California's new law may help raise the digital privacy bar

The way in which email and other digital records are handled has garnered broad attention lately as the result of the Hillary Clinton email scandal, as well as other events. Yet many companies remain unsure what existing privacy laws cover when it comes to electronic data.

The federal government is currently working to update the U.S. Electronic Communications Privacy Act of 1986 in an effort to better protect digital content across the country, but many say that proposal doesn’t go far enough.

Currently, under federal law, email providers can divulge the contents of communications stored in cloud email accounts or other remote storage facilities for longer than six months to law enforcement officials without a warrant. The government can also collect location and call information from phones. But the federal law was written before the advent of cloud computing and many other forms of digital communication, so many say it’s outdated. The federal government’s current plan is to revise the law, requiring law enforcement to obtain warrants to search email stored on remote servers.

California goes big

In the meantime, California just passed a new law that provides businesses unprecedented digital privacy protections. The Electronic Communications Privacy Act, which goes into effect on Jan. 1, 2016, is designed to ensure that digital data has the same protections applied to non-digital communications. It prevents law enforcement agencies from compelling a business to turn over any metadata or digital communications without a warrant.

Any entity seeking digital data from a company will soon need a warrant to access emails, texts and documents stored in the cloud or to search and track the location of electronic devices such as mobile phones. In passing the law, California became the first state in the nation to enact a comprehensive law protecting location data, content, metadata and device searches.

California has set the bar pretty high. The new law made it one of just six U.S. states that require a warrant to access electronic content and one of 10 states that have warrant protection for location tracking. According to the American Civil Liberties Union, the California legislation is the “most comprehensive of its kind in the U.S.”

“This is a landmark win for digital privacy and all Californians,” said Nicole Ozer, technology and civil liberties policy director at the ACLU of California in a Wired article. “We hope this is a model for the rest of the nation in protecting our digital privacy rights.”

Digital data overload

The law was partially driven by a huge increase in requests for electronic information from law enforcement. For example, Twitter received 52% more requests for electronic information this year compared to last year.

Interestingly, California’s new law now puts it in conflict with the current federal law. CIOs should watch what happens to the federal bill to see if it ends up being as comprehensive as the California law. Until then, if your company is in California, know that starting January 1, 2016, anyone seeking to search your company’s digital information will need a warrant signed by a judge.