SB 272 Compliance Deadline Passed with Many Agencies Out of Compliance

This catalog must be made public upon request and be posted in a prominent location on the local agency’s website. SB 272 went into effect on July 1 and going forward cities will need to annually update the public data. Over 140 agencies missed the July 1, 2016 compliance date. The good news is that compliance can be simple using free and publicly available tools.

Enterprise System Definition 
 
Enterprise system refers to software application or a computer system that collects, stores, exchanges, and analyzes information that the agency uses that is both of the following:

• A multi-departmental system or a system that contains information collected about the public; and
• A system of record. 

For example, an enterprise system could be a constituent management system, the city’s council meeting management system, or a general financial management system used for budgeting and analytics by the finance department.
 
The city of Lancaster and Town of Apple Valley provide examples of how to be in compliance.
 
Resources on Enterprise System Catalogs
 
There are a variety of resources available to help local agencies comply including:

• A step-by-step guide on how to create an enterprise system catalog;
• A free tool provided by Streamline, a division of Digital Deployment, Inc.;
• Information on how to hyperlink the system catalog to your agency’s website;
• SB 272 compliance FAQ; and
• Municipal Information Systems Association of California (MISAC) Tool and Instructions.
  • (For MISAC members only: please contact MISAC for your personalized log-in credentials). 

Information on What to Upload and Link
 
A list or catalog (PDF document) describing each systems’ purpose, product name and vendor, primary users (custodians) and frequency of collection and updates must be posted in a prominent location on a local agency’s website, if the agency has a website. This list needs be updated annually.
 
Please note that the term “prominent location” is not defined in state law, so this is up to the individual city’s judgment. That being said, it would be wise to err on the side of caution and place it somewhere very prominent on the agency homepage.
 
Items Excluded
 
Enterprise systems do not include cybersecurity systems, infrastructure and mechanical control systems, or information that would reveal vulnerabilities to, or otherwise increase the potential for an attack on, a public agency's IT system. Additionally, SB 272 does not automatically require disclosure of the specific records that the IT systems collect, store, exchange or analyze, however, the Public Records Act's other provisions pertaining to disclosure of such records still apply. If the public interest served by not disclosing the information described clearly outweighs the public interest served by disclosure, the local agency may instead provide a system name, brief title or identifier of the system.
 
Assistance
 
Digital Deployment is happy to answer questions on this process or provide other assistance.
 
If you need help or have additional questions, the Digital Deployment, Inc. team is a good resource.
 
MISAC has also developed a compliance tool for members. Questions about MISAC’s tool can be directed to Anand Rao, IT manager with the city of Garden Grove.