SB 272 Catalog of Enterprise Systems
Senate Bill 272 was approved by Former Governor Jerry Brown in October 2015, adding Section 6270.5 to the California Public Records Act (Government Code Sections 6250-6276.48).
As of July 1, 2016, SB 272 requires local agencies (excluding school districts) to create a catalog of all enterprise systems that contain information collected about the public, make it available to the public upon request, and post it on their website should they have one.
What is covered by SB 272?
Section 6270.5 defines an enterprise system as a software application or computer system that collects, stores, exchanges, and analyzes information that the agency uses that is both of the following:
a multi-departmental system or a system that contains information collected about the public; and
is a system of record that serves as an original source of data within an agency.
This Section cannot be interpreted to limit a person’s right to inspect public records. Additionally, nothing in this Section can be construed to permit public access to records held by an agency to which access is otherwise restricted by statute or to alter the process for requesting public records.
What is required in the catalog?
For each enterprise system included in the catalog, agencies must disclose:
Current system vendor.
Current system product.
A brief statement of the system’s purpose.
A general description of categories or types of data.
The department that serves as the system’s primary custodian.
How frequently system data is collected.
How frequently system data is updated.
What is excluded?
Enterprise systems do not include:
information technology security systems, including firewalls and other cybersecurity systems;
physical access control systems, employee identification management systems, video monitoring, and other physical control systems;
infrastructure and mechanical control systems, including those that control water or sewer functions;
systems that would be restricted from disclosure pursuant to Section 6254.19; and
the specific records that the information technology system collects, stores, exchanges, or analyzes.