Senate Bill 272 and Public Records Requests
|Senate Bill 272 (Hertzberg) of 2015 takes effect on July 1, 2016. As signed into law, SB 272 requires special districts and other local agencies to create a catalog of their enterprise systems, make it publicly available at their office, and post it on their websites in a prominent location if they have one.|
An enterprise system is defined in this law as a software application or computer system that collects, stores, exchanges, and analyzes information that the agency uses. The software application must also fall under both of the following categories:
A system of record (which means a system that serves as an original source of data within an agency).
- A multi-departmental system or a system that contains information collected about the public.
Once a system has been identified as an enterprise system, the agency is required to list the system in their SB 272 compliance catalog along with the following information about each system:
- Current system vendor.
- Current system product.
- A brief statement of the system's purpose.
- A general description of categories or types of data.
- The department that serves as the system's primary custodian.
- How frequently the system is updated.
There are a few exemptions in which an agency is not required to list certain enterprise systems in the catalog. Those exemptions are:
- Information technology security systems, including firewalls and other cybersecurity systems.
- Physical access control systems, employee identification management systems, video monitoring, and other physical control systems.
- Infrastructure and mechanical control systems, including those that control or manage street lights, electrical, natural gas, or water or sewer functions.
- Systems related to 911 dispatch and operation or emergency services.
- Information security records of a public agency that would reveal vulnerabilities to, or otherwise increase the potential for an attack on, an information technology system of a public agency.