BILL NUMBER: AB 578 AMENDED
BILL TEXT
AMENDED IN SENATE JUNE 28, 2004
AMENDED IN SENATE JUNE 23, 2004
AMENDED IN ASSEMBLY JULY 3, 2003
AMENDED IN ASSEMBLY MAY 12, 2003
AMENDED IN ASSEMBLY MAY 5, 2003
AMENDED IN ASSEMBLY MAY 1, 2003
AMENDED IN ASSEMBLY APRIL 24, 2003
INTRODUCED BY Assembly Member Leno
FEBRUARY 18, 2003
An act to add Article 6 (commencing with Section 27390) to Chapter
6 of Division 2 of Title 3 of the Government Code, relating to
county recorders, making an appropriations therefor, and declaring
the urgency thereof, to take effect immediately.
LEGISLATIVE COUNSEL'S DIGEST
AB 578, as amended, Leno. County recorders: electronic
recording.
(1) Existing law generally specifies that the recorder of any
county may, in lieu of a written paper, accept for recording a
digitized image of a recordable instrument, subject to specified
conditions.
This bill would enact the Electronic Recording Delivery Act of
2004, to authorize a county recorder, upon approval by resolution of
the board of supervisors and system certification by the Attorney
General, to establish an electronic recording delivery system for the
delivery and recording of specified digitized and digital electronic
records, subject to specified conditions, including system
certification, regulation, and oversight by the Attorney General. It
would require participating counties to pay for the direct cost of
regulation and oversight by the Attorney General, and authorize those
counties to impose fees to cover those costs. It would authorize
the Attorney General to charge a fee directly to a vendor seeking
approval of software hardware, software,
firmware, and other services as part of an electronic recording
delivery system. Fees paid to the Attorney General under these
provisions would be deposited in an unspecified account, which would
be created in the Special Deposit Fund and continuously appropriated
to the Attorney General for these purposes.
This bill would authorize the Attorney General or a district
attorney or city prosecutor to seek specified civil remedies.
The Attorney General would be required to evaluate the electronic
recording delivery systems, and report to both houses of the
Legislature on or before June 30, 2009.
(2) This bill would declare that it is to take effect immediately
as an urgency statute.
Vote: 2/3. Appropriation: yes. Fiscal committee: yes.
State-mandated local program: no.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. (a) It is the intent of the Legislature to enact
legislation to develop a system to permit the electronic delivery,
recording, and return of records that are instruments of
reconveyance, substitutions of trustees, or assignments of deeds of
trust.
(b) It is the further intent of the Legislature that electronic
recording delivery systems be a voluntary county option subject to
regulation to promote security and uniformity, reduce costs, and
deter real estate fraud.
SEC. 2. Article 6 (commencing with Section 27390) is added to
Chapter 6 of Division 2 of Title 3 of the Government Code, to read:
Article 6. Electronic Recording Delivery Act of 2004
27390. (a) This article shall be known and may be cited as the
Electronic Recording Delivery Act of 2004.
(b) For the purposes of this article, the following definitions
shall apply:
(1) "Authorized submitter" means a title insurer, an underwritten
title company, an entity of local, state, or federal government, or
an institutional lender, as defined in subdivision (j) of Section
50003 of the Financial Code, or the agents or employees of any of
these, who has entered into a contract with a county recorder
pursuant to subdivision (b) of Section 27391, and contracted
with a vendor use hardware, software, or firmware
approved by the Attorney General pursuant to subdivision (b) of
Section 27392.
(2) "Computer security auditor" means computer security personnel
hired to perform an independent audit on the electronic recording
delivery system, approved pursuant to Section 27394 and not
disqualified pursuant to Section 27395. The computer security
auditor shall be independent of the county recorder and the
authorized submitter and shall not be the same contractor hired to
establish or participate in a county's electronic recording delivery
system or in the authorized submitter's portion of that system.
(3) "Digital electronic record" means a record that is created,
generated, sent, communicated, or stored by electronic means, but not
created in original paper form.
(4) "Digitized electronic record" means a scanned image of the
original paper document.
(5) "Electronic recording delivery system" means a system designed
to receive for recording, and to return to the party requesting
recording, digitized or digital electronic records.
(6) "Security testing" means an independent security audit by a
computer security auditor, including, but not limited to, attempts to
penetrate an electronic recording delivery system for the purpose of
testing the security of that system.
(7) "Source code" means a program or set of programs, readable and
maintainable by humans, translated or interpreted into a form that
the electronic recording delivery system can execute.
(8) "System certification" means the issuance of a confirmation
letter regarding an electronic recording delivery system by the
Attorney General, as described in Section 27392.
27391. (a) Upon approval by resolution of the board of
supervisors and system certification by the Attorney General, a
county recorder may establish an electronic recording delivery
system.
(b) (1) Upon system certification, a county recorder may enter
into a contract with a title insurer, an underwritten title company,
an entity of local, state, or federal government, or an institutional
lender, as defined in subdivision (j) of Section 50003 of the
Financial Code, to facilitate the delivery for recording, and return
to the party requesting recording, of a digital electronic record, or
a digitized electronic record, that is an instrument of
reconveyance, substitution of trustee, or assignment of a deed of
trust.
(2) Any party entering into a contract with a county recorder
pursuant to paragraph (1) shall contract with a vendor
use hardware, software, or firmware approved by
the Attorney General that does not allow "secure access," as
defined by the Attorney General in subdivision (f) of Section 27395,
by authorized submitters to the electronic recording delivery system
in implementing that contract.
(c) If a county recorder elects to utilize an electronic recording
delivery system pursuant to this article, he or she may refuse to
enter into a contract with any party or may terminate or suspend
access to a system if the county recorder deems it necessary to
protect the public interest, protect the integrity the of public
records, or protect property owners from financial harm. A county
recorder may also terminate or suspend access to a system in the
event a party commits a substantive breach of the contract or does
not comply with this article or the regulations adopted pursuant to
this article.
(d) No cause of action or liability against the county
recorder or any other government entity shall occur or arise from the
decision of the county recorder to refuse to contract with any party
or to terminate or deny access of any party to the system.
(e) A county recorder may require a party electronically
submitting records to mail a copy of recorded electronic document to
the address specified in the instructions for mailing upon completion
of recording.
(e) No cause of action or liability against the county recorder or
any other government entity shall occur or arise from the decision
of the county recorder to refuse to contract with any party or to
terminate or deny access of any party to the system.
(f) When a signature is required to be accompanied by a notary's
seal or stamp, that requirement is satisfied if the electronic
signature of the notary contains all of the following:
(1) The name of the notary.
(2) The words "Notary Public."
(3) The name of the county where the bond and oath of office of
the notary are filed.
(4) The sequential identification number assigned to the notary,
if any.
(5) The sequential identification number assigned to the
manufacturer or vendor of the notary's physical or electronic seal,
if any.
(g) In addition to, and notwithstanding Section 27361.5, a county
recorder, with approval by resolution of the board of supervisors,
may require, but need not be limited to, the following index
information on the first page or sheet of a digital or digitized
electronic document presented for recording:
(1) The parcel identifier number of the real estate.
(2) The address of the real estate, to the extent available.
(3) The name of the authorized submitter presenting the document
for recording.
(4) The name of the authorized requestor of a document for
recording.
(5) The marital, corporate, partnership, or other similar legal
status of a person who is a party to the document.
(6) The date of the document.
(7) The number of pages or sheets contained in the record,
including the first page or sheet.
(8) The transmittal information to identify the sender and provide
recording record information.
(9) If the document is a grant deed, quitclaim deed, or deed of
trust, evidence that the grantor has given informed consent to the
use of an electronic document.
27392. (a) No electronic recording delivery system may become
operational without system certification by the Attorney General.
The certification shall affirm that the proposed county system
conforms to this article and any regulations adopted pursuant to this
article, that security testing has confirmed that the system is
secure and that the proposed operating procedures are sufficient to
assure the continuing security and lawful operation of that system.
The certification may include any agreements between the county
recorder and the Attorney General as to the operation of the system,
including, but not limited to, the nature and frequency of computer
security audits. Certification may be withdrawn for good cause.
(b) The Attorney General shall approve vendors offering
software hardware, software, firmware, and other
services for electronic recording delivery systems pursuant to
regulations adopted as described in paragraph (7) of subdivision (b)
of Section 27393.
27393. (a) The Attorney General shall, in consultation with the
County Recorders Association of California and the California
District Attorneys Association, adopt regulations for the review,
approval, and oversight of electronic recording delivery systems.
Other interested parties may be consulted. Regulations shall be
adopted pursuant to the Administrative Procedure Act (Chapter 3.5
(commencing with Section 11340) of Part 1 of Division 3). The
regulations shall comply with Section 12168.7.
(b) The regulations adopted pursuant to subdivision (a) may
include, but need not be limited to, all of the following:
(1) Establishment of baseline technological and procedural
specifications for electronic recording delivery systems.
(2) Requirements for security, capacity, reliability, and
uniformity.
(3) Requirements as to the nature and frequency of computer
security audits.
(4) A detailed and uniform definition of the term "source code"
consistent with paragraph (7) of subdivision (b) of Section 27390,
and as used in this article, and applicable to each county's
electronic recording delivery system.
(5) Requirements for placement of a copy of the operating system,
source code, compilers, and all related software associated with each
county's electronic recording delivery system in an approved escrow
facility prior to that system's first use.
(6) Requirements for ensuring approval by the Attorney General of
substantive modifications to an operating system, compilers, related
software, or source code.
(7) Procedures for approval of vendors offering software
hardware, software, firmware, and other services
for electronic recording delivery systems.
(8) Requirements for system certification and for oversight of
approved systems.
(9) Requirements for fingerprinting and criminal records checks
required by Section 27395, including a list of employment positions
or classifications subject to criminal records checks and including a
definition of "secure access" as specified in subdivision (f) of
that section.
(10) Requirements for uniform index information that shall be
included in every digitized or digital electronic record.
(11) Provisions to protect proprietary information accessed
pursuant to subdivision (e) of Section 27394 from public disclosure.
(c) The Attorney General may promulgate any other regulations
necessary to fulfill his or her obligations under this article.
(d) An electronic recording delivery system shall be subject to
local inspection and review by the Attorney General. The Attorney
General shall furnish a statement of any relevant findings associated
with a local inspection to the county recorder of a county
participating in the inspected electronic recording delivery system,
to the district attorney, and to all technology vendors associated
with that system.
27394. (a) To be eligible to establish an electronic recording
delivery system, a county recorder shall contract with, and obtain a
report from, a computer security auditor selected from a list of
computer security auditors approved by the Attorney General.
(b) The Attorney General shall approve computer security auditors
on the basis of significant experience in the evaluation and analysis
of Internet security design, the conduct of security testing
procedures, and specific experience performing Internet penetration
studies. The Attorney General shall complete the approval of
security auditors within 90 days of a request from a county recorder.
The list shall be a public record.
(c) An electronic recording delivery system shall be audited, at
least once during the first year of operation and periodically
thereafter, as set forth in regulation and in the system
certification, by a computer security auditor. The computer security
auditor shall conduct security testing of the electronic recording
delivery system. The reports of the computer security auditor shall
include, but not be limited to, all of the following considerations:
(1) Safety and security of the system, including the vulnerability
of the electronic recording delivery system to fraud or penetration.
(2) Results of testing of the system's protections against fraud
or intrusion, including security testing and penetration studies.
(3) Recommendations as to the need for If
an auditor finds a security breach, or the imminent threat of a
security breach, but is unable to find the source of that breach in
the electronic recording system, then the auditor may recommend
security testing of an authorized submitter's system, pursuant to
subdivision (e).
(4) Recommendations for any additional precautions needed to
ensure that the system is secure.
(d) Upon completion, the reports and any response to any
recommendations shall be transmitted to the board of supervisors, the
county recorder, the county district attorney, and the Attorney
General. These entities are authorized to take appropriate
action based upon the recommendations and findings of the auditor.
(e) (1) A computer security auditor shall have access to any
aspect of an electronic recording delivery system, in any form
requested. Computer security auditor access shall include, but not
be limited to, permission for a thorough examination of source code
and the associated approved escrow facility, and necessary
authorization and assistance for a penetration study of that system.
(2) If it is necessary to extend security testing to any portion
of an authorized submitter's system, an authorized submitter may
employ, at its own expense, a computer security auditor for this
aspect of security testing. The security auditor shall meet all the
requirements of this section and shall complete and submit all
security testing and reports as required by this article and any
regulations adopted pursuant to this article.
(f) If the county recorder, a computer security auditor, a
district attorney for a county participating in the electronic
recording delivery system, or the Attorney General reasonably
believes that an electronic recording delivery system is vulnerable
to fraud or intrusion, the county recorder, the board of supervisors,
the district attorney, and the Attorney General shall be immediately
notified. The county recorder shall immediately take the necessary
steps to guard against any compromise of the electronic recording
delivery system, including, if necessary, the suspension of an
authorized submitter or of the electronic recording delivery system.
27395. (a) No person shall be a computer security auditor or be
granted secure access to an electronic recording delivery system if
he or she has been convicted of a felony, has been convicted of a
misdemeanor related to theft, fraud, or a crime of moral turpitude,
or if he or she has pending criminal charges for any of these crimes.
A plea of guilty or no contest, a verdict resulting in conviction,
or the forfeiture of bail, shall be a conviction within the meaning
of this section, irrespective of a subsequent order under Section
1203.4 of the Penal Code.
(b) All persons entrusted with secure access to an electronic
recording delivery system shall submit fingerprints to the Department
of Justice for a criminal records check according to regulations
adopted pursuant to Section 27393.
(c) Once the Department of Justice has ascertained the criminal
history information, it shall forward written notification of
criminal convictions or pending criminal charges, or both, to the
division of the office of Attorney General charged with oversight
duties regarding this article. The Attorney General shall request
subsequent arrest notification service from the Department of Justice
pursuant to Section 11105.2 of the Penal Code for all persons
subject to a criminal records check pursuant to this section.
(d) The Attorney General shall deliver written notification of an
individual's ineligibility for access to an electronic recording
delivery system to the individual, his or her known employer, the
computer security auditor, and the county recorder.
(e) The Department of Justice may charge a fee sufficient to cover
its costs under this section.
(f) The Attorney General shall define "secure access" for purposes
of this section by regulation and by agreement with the county
recorder in the system certification. The definition of "secure
access" shall in no way limit the electronic recording delivery
system from receiving digital records pursuant to paragraph (1) of
subdivision (b) of Section 27391.
(g) Authorized submitters, as defined in paragraph (1) of
subdivision (b) of Section 27390, are not subject to the requirements
of this section unless it is necessary for them to have secure
access to the electronic recording delivery system.
27396. (a) The Attorney General shall monitor the security of
electronic recording delivery systems statewide, in close cooperation
with county recorders and public prosecutors. In the event of an
emergency involving multiple fraudulent transactions linked to one
county's use of an electronic recording delivery system, the Attorney
General may order the suspension of electronic recording delivery
systems in any county or in multiple counties, if necessary to
protect the security of the system, for a period of up to seven court
days. The Attorney General may seek an order from the superior
court if it is necessary to extend this order.
(b) (1) The Attorney General, a district attorney, or a city
prosecutor may bring an action in the name of the people of the state
seeking declaratory or injunctive relief, restitution for damages or
economic loss, rescission, or other equitable relief pertaining to
any alleged violation of this article or regulations adopted pursuant
to this article. Injunctive relief may include, but is not limited
to, an order suspending a party from participation in the electronic
recording delivery system, on a temporary or permanent basis.
(2) Nothing in this subdivision shall be construed to prevent the
Attorney General, a district attorney, or a city prosecutor from
seeking legal or equitable relief under any other provision of law.
27397. (a) A county establishing an electronic recording delivery
system under this article shall pay for the direct cost of
regulation and oversight by the Attorney General.
(b) The Attorney General may charge a fee directly to a vendor
seeking approval of software hardware,
software, firmware, and other services as part of an electronic
recording delivery system. The fee shall not exceed the reasonable
costs of approving software hardware,
software, firmware, or other services for vendors.
(c) In order to pay costs under this section, a county may do any
of the following:
(1) Impose a fee in an amount up to and including one dollar ($1)
for each instrument that is recorded by the county. This fee may, at
the county's discretion, be limited to instruments that are recorded
pursuant to the electronic recording delivery system.
(2) Impose a fee upon any vendor seeking approval of software and
other services as part of an electronic recording delivery system.
(3) Impose a fee upon any person seeking to contract as an
authorized submitter.
(d) The total fees assessed by a county recorder pursuant to this
section may not exceed the reasonable total costs of the electronic
recording delivery system, the review and approval of vendors and
potential authorized submitters, security testing as required by this
article and the regulations of the Attorney General, and
reimbursement to the Attorney General for regulation and oversight of
the electronic recording delivery system.
(e) Fees paid to the Attorney General pursuant to subdivisions (a)
and (b) shall be deposited in the ____ Account, which is hereby
created in the Special Deposit Fund, and, notwithstanding Section
13340, is continuously appropriated, without regard to fiscal years,
to the Attorney General for the costs described in those
subdivisions.
27398. The Attorney General shall conduct an evaluation of
electronic recording delivery systems authorized by this article, and
report to both houses of the Legislature on or before June 30, 2009.
(a) The evaluation shall include an analysis of costs, cost
savings, security and real estate fraud prevention, and
recommendations as to improvements and possible expansion of the
provisions of this article.
(b) (1) It is the intent of the Legislature that the electronic
delivery, recording, and return of digital and digitized electronic
records pursuant to this article be limited to an instrument of
reconveyance, a substitution of trustee, or an assignment of deed of
trust, because these documents pose less risk of real estate fraud
loss to property owners and financial institutions than other
documents affecting the right, title, or interest in real property.
(2) Therefore, the evaluation conducted under this section shall
also include a study of the feasibility of expanding the provisions
of this article to cover the delivery, recording, and return of other
digital and digitized electronic records.
27399. (a) The authority granted in this article is in addition
to any other authority or obligation under state or federal law.
(b) Nothing in this article shall be construed to repeal or affect
Section 27279, 27279.1, 27279.2, 27297.6, 27387.1, or 27399.7.
SEC. 3. This act is an urgency statute necessary for the immediate
preservation of the public peace, health, or safety within the
meaning of Article IV of the Constitution and shall go into immediate
effect. The facts constituting the necessity are:
In order that county recorders may alleviate fiscal constraints by
implementing electronic recording delivery systems at the earliest
possible time, it is necessary for this act to take effect
immediately.