Approved on October 11, 2015, SB 272 adds a section to the California Public Records Act requiring local agencies to create a catalog of Enterprise Systems by July 1, 2016 with annual updates
A software application or computer system that collects, stores, exchanges and analyzes information that the agency uses that is both of the following:
- A multi-departmental system or a system that contains information collected about the public.
- A system that services as an original source of data within an agency.
An Enterprise System does not include any of the following:
- Information Technology security systems, including firewalls and other cybersecurity systems.
- Physical access control systems, employee identification management systems, video monitoring, and other physical control systems.
- Infrastructure and mechanical control systems, including those that control or manage street lights, electrical, natural gas or water or sewer functions.
- Systems relate to 911 dispatch and operation or emergency services.
- Systems that would be restricted from disclosure pursuant to Section 6254.19.
- The specific records that the information technology system collects, stores, exchanges, or analyzes.
The catalog shall be made publicly available upon request. The catalog shall be posted in a prominent location on the local agency’s Internet Web site. The catalog shall disclose a list of the enterprise systems utilized by the agency and, for each system, shall also disclose all of the following:
- Current system vendor.
- Current system product.
- A brief statement of the system’s purpose.
- A general description of categories or types of data.
- The department that serves as the system’s primary custodian.
- How frequently system data is collected.
- How frequently system data is updated.