BILL ANALYSIS �Ó
SB 272
Page 1
Date of Hearing: August 19, 2015
ASSEMBLY COMMITTEE ON APPROPRIATIONS
Jimmy Gomez, Chair
SB 272
(Hertzberg) - As Amended August 17, 2015
-----------------------------------------------------------------
|Policy |Judiciary |Vote:|10 - 0 |
|Committee: | | | |
| | | | |
| | | | |
|-------------+-------------------------------+-----+-------------|
| |Local Government | |9 - 0 |
| | | | |
| | | | |
|-------------+-------------------------------+-----+-------------|
| | | | |
| | | | |
| | | | |
-----------------------------------------------------------------
Urgency: No State Mandated Local Program: YesReimbursable:
No
SUMMARY:
This bill requires cities, counties, special districts, and
joint powers authorities, by July 2016, to create a catalogue of
their enterprise systems and make the catalog available to the
�
SB 272
Page 2
public, including on the agency's website. Specifically, this
bill:
1)Defines "enterprise system" as a software application or
computer system that collects, stores, exchanges, and analyzes
information used by the public agency that is: (a) a
multi-departmental system or a system that contains
information collected about the public; and (b) a "system of
record," i.e. serving as an original source of data within an
agency.
2)Stipulates that an enterprise system does not include:
a) Information technology security systems, including
firewalls and other cybersecurity systems;
b) Physical access control systems, employee identification
management systems, video monitoring, and other physical
control systems;
c) Infrastructure and mechanical control systems, including
those that control or manage street lights, or water or
sewer functions;
d) Systems related to 911 dispatch and operation or
emergency services;
e) Systems that would be restricted from disclosure
pursuant to existing law, as specified, which exempts from
the California Public Records Act (CPRA) the disclosure of
information security records that would reveal
vulnerabilities of an information technology system or
�
SB 272
Page 3
increase the potential for cyber attacks, as specified;
and,
f) The specific records that the information technology
system collects, stores, exchanges, or analyzes.
3)Requires that the catalog, for each system, disclose:
a) Current system vendor;
b) Current system product;
c) A brief statement of the system's purpose;
d) A general description of categories or types of data;
e) The department that serves as the system's primary
custodian;
f) How frequently system data is collected; and,
g) How frequently system data is updated.
�
SB 272
Page 4
FISCAL EFFECT:
Proposition 42 was passed by voters on June 3, 2014, and
requires all local governments to comply with the CPRA and the
Ralph M. Brown Act (Brown Act) and with any subsequent changes
to those Acts. Proposition 42 also eliminated reimbursements to
local agencies for costs of complying with the CPRA and the
Brown Act.
As the bill furthers the purpose of the CPRA, local agencies'
costs to create catalogues of their respective enterprise
systems would be nonreimbursable.
COMMENTS:
1)Purpose. According to the author, "? SB 272 will identify what
information is being kept by local agencies, how it is
maintained, and who is responsible. Publishing a catalog of
this information will reveal how accessible and usable the
information is for public review and analysis, and immediately
empower Californians to utilize this information.
"There are thousands of local public agencies that collect
information on critical government programs and services. The
data include everything from building permits and public parks
to potholes and public transportation. Harnessing the power
of this locally generated data could help spur economic
growth, tackle major infrastructure issues and set millions of
Californians on a path toward upward mobility. Properly
gathered and clearly understood data would also help empower
state and local agencies to collaborate more effectively and
�
SB 272
Page 5
improve service delivery."
A broad association of business groups and trade associations
support the bill, asserting that it will promote open and
accessible government practices.
2)Opposition. Local governments are concerned with costs related
to the unfunded mandate of this bill and have cyber
security-related concerns about including system vendor and
system product as elements of the catalog.
3)Related Legislation. AB 169 (Maienschein), pending in the
Senate Appropriations, establishes open format requirements
for posting a public record if a local agency maintains an
"open data" Internet Resource, as specified, and voluntarily
posts the public record.
AB 1215 (Ting), which creates the California Open Data Act and
the position of Chief Data Officer, and requires state
agencies to make public data, as defined, available on an web
portal, was held on this committee's Suspense file.
SB 573 (Pan), pending in this committee, requires the Governor
to appoint a Chief Data Officer.
�
SB 272
Page 6
Analysis Prepared by:Chuck Nicol / APPR. / (916)
319-2081