Added by Stats. 2005, Ch. 437, Sec. 1. Effective January 1, 2006.
This chapter shall be known and may be cited as the Anti-Phishing Act of 2005.
Chapter 33 - Anti-Phishing Act of 2005
California Business and Professions Code — §§ 22948-22948.3
Sections (11)
Added by Stats. 2005, Ch. 437, Sec. 1. Effective January 1, 2006.
For the purposes of this chapter, the following terms have the following meanings:
(a)“Electronic mail message” means a message sent to a unique destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox (commonly referred to as the “local part”) and a reference to an Internet domain (commonly referred to as the “domain part”), whether or not displayed, to which an electronic message can be sent or delivered.
(b)“Identifying information” means, with respect to an individual, any of the following:
(1)Social security number.
(2)Driver’s license number.
(3)Bank account number.
(4)Credit card or debit card number.
(5)Personal identification number (PIN).
(6)Automated or electronic signature.
(7)Unique biometric data.
(8)Account password.
(9)Any other piece of information that can be used to access an individual’s financial accounts or to obtain goods or services.
(c)“Internet” shall have the meaning as defined in paragraph (6) of subdivision (f) of Section 17538.
(d)“Web page” means a location that has a single uniform resource locator or other single location with respect to the Internet.
Added by Stats. 2005, Ch. 437, Sec. 1. Effective January 1, 2006.
It shall be unlawful for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business.
Added by Stats. 2005, Ch. 437, Sec. 1. Effective January 1, 2006.
(a)The following persons may bring an action against a person who violates or is in violation of Section 22948.2:
(1)A person who (A) is engaged in the business of providing Internet access service to the public, owns a Web page, or owns a trademark, and (B) is adversely affected by a violation of Section 22948.2.
An action brought under this paragraph may seek to recover the greater of actual damages or five hundred thousand dollars ($500,000).
(2)An individual who is adversely affected by a violation of Section 22948.2 may bring an action, but only against a person who has directly violated Section 22948.2.
An action brought under this paragraph may seek to enjoin further violations of Section 22948.2 and to recover the greater of three times the amount of actual damages or five thousand dollars ($5,000) per violation.
(b)The Attorney General or a district attorney may bring an action against a person who violates or is in violation of Section 22948.2 to enjoin further violations of Section 22948.2 and to recover a civil penalty of up to two thousand five hundred dollars ($2,500) per violation.
(c)In an action pursuant to this section, a court may, in addition, do either or both of the following:
(1)Increase the recoverable damages to an amount up to three times the damages otherwise recoverable under subdivision (a) in cases in which the defendant has engaged in a pattern and practice of violating Section 22948.2.
(2)Award costs of suit and reasonable attorney’s fees to a prevailing plaintiff.
(d)The remedies provided in this section do not preclude the seeking of remedies, including criminal remedies, under any other applicable provision of law.
(e)For purposes of paragraph (1) of subdivision (a), multiple violations of Section 22948.2 resulting from any single action or conduct shall constitute one violation.
Added by Stats. 2015, Ch. 524, Sec. 1. (AB 1116) Effective January 1, 2016.
(a)A person or entity shall not provide the operation of a voice recognition feature within this state without
prominently informing, during the initial setup or installation of a connected television, either the user or the person designated by the user to perform the initial setup or installation of the connected television.
(b)Any actual recordings of spoken word collected through the operation of a voice recognition feature by the manufacturer of a connected television for the purpose of improving the voice recognition feature, including, but not limited to, the operation of an accessible user interface for people with disabilities, shall not be sold or used for any advertising purpose.
(c)Any actual recordings of spoken word collected
through the operation of a voice recognition feature by a third party contracting with a manufacturer for the purpose of improving the voice recognition feature, including, but not limited to, the operation of an accessible user interface for people with disabilities, shall not be sold or used for any advertising purpose.
(d)A person or entity shall not compel a manufacturer or other entity
providing the operation of a voice recognition feature to build specific features for the purpose of allowing an investigative or law enforcement officer to monitor communications through that feature.
(e)A manufacturer shall only be liable for functionality provided at the time of the original sale of a connected television and shall not be liable for functionality provided by applications
that the user chooses to use in the cloud or are downloaded and installed by a user.
(f)This chapter shall not apply to any product or service provided by a company covered under Section 637.5 of the Penal Code.
Added by Stats. 2015, Ch. 524, Sec. 1. (AB 1116) Effective January 1, 2016.
For purposes of this chapter, the following definitions shall apply:
(a)“Connected television” means a video device designed for home use to receive television signals and reproduce them on an integrated, physical screen display that exceeds 12 inches, except that this term shall not include a personal computer, portable device, or a separate device that connects physically or wirelessly to a television, including, but not limited to, a set-top box, video game console, or digital video recorder.
(b)“User” means a person who originally
purchases, leases, or takes ownership of a connected television. A person who is incidentally recorded when a voice recognition feature is activated by a user shall not be deemed to be a user.
(c)“Voice recognition feature” means the function of a connected television that allows the collection, recording, storage, analysis, transmission, interpretation, or other use of spoken words or other sounds, except that this term shall not include voice commands that are not recorded or transmitted beyond the connected television.
Added by Stats. 2015, Ch. 524, Sec. 1. (AB 1116) Effective January 1, 2016.
Any waiver of the provisions of this chapter is contrary to public policy and void and unenforceable.
Added by Stats. 2015, Ch. 524, Sec. 1. (AB 1116) Effective January 1, 2016.
(a)Actions for relief pursuant to this chapter may be prosecuted exclusively in a court of competent jurisdiction in a civil action brought in the name of the people of the State of California by the Attorney General or by any district attorney. This chapter shall not be deemed to create a private right of action, or limit any existing private right of action.
(b)A court may enjoin a person who knowingly engages, has engaged, or proposes to engage, in a violation of this chapter. The court may make any orders or judgments as may be necessary to prevent a violation of
this chapter.
(c)A person who knowingly engages, has engaged, or proposes to engage, in a violation of this chapter shall be liable for a civil penalty not to exceed two thousand five hundred dollars ($2,500) for each connected television sold or leased in violation of this chapter. If the action is brought by the Attorney General, the penalty shall be deposited into the General Fund. If the action is brought by a district attorney, the penalty shall be paid to the treasurer of the county in which the judgment was entered.
Added by Stats. 2015, Ch. 524, Sec. 1. (AB 1116) Effective January 1, 2016.
The remedies or penalties provided by this chapter are cumulative to each other and to the remedies or penalties available under all other laws of the state.
Added by Stats. 2015, Ch. 524, Sec. 1. (AB 1116) Effective January 1, 2016.
The provisions of this chapter are severable. If any provision of this chapter or its application are held to be invalid, that invalidity shall not affect other provisions or applications that can be given effect without the invalid provision or application.
Added by Stats. 2025, Ch. 676, Sec. 2. (SB 50) Effective January 1, 2026.
For purposes of this chapter, the following definitions apply:
(a)“Account manager” means a person or entity that provides an individual an internet-based or app-based user account, or a third party that manages those user accounts on behalf of that person or entity, that has authority to make decisions regarding user access to those user accounts.
(b)(1) “Connected device” means any device, or other physical object that is capable of connecting to the internet, directly or indirectly, and that is assigned an internet protocol address or Bluetooth address or enables a person to remotely obtain data
from or send commands to a connected device or account, which may be accomplished through a software application that is designed to be operated on a mobile device, computer, or other technology.
(2)“Connected device” does not include either of the following:
(A)Peripheral or component devices that are solely dependent on a primary connected device for internet connectivity and that cannot be independently accessed, remotely disabled, or
disconnected by a user or service provider.
(B)A connected device that is more than 10 years old or is no longer supported by the account manager.
(c)(1) “Covered act” means conduct that constitutes any of the following:
(A) A crime described in Chapter 8 (commencing with Section 236) of Title 8 of Part 1 of the Penal Code.
(B) A crime described in Chapter 1 (commencing with Section 261), Chapter 2 (commencing with Section 270), Chapter 2.5 (commencing with Section 273.8), Chapter 4 (commencing with Section 277), Chapter 5 (commencing with Section 281),
Chapter 5.5 (commencing with Section 290), Chapter 7.5 (commencing with Section 311), Chapter 7.6 (commencing with Section 313), or Chapter 8 (commencing with Section 314) of Title 9 of Part 1 of the Penal Code.
(C) An act under federal law, tribal law, or the Uniform Code of Military Justice that is similar to an offense described in subparagraph (A), (B), (D), or (E).
(D) Domestic violence, as defined in Section 6211 of the Family Code.
(E) A misdemeanor described in subdivision (e) of Section 243 of the Penal Code.
(2)Nothing in paragraph (1) shall be construed to require a criminal conviction or any other determination of a court in order for
conduct to constitute a covered act.
(d)“Device access” means the ability to remotely control a connected device, remotely change the characteristics of a connected device, or remotely view or manipulate data collected by or through a connected device, by accessing a user account or accounts associated with the connected device. Acts that require device access include, but are not limited to, remotely manipulating an audio system, security system, light fixture, or other home appliance or fixture.
(e)“Device protection request” means a request by a survivor to terminate or disable a perpetrator’s access to a connected device or account, including, but not limited to, the ability of a person to obtain data from or send commands to a connected device or account.
(f)“Perpetrator” means an individual who has committed or allegedly committed a covered act against a survivor or an individual under the care of a survivor.
(g)“Survivor” means an individual who has had a covered act committed, or allegedly committed, against the individual, or who cares for another individual against whom a covered act has been committed or allegedly committed, provided that the individual providing care did not commit or allegedly commit the covered act.
(h)“User account or account” means an account or other means by which a person enrolls in or obtains access to a connected device or online service.