BILL ANALYSIS                                                                                                                                                                                                    

                                                                     SB 272  

                                                                    Page  1

          Date of Hearing:  August 19, 2015


                                 Jimmy Gomez, Chair

          SB 272  
          (Hertzberg) - As Amended August 17, 2015

          |Policy       |Judiciary                      |Vote:|10 - 0       |
          |Committee:   |                               |     |             |
          |             |                               |     |             |
          |             |                               |     |             |
          |             |Local Government               |     |9 - 0        |
          |             |                               |     |             |
          |             |                               |     |             |
          |             |                               |     |             |
          |             |                               |     |             |
          |             |                               |     |             |

          Urgency:  No  State Mandated Local Program:  YesReimbursable:   


          This bill requires cities, counties, special districts, and  
          joint powers authorities, by July 2016, to create a catalogue of  
          their enterprise systems and make the catalog available to the  


                                                                     SB 272  

                                                                    Page  2

          public, including on the agency's website. Specifically, this  

          1)Defines "enterprise system" as a software application or  
            computer system that collects, stores, exchanges, and analyzes  
            information used by the public agency that is: (a) a  
            multi-departmental system or a system that contains  
            information collected about the public; and (b) a "system of  
            record," i.e. serving as an original source of data within an  

          2)Stipulates that an enterprise system does not include:

             a)   Information technology security systems, including  
               firewalls and other cybersecurity systems;
             b)   Physical access control systems, employee identification  
               management systems, video monitoring, and other physical  
               control systems;

             c)   Infrastructure and mechanical control systems, including  
               those that control or manage street lights, or water or  
               sewer functions;

             d)   Systems related to 911 dispatch and operation or  
               emergency services;

             e)   Systems that would be restricted from disclosure  
               pursuant to existing law, as specified, which exempts from  
               the California Public Records Act (CPRA) the disclosure of  
               information security records that would reveal  
               vulnerabilities of an information technology system or  


                                                                     SB 272  

                                                                    Page  3

               increase the potential for cyber attacks, as specified;  

             f)   The specific records that the information technology  
               system collects, stores, exchanges, or analyzes.

          3)Requires that the catalog, for each system, disclose:

             a)   Current system vendor;
             b)   Current system product;

             c)   A brief statement of the system's purpose;

             d)   A general description of categories or types of data;

             e)   The department that serves as the system's primary  

             f)   How frequently system data is collected; and,

             g)   How frequently system data is updated.



                                                                     SB 272  

                                                                    Page  4

          FISCAL EFFECT:

          Proposition 42 was passed by voters on June 3, 2014, and  
          requires all local governments to comply with the CPRA and the  
          Ralph M. Brown Act (Brown Act) and with any subsequent changes  
          to those Acts.  Proposition 42 also eliminated reimbursements to  
          local agencies for costs of complying with the CPRA and the  
          Brown Act.

          As the bill furthers the purpose of the CPRA, local agencies'  
          costs to create catalogues of their respective enterprise  
          systems would be nonreimbursable.


          1)Purpose. According to the author, "? SB 272 will identify what  
            information is being kept by local agencies, how it is  
            maintained, and who is responsible.  Publishing a catalog of  
            this information will reveal how accessible and usable the  
            information is for public review and analysis, and immediately  
            empower Californians to utilize this information. 

            "There are thousands of local public agencies that collect  
            information on critical government programs and services.  The  
            data include everything from building permits and public parks  
            to potholes and public transportation.  Harnessing the power  
            of this locally generated data could help spur economic  
            growth, tackle major infrastructure issues and set millions of  
            Californians on a path toward upward mobility.  Properly  
            gathered and clearly understood data would also help empower  
            state and local agencies to collaborate more effectively and  


                                                                     SB 272  

                                                                    Page  5

            improve service delivery."

            A broad association of business groups and trade associations  
            support the bill, asserting that it will promote open and  
            accessible government practices.

          2)Opposition. Local governments are concerned with costs related  
            to the unfunded mandate of this bill and have cyber  
            security-related concerns about including system vendor and  
            system product as elements of the catalog.

          3)Related Legislation. AB 169 (Maienschein), pending in the  
            Senate Appropriations, establishes open format requirements  
            for posting a public record if a local agency maintains an  
            "open data" Internet Resource, as specified, and voluntarily  
            posts the public record.

            AB 1215 (Ting), which creates the California Open Data Act and  
            the position of Chief Data Officer, and requires state  
            agencies to make public data, as defined, available on an web  
            portal, was held on this committee's Suspense file.

            SB 573 (Pan), pending in this committee, requires the Governor  
            to appoint a Chief Data Officer.



                                                                     SB 272  

                                                                    Page  6

          Analysis Prepared by:Chuck Nicol / APPR. / (916)