California Senate Bill 272 (SB 272)
The State of California enacted Senate Bill 272 (SB 272) on October 11, 2015,
which adds section 6270.5 to the California Public Records Act (the "Act,"
Government Code Sections 6250-6276.48. Section 6270.5 requires local agencies
to make publicly available a catalog of application software (“Enterprise System”)
that is used enterprise-wide.
Which Enterprise Systems are Covered by SB 272
Section 6270.5 defines an enterprise system as a software application or computer
system that collects, stores, exchanges, and analyzes information that the agency
uses that is (1) a multi-departmental system or system that contains information
collected about the public and (2) a system of record. A system of record means a
system that serves as an original source of data within an agency. Stated plainly,
SB 272 requires local agencies to create a catalog of multi-departmental systems or
systems containing information about the public that store original records and post
the catalog on their agency website.
Which Enterprise Systems are Excluded by SB 272
Enterprise systems do not include cybersecurity systems, infrastructure and mechanical
control systems, or information that would reveal vulnerabilities to, or otherwise
increase the potential for an attack on, a public agency's IT system. Additionally,
section 6270.5 does not automatically require disclosure of the specific records that
the IT systems collect, store, exchange or analyze, however, the Act's other provisions
pertaining to disclosure of such records still apply.