BILL ANALYSIS �
AB 2091
Page 1
CONCURRENCE IN SENATE AMENDMENTS
AB 2091 (Conway)
As Amended June 29, 2010
Majority vote
-----------------------------------------------------------------
|ASSEMBLY: |76-0 |(May 13, 2010) |SENATE: |34-0 |(August 2, |
| | | | | |2010) |
-----------------------------------------------------------------
Original Committee Reference: G.O.
SUMMARY : Exempts from disclosure under the California Public
Records Act (CPRA) information security records that would
reveal vulnerabilities of an information technology system or
increase the potential for cyber attacks.
The Senate amendments make technical and clarifying changes.
EXISTING LAW :
1)Requires, under CPRA, state and local agencies to make public
records available upon receipt of a request that reasonably
describes an identifiable record not otherwise exempt from
disclosure.
2)Defines a state agency as every state office, officer,
department, division, bureau, board, and commission
or other state body or agency, except those agencies provided
for in Article IV (except Section 20 thereof) or Article VI of
the California Constitution.
3)Exempts from public disclosure records of intelligence
information or security procedures of various state agencies,
as specified.
4)Exempts from public disclosure documents prepared by or for a
state or local agency that assess vulnerability to terrorist
attack or other criminal acts intended to disrupt that public
agency's operations.
5)Entrusts the Office of the State Chief Information Officer
(OCIO) with the task of establishing and enforcing state
information technology strategic plans, policies, standards,
and enterprise architecture.
�
AB 2091
Page 2
6)Requires the OCIO to prepare an annual information technology
strategic plan that shall guide the acquisition, management,
and use of information technology.
AS PASSED BY THE ASSEMBLY , this bill exempts the information
security reports of a state agency from the CPRA.
FISCAL EFFECT : This bill is keyed non-fiscal.
COMMENTS : This bill is intended to provide a specific exemption
from disclosure under the CPRA to protect California residents
from information security breaches.
This bill provides that nothing in the CPRA shall be construed
to require the disclosure of an information security record of a
public agency, if, on the facts of the particular case,
disclosure of that record would reveal vulnerabilities to, or
otherwise increase the potential for an attack on, an
information technology system of a public agency. According to
this bill's sponsor, OCIO, nothing in this bill shall be
construed to limit public disclosure of records stored within an
information technology system of a public agency that are not
otherwise exempt from disclosure pursuant to the provisions of
the CPRA or any other provision of law.
Analysis Prepared by : Rod Brewer / G.O. / (916) 319-2531
FN: 0005595