52:37 PM SENATOR STEVENS moved to adopt CSSB 293(L&C), version 25- LS1509\C. There were no objections and it was so ordered. 1:53:02 PM SENATOR STEVENS moved to report CSSB 293(L&C) from committee with individual recommendations and attached fiscal notes. There were no objections and it was so ordered.