BILL ANALYSIS                                                                                                                                                                                                    



                                                                     SB 272


                                                                    Page  1





          Date of Hearing:   June 30, 2015


                           ASSEMBLY COMMITTEE ON JUDICIARY


                                  Mark Stone, Chair


          SB  
          272 (Hertzberg) - As Amended June 25, 2015


          SENATE VOTE:  37-0


          SUBJECT:  The California Public Records Act: local agencies:  
          inventory


          KEY ISSUES:  


          1)Should A local agencY, other than a school district, be  
            required to create, post online, and Annually update a catalog  
            of the systems that it uses to collect and manage data?


          2)DO the benefits of this bill justify the potential costs to  
            local agencies and the risk, however small, that posting  
            vendor and product details could expose system  
            vulnerabilities?  


          3)Given that the purpose of Public records ACT is to promote  
            access to existing documents, as opposed to requiring the  
            creation of new documents, should this bill be codified  
            somewhere other than in the public records Act? 









                                                                     SB 272


                                                                    Page  2






                                      SYNOPSIS


          The bill, according to the author, is intended to be a "first  
          step" in a more ambitious effort to bring the data management  
          practices of local governments into the digital age and provide  
          government, business, and private citizens with open access to a  
          growing body of government-collected information.  Specifically,  
          this bill would require a local agency, other than a school  
          district, to create a "catalog" of all information technology  
          systems that it uses to manage data.  The bill does not require  
          the disclosure of particular records or data sets; rather, it  
          requires a local agency to essentially make an inventory and,  
          based on this inventory, create and post online a catalog of its  
          data management systems, hardware, and software applications.   
          The catalog would include specified pieces of information,  
          including the identity of the system vendor and system product.   
          The author hopes that this catalog will provide the state with  
          an inventory of the systems currently used by local agencies, so  
          as to better plan and facilitate the development of more open,  
          accessible, integrated, and modern data management systems.  The  
          bill is supported by a broad coalition of business and labor  
          groups who believe that easily accessible and open data will  
          spur economic growth and improve government services.  The bill  
          is opposed by the local agencies that would be required by the  
          bill to create these catalogs.  Opponents argue that the costs  
          of creating these catalogs will exceed the benefits; that the  
          bill is vague about what "systems" local agencies must include  
          in the catalog; that revealing vendors, products, and custodians  
          of data in the catalog could expose system vulnerabilities and  
          increase security threats; and that the measure imposes a  
          mandate on local government but avoids state reimbursement by  
          inserting the requirement in the Public Records Act.  As noted  
          in the analysis, many areas of concern about the bill remain,  
          but may be resolvable.  However, because the author and  
          stakeholders have been unable to reach agreement on these  
          concerns, the Committee encourages the author to continue  
          working with the opposition.  The bill will be heard in the  








                                                                     SB 272


                                                                    Page  3





          Assembly Local Government should it pass out of this Committee. 


          SUMMARY:  Requires a local agency to create a catalog of  
          information technology systems, as defined, and to make the  
          catalog publicly accessible, as specified.  Specifically, this  
          bill:  


          1)Makes legislative findings and declarations relating to the  
            changing manner in which government data is gathered and  
            maintained; the greater use and volume of electronic data; and  
            the need to make this data accessible in a manner consistent  
            with the California Public Records Act. 


          2)Requires a local agency to create a catalog of its information  
            technology systems, as defined, and to make that catalog  
            publicly available upon request in the office of the clerk of  
            the agency's legislative body.  Requires the local agency to  
            post the catalog in a prominent location on its Internet Web  
            site, if the agency has a Website.


          3)Requires the catalog to disclose a list of the information  
            technology systems used by the agency and, for each system,  
            disclose all of the following:


             a)   Current system vendor.

             b)   Current system product.

             c)   A brief statement of the system's purpose.

             d)   A general description of categories and types of system  
               data. 

             e)   The department that serves as the primary custodian of  








                                                                     SB 272


                                                                    Page  4





               system data.

             f)   How frequently system data is collected and updated. 


          4)Defines "information technology systems" to mean hardware and  
            software that collect, store, exchange, and analyze  
            information that the agency uses.  However, "information  
            technology system" shall not include any of the following:
             a)   Information technology security systems, including  
               firewalls and other cybersecurity systems.

             b)   Systems that would be restricted from disclosure under  
               Government Code Section 6254.19, which generally exempts  
               from disclosure any record that would expose the  
               vulnerabilities of an information technology system of a  
               public agency. 

             c)   The specific records that the information technology  
               system collects, stores, exchanges, or analyzes.


          5)Requires local agencies to complete the catalog required by  
            this bill, and post it online, no later July 1, 2016;  
            thereafter, the agency shall update the catalog annually. 
          EXISTING LAW:  


          1)Provides, under the Public Records Act, that all public agency  
            records are open to public inspection upon request, unless the  
            records are otherwise exempt from public disclosure.   
            (Government Code Section 6250 et seq.  All further statutory  
            references are to this code, unless otherwise indicated.) 


          2)Requires a public agency to make non-exempt electronic public  
            records available to the public in any electronic format in  
            which it holds the information or, if requested, in an  
            electronic format used by the agency to create copies for its  








                                                                     SB 272


                                                                    Page  5





            own or other agency's use.  However, a public agency is not  
            required to release an electronic record in an electronic form  
            if its release would jeopardize or compromise the security or  
            integrity of the original record or of any proprietary  
            software in which it is maintained.  (Section 6253.9.) 


          3)Provides that nothing in the Public Records Act shall be  
            construed to require the disclosure of an information security  
            record of a public agency, if, on the facts of the particular  
            case, disclosure of that record would reveal vulnerabilities  
            to, or otherwise increase the potential for an attack on, an  
            information technology system of a public agency.  (Section  
            6254.19.) 


          FISCAL EFFECT:  As currently in print this bill is keyed fiscal.  



          COMMENTS:  California's Public Records Act (PRA) requires that  
          the documents and "writings" of a public agency be open and  
          available for public inspection, unless they are exempt from  
          disclosure.  (Sections 6250-6270.)  The PRA is premised on the  
          principle that "access to information concerning the conduct of  
          the people's business is a fundamental and necessary right of  
          every person in this state."  A "public record" is defined to  
          mean "any writing containing information relating to the conduct  
          of the public's business prepared, owned, used, or retained by  
          any state or local agency regardless of physical form or  
          characteristics."  A "writing" is defined, in turn, to include  
          any "handwriting, typewriting, printing, photostating,  
          photographing, photocopying, transmitting by electronic mail or  
          facsimile, and every other means of recording upon any tangible  
          thing any form of communication or representation, including  
          letters, words, pictures, sounds, or symbols, or combinations  
          thereof, and any record thereby created, regardless of the  
          manner in which the record has been stored."  (Sections  
          6250-6252.)  








                                                                     SB 272


                                                                    Page  6







          Public Record Access in the Digital Age.  Since the PRA was  
          enacted in 1968, public agencies have increasingly created and  
          maintained records in electronic formats that can be searched,  
          indexed, copied, downloaded, and analyzed in countless and  
          creative ways.  Reflecting this new reality, AB 2799 (Chapter  
          982, Statutes of 2000) required local agencies to disclose  
          non-exempt electronic records, where they existed, in an  
          electronic format, so long as doing so would not compromise the  
          integrity of the record.  Importantly, AB 2799 clarified that  
          "Nothing in this section shall be construed to require the  
          public agency to reconstruct a record in an electronic format if  
          the agency no longer has the record available in an electronic  
          format."  (Section 6253.9(c).)  Similar efforts to promote  
          disclosure of electronic records have occurred at the federal  
          level.  For example, in 2012 President Obama signed a U.S.  
          Office of Management and Budget memorandum directing federal  
          agencies to publish information online and in formats that can  
          be easily accessed, searched, and downloaded online using common  
          browsers and search engines.  The executive memorandum declares  
          that "by December 31, 2019, all permanent electronic records in  
          Federal agencies will be managed electronically to the fullest  
          extent possible for eventual transfer [to the National Archives  
          and Records Administration] in an electronic format." (See OMB,  
          Memorandum M-12-18, August 24, 2012.  
          (  https://www.whitehouse.gov/sites/default/files/omb/memoranda/201 
          2/m-12-18.pdf )


          California has made similar efforts in recent years, albeit with  
          limited success.  For example, SB 1002 (Yee, 2012) originally  
          set out to establish a statewide, integrated, open data portal.   
          In its final version, however, the bill more modestly required  
          the state's Chief Information Officer to conduct a study in  
          order to evaluate how the state might go about providing the  
          public with access to electronic records in an open,  
          standardized, and readily accessible format.  This measure was  
          vetoed by Governor Brown, who noted in his veto message that he  








                                                                     SB 272


                                                                    Page  7





          believed a legislatively-mandated study was not necessary to  
          achieve this objective. 


          In the current legislative session, four bills have been  
          introduced that seek to foster "open data" by one means or  
          another.  Two of these bills apply to state agencies: SB 573  
          (Pan) would have the Governor appoint a Chief Data Office to,  
          among other things, create a statewide "open data portal,"  
          thereby creating a single point of entry to access data from  
          several state agencies.  This bill is currently in the Assembly  
          Accountability and Administrative Review Committee.  Similarly,  
          AB 1215 (Ting) would have created the California Open Data Act  
          to require state agencies to make public data available on an  
          Internet Web portal.  That bill, however, was held in the  
          Assembly Appropriations Committee.  One other bill, in addition  
          to the one which is the subject of this analysis, applies to  
          local agencies.  AB 169 (Maienschein) requires any local agency  
          (other than a school district) that posts an electronic public  
          record on its Internet Web site to post the record in a format  
          that allows the record to be retrieved, downloaded, indexed, and  
          searched by a commonly used Internet search application.  That  
          bill is awaiting hearing in the Senate Judiciary Committee. 


          Purpose of this Bill.  The bill presently before this Committee,  
          SB 272, is the other bill this session that applies to local  
          agencies.  The bill's legislative findings and declarations  
          indicate the measure seeks to move government toward "a more  
          effective digital future" by assisting access to government data  
          through "online portals."  However, unlike the bills discussed  
          above, the substantive provisions of SB 272 do not actually  
          require (or even encourage) local agencies to make existing  
          records more accessible (i.e. in an electronic format), much  
          less create open data portals.  Instead, the author states that  
          SB 272 constitutes a first step toward that a larger "open data"  
          goal.  Specifically, SB 272 would require a local agency (other  
          than a school district) to create a "catalog" of its  
          "information technology systems" - that is, the various hardware  








                                                                     SB 272


                                                                    Page  8





          and software programs that it uses for data management purposes.  
           The bill also requires the catalog to be posted on the agency's  
          Internet Website, if it has one.  The catalog would identify the  
          system used by the agency and include the following information:  
          (1) the current system vendor; (2) the current system product;  
          (3) a brief statement of the system's purpose; (4) a general  
          description of the categories and types of data used in the  
          system; (5) the department that serves as the custodian of the  
          system data; (6) how frequently system data is collected; and  
          (7) how frequently system data is updated. 


          Definition of "Information Technology System" A Work In  
          Progress.  A prior version of this bill required a local agency  
          to create a catalog of the "enterprise systems" that it uses.   
          However, many stakeholders representing local agencies  
          reasonably expressed that the definition of "enterprise system"  
          in the bill was vague and uncertain.  The Committee's search of  
          the Internet and other sources turned up no consistent  
          definition of the term "enterprise systems," although several  
          definitions collectively suggested an "integrated" information  
          technology system that an "enterprise" (a private or public  
          sector entity) uses to manage data across its several  
          departments or divisions.  The term "enterprise system" is not  
          used elsewhere in statute.  A more common and familiar term,  
          "information technology system," is used in the PRA.  As most  
          recently amended, this bill uses the term "information  
          technology system," rather than "enterprise system."  It defines  
          "information technology system" to mean the hardware and  
          software that the agency uses to collect, store, exchange, and  
          analyze the information that it collects.  Perhaps more  
          significantly, the bill excludes certain items from the  
          definition of "information technology system," specifically  
          information technology security systems, including firewalls and  
          other cybersecurity systems; records that would reveal  
          vulnerabilities to, or otherwise increase the potential for an  
          attack on, an information technology system of a public agency;  
          and the specific records that the information technology system  
          collects, stores, exchanges, or analyzes. 








                                                                     SB 272


                                                                    Page  9







          Although the definition of "information technology system" in  
          this bill remains too opened-ended, according to the opponents  
          of this bill, the overall purpose of the catalog is intended to  
          create an inventory of the computer systems, including  
          especially data management hardware and software, that a local  
          agency use to handle the data it collects.  Opponents fear the  
          existing definition is still "overly broad and would require  
          that agencies list systems that are for internal purposes" that  
          would not be of use to persons seeking access to public records.  
           As noted below, the author and stakeholders may wish to  
          continue refining the definition of "information technology  
          system" if the bill passes out of this Committee and is referred  
          to the Assembly Local Government Committee. 


          Outstanding Issues and Concerns.  This bill has been the subject  
          of numerous discussions between the author's office, Committee  
          staff, and associations representing local government entities  
          throughout the state.  Although the most recent amendments  
          address many of the concerns of local agency representatives,  
          significant issues remain unresolved.  The most important  
          concerns and sources of opposition relate to determining which  
          "information technology systems" must be included in the  
          catalog; whether vendor name and system product must be included  
          in the catalog; which local government office should be in  
          charge of creating and maintaining the catalog; and whether or  
          not the bill is properly placed in the Public Records Act.  More  
          generally, opponents question whether the uncertain benefits of  
          the legislation are worth the time and money that will be  
          necessary for local agencies to comply with the bill's  
          provisions.  The remainder of this analysis takes up these  
          issues in turn and recommends that the author commit to working  
          with stakeholders to address these concerns if the bill moves  
          out of this Committee and to the Assembly Local Government  
          Committee. 










                                                                     SB 272


                                                                    Page  10





          Limiting Scope of "Information Technology Systems" to the  
          Agency's "Core Services."  Opponents argue that the catalog  
          should be restricted to those "information technology systems"  
          that serve the "core functions" or "core services" of the local  
          agency.  They argue that without such a limitation the catalog  
          could become unwieldy, as the agency would be required to  
          include every piece of hardware and every software application  
          that has been downloaded onto every one of the agency's  
          computers.  For example, an Excel spreadsheet for routine  
          internal office operations could be construed as an "information  
          technology system" under this bill. 


          The problem with this proposal, however, is that "core services"  
          and "core functions" can be just as vague and uncertain as  
          "information technology system" or "enterprise system."  The  
          Urban Counties Caucus has suggested to Committee staff that  
          "core services" could be defined as those which are "essential  
          to the public's health and safety."  For a county, this could  
          include roads, jail, law enforcement, public mental health and  
          other social services.  However, because different agencies  
          provide different services, it would be difficult to develop a  
          definition of what constitutes "core services" for all agencies.  
           Nonetheless, opponents are probably correct that the existing  
          definition is too broad and would need to be limited in some  
          way.  The Committee urges the author to continue working with  
          stakeholders to develop a more circumscribed definition of  
          "information technology systems" if the bill moves forward. 


          Inclusion of System Vendor and System Product.  Another major  
          issue concerns whether an agency should be required to include  
          the system vendor and product in the catalog it creates and  
          posts on its Website.  Several of the letters of opposition  
          contend that including this information will create a  
          cybersecurity risk.  Opponents claim that providing this  
          information will make it easier for hackers and malware  
          distributors, who are familiar with the vulnerabilities unique  
          to certain brands of software or hardware, to breach or  








                                                                     SB 272


                                                                    Page  11





          otherwise compromise agency systems and databases.  The author  
          correctly points out, however, that contracts with service  
          providers are already subject to public records requests, and  
          therefore hackers who wanted to get this information could do so  
          under existing law.  Opponents reasonably counter that the  
          catalog will make it considerably easier for hackers by  
          obviating the need for multiple and often time-consuming request  
          for public records and giving hackers the information that they  
          need in a single location.  In addition, hackers may be  
          reluctant to make public record requests that will leave a trail  
          of their activity.  Finally, opponents contend that contracts do  
          not always contain the most up-to-date information, as updates  
          and new products may be uploaded to the system without a change  
          in the contract.  However, even if the security risk is small,  
          the Committee may wish to inquire how knowing vendor and product  
          information will help the public better access public records.   
          Members of the public generally want access to public records,  
          not the name of the vendor that operates the system managing  
          those records.   


          Who is Responsible for the Catalog?  This bill requires that the  
          catalog be available upon request "in the office of the clerk of  
          the agency's legislative body."  If the clerk is responsible for  
          making the catalog available upon request, then presumably the  
          clerk is also responsible for maintaining the catalog in its  
          office and, presumably, keeping the catalog up to date.  The  
          California Association of Clerks and Elections Officials (CACEO)  
          opposes this bill, unless it is amended, and one of the  
          association's requested amendments is for the bill to leave it  
          up to the legislative body to determine which public entity or  
          official shall have responsibility for maintaining and updating  
          the catalog and responding to requests.  In some cases, the  
          legislative body may choose to assign responsibility to the  
          clerks.  In other cases, it may opt to assign responsibility to  
          a Chief Information Office, or an IT specialist.  At any rate,  
          it seems reasonable for the legislative body to assign the  
          responsibility for maintaining the catalog and making it  
          available upon request to the party it chooses, who may or may  








                                                                     SB 272


                                                                    Page  12
                                                               




          not be the clerk of the legislative body. 


          Should this bill be placed in the Public Records Act?  Although  
          the intent language in this bill proclaims that it serves the  
          purposes of the Public Records Act and Section 3 of Article 1 of  
          the California Constitution, this claim may be open to debate.   
          As an opponent of this bill concisely states, "SB 272 deals with  
          a listing of data systems. CPRA deals with records."  


          The purpose of the PRA is to ensure that people have the right  
          to access "the writings of public officials and agencies."   
          Although the PRA does not say so expressly, it is clear from the  
          legislative history of the PRA, case law interpreting the PRA,  
          and the overall statutory scheme that the purpose of the PRA is  
          to give people access to existing documents that are created and  
          maintained by a public agency in the normal course of its  
          business.  (As discussed in Rogers v. Superior Court (1993) 19  
          Cal.App.4th 469, agencies are not required to recreate documents  
          that have been destroyed or discarded, and thus it would seem to  
          follow that agencies cannot be required to create documents that  
          do not already exist.)  To be sure, this case law has focused on  
          the agency's obligation to the demands of a requester, not to  
          the demands of the Legislature.  But since PRA was enacted in  
          1968, it has hewed to this purpose by addressing required  
          disclosures and exemptions the existing documents created and  
          maintained by public agencies; the Legislature has not, under  
          the PRA, required an agency to create new documents. 


          This proposal appears to expand the purpose of the PRA by  
          requiring the creation of new documents.  The Committee could  
          not find any other provision of the PRA that requires an agency  
          to create a document in this manner.  More revealingly,  
          provisions of the Government Code that do require the creation  
          of documents are not included within the sections that  
          constitute the Public Records Act (Sections 6250-6270, which  
          constitute Chapter 3.5 of Title 1, Division 7 of the Government  








                                                                     SB 272


                                                                    Page  13





          Code), even though those provisions may be tangentially related  
          to public records and information practices.  For example,  
          Government Code Section 11015.5 requires every state agency that  
          collects personal information electronically on the Internet, as  
          specified, to prominently display specified information about  
          the types of personal information it collects and the purpose  
          for which the information is collected.  The section that would  
          be created by this bill appears to have more in common with this  
          provision than it does with the provisions of the Public Records  
          Act dealing with existing records.  


          The placement of this bill's language in the PRA is likely an  
          attempt to avoid the creation of a reimbursable local mandate.   
          The California Constitution provides that whenever the  
          Legislature or any state agency mandates a new program or higher  
          level of service on a local government, the state shall  
          reimburse the local government for the costs of that program or  
          increased level of service.  (Cal. Const. art. XIII B, Section 6  
          [Also See Section 17514, which codifies this principle].)   
          However, Proposition 42 amended the state constitution to  
          eliminate the state's responsibility to pay local governments  
          for the costs that they incur in complying with the Public  
          Records Act.  Historically those costs have included the  
          relatively modest burden of locating and physically retrieving  
          existing documents if and when a public record request is made.   
          Copying costs may be offset by modest fees collected from the  
          requester, so long as the fees do not exceed the actual costs of  
          copying documents.   


          Since Proposition 42 was approved by the voters in 2014, there  
          is more at stake for local governments when it comes to  
          legislative proposals for amending the PRA.  Most notably, in  
          its official analysis of Proposition 42, the Legislative  
          Analyst's Office warned of the possibility that the state  
          legislature might be tempted to place new mandates in the Public  
          Records Act in order to avoid reimbursing local governments.   
          Specifically, the LAO summary wrote the following when  








                                                                     SB 272


                                                                    Page  14





          estimating the potential costs to local governments: 


             Potential Effect on Local Costs: The measure could also  
             change the future behavior of state officials. This is  
             because under Proposition 42, the state could make changes  
             to the Public Records Act and it would not have to pay  
             local governments for their costs. Thus, state officials  
             might make more changes to this law than they would have  
             otherwise. In this case, local governments could incur  
             additional costs-potentially in the tens of millions of  
             dollars annually in the future.  [Emphasis added.]


          Unlike past amendments to the Public Records Act, this bill  
          does not exempt a category of public records from disclosure,  
          remove an existing exemption, or require the disclosure of an  
          existing document.  Indeed, the bill says nothing about what  
          records should or should not be disclosed, which is the  
          primary purpose of the Public Records Act.  Rather, this bill  
          would require local agencies to conduct an inventory of their  
          information technology systems and put it in the form of a  
          new catalog that must contain specified information without  
          reimbursing the agencies for the cost of doing so. 


          Conclusion: If this bill moves forward, the Committee  
          encourages the author, opponents, and concerned stakeholders  
          to consider the following before the bill is heard in the  
          Local Government Committee: 


          1)Whether to place further parameters around the definition  
            of "information technology systems."
          2)Whether it is necessary to include the system vendor and  
            system product in the catalog.


          3)Whether the legislative body should be free to identify an  








                                                                     SB 272


                                                                    Page  15





            appropriate custodian of the catalog. 


          4)Whether the exemption for a "school district" should be  
            changed to the broader, but more commonly used, "local  
            educational agency."


          ARGUMENTS IN SUPPORT:  According to the author, "Local  
          government agencies throughout California possess a potentially  
          powerful tool for improving the lives of Californians: data.  In  
          too many cases, however, local agencies - and the constituents  
          they serve - do not know what data they have collected or how to  
          access it. SB 272 will identify what information is being kept  
          by local agencies, how it is maintained, and who is responsible.  
           Publishing a catalog of this information will reveal how  
          accessible and usable the information is for public review and  
          analysis, and immediately empower Californians to utilize this  
          information."  The author believes that harnessing the power of  
          this data "could help spur economic growth, tackle major  
          infrastructure issues and set millions of Californians on a path  
          toward upward mobility.  Properly gathered and clearly  
          understood data would also help empower state and local agencies  
          to collaborate more effectively and improve service delivery."


          A broad coalition of business groups and trade associations, led  
          by the California Manufacturers & Technology Association,  
          supports SB 272 because they say it will promote "open and  
          accessible local government practices."  The coalition believes  
          that SB 272 is "a critical first step in the process of  
          providing uniformity in understanding where we are today with  
          regard to data collection systems. SB 272 moves California  
          forward in modernizing open government in California."  


          California Forward Action Fund (CFAF) believes that "this bill  
          will modernize California's approach to the California Public  
          Records Act and allow local governments to embrace open data in  








                                                                     SB 272


                                                                    Page  16





          a smart, measured way."  CFAF contends that Proposition 42  
          "paved the way for more innovation in local government record  
          disclosure and created energy to have cities, counties, special  
          districts to embrace open data principles.  However, policy  
          makers must be careful and deliberate about local government  
          data as to not burden systems and staff with new state  
          requirements.  SB 272 finds that balance." 


          Several other groups, from organized labor to the  
          high-technology business sector, support this bill because they  
          believe that requiring local agencies to create catalogs of  
          their data management systems will somehow lead to an integrated  
          and open data system, spur economic growth, and "empower" local  
          agencies to "work together more effectively and to intelligently  
          allocate resources to better deliver public services." 


          ARGUMENTS IN OPPOSITION:  Several associations representing  
          cities, counties, special districts, and an array of other local  
          agencies oppose this bill.  All but one of the groups or  
          associations that originally only submitted letters of "concern"  
          have changed their position to "oppose unless amended."  


          The California Association of Clerks and Elections Officials  
          (CACEO) oppose this bill unless amended to address a number of  
          its concerns.  First, the clerks oppose automatically  
          designating the "clerk of the agency's legislative body" as the  
          custodian of the agency's catalog.  CACEO argues that, depending  
          upon the locality, the clerks, who may or may not be  
          knowledgeable about information systems, may not be the most  
          appropriate agency official to be responsible for the catalog.   
          CACEO therefore recommends that SB 272 be amended to authorize  
          the legislative body to designate the official that it deems  
          most appropriate.  This "could be the IT director, chief  
          information officer or other appropriate official" to "act as  
          custodian of the completed catalog, and make the catalog  
          available to the public." 








                                                                     SB 272


                                                                    Page  17







          CACEO is also "deeply concerned", especially in light of  
          Proposition 42, "that SB 272 would create yet another unfunded  
          mandate on local agencies" by placing its provisions in the PRA.  
           CACEO "sees no nexus between the subject of SB 272 and the  
          subject dealt with in the California Public Records Act. SB 272  
          merely deals with listing of data systems.  The CPRA deals with  
          records . . . Amending the CPRA in the manner that SB 272  
          proposes would create confusion and a measure of conflict with  
          the CPRA as to what constitutes an identifiable record."   
          Therefore, CACEO believes that "SB 272 should be added to the  
          Government Code as a body of law separate from the CPRA." 


          The Urban Counties Caucus (UCC), the Rural County  
          Representatives of California (RCRC), and the California State  
          Sheriffs Association (CSAA), who originally wrote a joint letter  
          of "concern," now oppose this bill unless amended to, among  
          other things, narrow the definition of "information technology  
          systems" to include only the systems used to perform "core  
          services."  They also ask the author to remove the "system  
          vendor" and "system product" from the catalog requirements.  In  
          support of this proposed amendment, they write that "County IT  
          experts have raised a concern with asking for the name of the  
          vendor and the product version.  Many of our modern county  
          software applications are connected to the Internet to provide  
          on-line services to residents and therefore could be vulnerable  
          to malicious hacking.  It is unclear what the public benefit  
          would be in providing the name of the vendor and the product  
          version.  We have also heard from an FBI cyber security expert  
          that providing this type of information should be a concern for  
          municipalities."  UCC, RCRC, and CSAA, like many other local  
          government stakeholders, also oppose placing the provisions of  
          this bill in the PRA.  They write: "Since the passage of  
          Proposition 42, local agencies cannot receive reimbursement for  
          the costs to comply with the California Public Records Act.   
          Therefore, the new requirements in SB 272 would be unfunded and  
          could be costly for counties to comply.  To provide a catalogue  








                                                                     SB 272


                                                                    Page  18





          of all these systems could be time-consuming and it is unclear  
          what benefit much of this information would provide to the  
          general public."


          Finally, SB 272 was opposed by many school districts and other  
          local educational agencies, for many of the same reasons  
          articulated by other opponents.  However, given that the most  
          recent amendments exempt school districts from the bill, they  
          will apparently remove their opposition to the bill, although at  
          the time of this writing only one entity - the California  
          Association of School Administrators - has formally removed its  
          opposition. 


          





          REGISTERED SUPPORT / OPPOSITION:




          Support


          AFSCME 


          Associated Builders and Contractors of California 


          Building Owners and Contractors of California 


          California Asian Pacific Chamber of Commerce 








                                                                     SB 272


                                                                    Page  19







          California Broadcasters Association 


          California Business Properties Association 


          California Business Roundtable 


          California Forward Action Fund 


          California League of Food Processors 


          California Manufacturers & Technology Association 


          California Professional Firefighters


          California Retailers Association 


          Commercial Real Estate Development Association 


          Family Business Association 


          Firearms Policy Coalition  


          International Council of Shopping Centers 


          Los Angeles Business Federation 








                                                                     SB 272


                                                                    Page  20







          National Federation of Independent Businesses 


          San Diego Regional Data Library 


          San Francisco Technology Democrats 


          Sunlight Foundation 


          Urban Strategies Council 




          Concern


          City of Roseville




          Opposition


          Association of California Water Agencies 


          California Association of Clerks and Election Officials 


          California Association of School Business Officials 










                                                                     SB 272


                                                                    Page  21





          California County Superintendents Educational Services  
          Association 


          California Municipal Utilities Association 


          California Police Chiefs Association 


          California State Association of Counties 


          California State Sheriffs Association 


          City of Camarillo 


          City of Diamond Bar


          Desert Water Agency 


          El Dorado Irrigation District 


          League of California Cities 


          Los Angeles Unified School District


          Madera County Board of Supervisors 


          Municipal Information Systems Association of California 









                                                                     SB 272


                                                                    Page  22






          Newhall County Water District  


          Orange County Department of Education


          Rowland Water District 


          Rural County Representatives of California


          San Diego Unified School District


          Urban County Caucuses 


          Analysis Prepared by:Thomas Clark / JUD. / (916)  
          319-2334