California

Understanding ID Scanning

What is ID Scanning?

ID scanning is a technology that allows businesses to read and electronically save the information stored on a customer’s identification card. This process involves using a device, often a handheld scanner or a mobile app, to capture the data contained in the barcode or magnetic stripe of an ID card.

How Does ID Scanning Work?

ID scanning devices work by reading the machine-readable zone (MRZ) on an ID card, which includes the barcode or magnetic stripe. The MRZ contains information such as the cardholder’s full name, date of birth, ID expiration date, and other relevant data. Once the MRZ is scanned, the device decodes this information and displays it, allowing the business to verify the cardholder’s details.

California ID Scanning Laws: An Overview

Brief History of ID Scanning Laws in California

California has always been at the forefront of privacy protection laws in the United States. The state’s approach to ID scanning laws is no exception. Over the years, California has enacted several laws to regulate the collection, use, and disclosure of information obtained from scanning identification cards.

Current Status of ID Scanning Laws in California

The primary law governing ID scanning in California is the California Civil Code Section 1798.90.1. This law places restrictions on businesses regarding what information they can collect from scanning a driver’s license or identification card, how they can use this information, and to whom they can disclose it.

Legal Provisions for ID Scanning in California

California Civil Code Section 1798.90.1

According to the California Civil Code Section 1798.90.1, a business can swipe an individual’s driver’s license or identification card only to verify age or authenticity of the ID, or to comply with a legal requirement. The business cannot retain or use the information for other purposes unless it obtains the individual’s consent.

California Business and Professions Code Section 25660

In the context of hotels, the California Business and Professions Code Section 25660 is also relevant. This law allows businesses to scan IDs to verify a customer’s age when providing age-restricted goods or services, such as alcohol.

Permissible Uses of Scanned ID Information in California

Under California law, a retailer, including a hotel, is allowed to retain and use information obtained from IDs only for the following purposes:

Verifying a Customer’s Age

This is particularly relevant for hotels that serve alcohol. By scanning an ID, the hotel can verify that a guest is of legal drinking age.

Establishing a Customer’s Identity

Hotels often need to confirm the identity of their guests for security reasons. ID scanning provides a quick and reliable method for doing so.

Confirming a Customer’s License Status to Operate a Vehicle

While this may not be directly applicable to most hotels, it could be relevant for establishments that offer valet parking services.

Disclosure of Scanned ID Information

California law also regulates the disclosure of information obtained from ID scanning. A retailer can disclose such information to:

To Other Businesses for Specific Purposes

These purposes include verifying a check payment, evaluating creditworthiness, detecting or reducing the risk of fraud, abuse, identity theft or other crimes, collection activities, or confirming that a customer has met the motor vehicle financial responsibility requirements.

To Department of Transportation, Insurance Licensees, Notaries, Financial Institutions, and Law Enforcement Agencies

Disclosure to these entities is permitted under specific circumstances, such as when required by law or when necessary to prevent fraud.

ID Scanning in Hotels: A Closer Look

Why Hotels Need to Scan IDs?

Hotels have a legitimate need to scan IDs. This practice helps them verify the identity of their guests, maintain accurate records, ensure the safety of their premises, and comply with legal requirements, such as age verification for alcohol service.

How Hotels Use Scanned ID Information?

Hotels primarily use scanned ID information to verify a guest’s identity and age. However, with the guest’s consent, they may also use this information for other purposes, such as personalizing the guest’s stay or providing tailored services.

Best Practices for ID Scanning in Hotels

Ensuring Compliance with Laws

Hotels must ensure that their ID scanning practices comply with all relevant laws. This includes not only the California Civil Code Section 1798.90.1 and the California Business and Professions Code Section 25660 but also other applicable federal and state laws.

Protecting Customer Privacy

Hotels must also take steps to protect the privacy of their guests. This includes securing the stored data, limiting access to this data, and not retaining the data longer than necessary.

Penalties for Non-Compliance with ID Scanning Laws

Legal Consequences

Non-compliance with ID scanning laws can result in legal consequences, including lawsuits, fines, and penalties.

Financial Penalties

In addition to legal consequences, non-compliance can also result in financial penalties. For instance, under the California Civil Code Section 1798.90.1, a person who suffers damage as a result of a violation of this law can bring a civil action to recover damages.

California Consumer Privacy Act of 2018

The California Consumer Privacy Act (CCPA) of 2018 is another crucial piece of legislation that impacts how hotels handle the personal information of their guests, including the information obtained from ID scanning.

The CCPA provides California residents with specific rights regarding their personal information. These rights include:

1. The Right to Know: Consumers have the right to request that a business disclose the categories and specific pieces of personal information it collects, uses, discloses, and sells.

2. The Right to Delete: Consumers have the right to request the deletion of their personal information collected by a business.

3. The Right to Opt-Out: Consumers have the right to direct a business not to sell their personal information.

4. The Right to Non-Discrimination: A business cannot discriminate against a consumer for exercising their CCPA rights.

For hotels, this means that they must be transparent about their data collection practices, including ID scanning, and must provide guests with the ability to access, delete, or opt-out of the sale of their personal information. Non-compliance with the CCPA can result in hefty fines and penalties.

It’s important to note that the CCPA applies to any business that collects consumers’ personal data, does business in California, and satisfies at least one of the following: has annual gross revenues in excess of $25 million; buys, receives, or sells the personal information of 50,000 or more consumers, households, or devices; or derives 50% or more of its annual revenues from selling consumers’ personal information.

In the context of ID scanning, hotels must ensure that their practices align with the requirements of the CCPA. This includes providing clear and accessible privacy notices, promptly responding to consumer requests, and implementing robust security measures to protect collected data.

Conclusion

Understanding California ID Scanning laws and regulations, including the CCPA, is crucial for hotels operating in the state. By complying with these laws, hotels can ensure a smooth operation, avoid legal troubles, and most importantly, protect the privacy and trust of their guests. As these laws may change over time, it’s essential for hotels to stay updated and regularly review their ID scanning practices.

Please note that this information is intended to provide a general overview and does not constitute legal advice. Always consult with a legal professional for advice specific to your situation