Bill Text

PDF |Add To My Favorites |Track Bill | print page

AB-22 Secretary of State: storing and recording electronic media.(2017-2018)

SHARE THIS:share this bill in Facebookshare this bill in Twitter
Date Published: 10/16/2017 02:00 PM
AB22:v92#DOCUMENT

Assembly Bill No. 22
CHAPTER 834

An act to amend Section 12168.7 of the Government Code, relating to state government.

[ Approved by Governor  October 15, 2017. Filed with Secretary of State  October 15, 2017. ]

LEGISLATIVE COUNSEL'S DIGEST


AB 22, Bonta. Secretary of State: storing and recording electronic media.
Existing law requires the Secretary of State to approve and adopt uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media, as specified, and requires those standards to include a requirement that a trusted system, as defined, be utilized.
This bill would specify that a trusted system, for these purposes, includes “cloud computing,” as defined, that meets specified requirements.
Existing law provides that the Department of Technology is responsible for establishing and enforcing information technology plans, policies, and standards and in furtherance thereof, publishing the Statewide Information Management Manual, and for information technology provisions of the State Administrative Manual.
This bill would provide that the standards in these manuals apply to a trusted system.
Existing law requires the Secretary of State to adopt appropriate standards established by the American National Standards Institute or the Association for Information and Image Management.
This bill would delete this reference to the Association for Information and Image Management.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: NO   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 Section 12168.7 of the Government Code is amended to read:

12168.7.
 (a) The California Legislature hereby recognizes the need to adopt uniform statewide standards for the purpose of storing and recording permanent documents in electronic media.
(b) In order to ensure that uniform statewide standards remain current and relevant, the Secretary of State shall approve and adopt appropriate standards established by the American National Standards Institute.
(c) The standards specified in subdivision (b) shall include a requirement that a trusted system be utilized. For this purpose and for purposes of Sections 25105, 26205, 26205.1, 26205.5, 26907, 27001, 27322.2, 34090.5, and 60203, Section 102235 of the Health and Safety Code, and Section 10851 of the Welfare and Institutions Code, “trusted system” means a combination of technologies, policies, and procedures for which there is no plausible scenario in which a document retrieved from or reproduced by the system could differ substantially from the document that is originally stored.
(d) A cloud computing storage service that complies with International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry-recognized standard relating to security techniques and information security management, and provides administrative users with controls to prevent stored records from being overwritten, deleted, or altered shall be considered a trusted system.
(e) A trusted system shall comply with applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual. This requirement applies to state agencies and does not apply to local government entities.
(f) For purposes of this section “cloud computing” is defined by the National Institute of Standards and Technology Special Publication 800-145 or a successor publication, and includes the service and deployment models referenced therein.
(g) State officials shall ensure that microfilming, electronic data imaging, and photographic reproduction are done in compliance with the minimum standards or guidelines, or both, as recommended by the American National Standards Institute for recording of permanent records.
(h) Nothing in this section shall prohibit a local government entity from adopting applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual for purposes of utilizing a trusted system as defined in subdivision (c).