Home > News > News Articles > 2016 > September > SB 272 Compliance Deadline Passed with Many Agencies Out of Compliance
News Feed

SB 272 Compliance Deadline Passed with Many Agencies Out of Compliance

Free Resources Available to Make Compliance Easy

September 23, 2016
The Legislature expanded the California Public Records Act in 2015 by requiring local agencies to create and make available online a catalog of enterprise systems.
 
This catalog must be made public upon request and be posted in a prominent location on the local agency’s website. SB 272 went into effect on July 1 and going forward cities will need to annually update the public data. Over 140 agencies missed the July 1, 2016 compliance date. The good news is that compliance can be simple using free and publicly available tools.

Enterprise System Definition 
 
Enterprise system refers to software application or a computer system that collects, stores, exchanges, and analyzes information that the agency uses that is both of the following:
  • A multi-departmental system or a system that contains information collected about the public; and
  • A system of record. 
For example, an enterprise system could be a constituent management system, the city’s council meeting management system, or a general financial management system used for budgeting and analytics by the finance department.
 
The city of Lancaster and Town of Apple Valley provide examples of how to be in compliance.
 
Resources on Enterprise System Catalogs
 
There are a variety of resources available to help local agencies comply including: Information on What to Upload and Link
 
A list or catalog (PDF document) describing each systems’ purpose, product name and vendor, primary users (custodians) and frequency of collection and updates must be posted in a prominent location on a local agency’s website, if the agency has a website. This list needs be updated annually.
 
Please note that the term “prominent location” is not defined in state law, so this is up to the individual city’s judgment. That being said, it would be wise to err on the side of caution and place it somewhere very prominent on the agency homepage.
 
Items Excluded
 
Enterprise systems do not include cybersecurity systems, infrastructure and mechanical control systems, or information that would reveal vulnerabilities to, or otherwise increase the potential for an attack on, a public agency's IT system. Additionally, SB 272 does not automatically require disclosure of the specific records that the IT systems collect, store, exchange or analyze, however, the Public Records Act's other provisions pertaining to disclosure of such records still apply. If the public interest served by not disclosing the information described clearly outweighs the public interest served by disclosure, the local agency may instead provide a system name, brief title or identifier of the system.
 
Assistance
 
Digital Deployment is happy to answer questions on this process or provide other assistance.
 
If you need help or have additional questions, the Digital Deployment, Inc. team is a good resource.
 
MISAC has also developed a compliance tool for members. Questions about MISAC’s tool can be directed to Anand Rao, IT manager with the city of Garden Grove.


 
© League of California Cities