Which Enterprise Systems Are Covered by SB 272
Governor Brown approved SB 272 in October 2015, adding section
6270.5 to the California Public Records Act (the “Act,”
Government Code Sections 6250-6276.48). Section 6270.5 defines an
enterprise system as a software application or computer system
that collects, stores, exchanges, and analyzes information that
the agency uses that is (1) a multi-departmental system or system
that contains information collected about the public and (2) a
system of record. A system of record means a system that serves
as an original source of data within an agency. SB 272 requires
that local agencies create a catalog of multi-departmental
systems or systems containing information about the public that
store original records, and then post the catalog on their
website.
Which Systems Are Excluded
Enterprise systems do not include cybersecurity systems,
infrastructure and mechanical control systems, or information
that would reveal vulnerabilities to, or otherwise increase the
potential for an attack on, a public agency’s IT system.
Additionally, section 6270.5 does not automatically require
disclosure of the specific records that the IT systems collect,
store, exchange or analyze; however, the Act’s other provisions
pertaining to disclosure of such records still apply.
Regional San’s Catalog of Enterprise Systems
Catalog of Enterprise Systems