Today's Law As Amended

PDF |Add To My Favorites | print page

AB-22 Secretary of State: storing and recording electronic media.(2017-2018)



SECTION 1.

 Section 12168.7 of the Government Code is amended to read:

12168.7.
 (a) The California  Legislature hereby recognizes the need to adopt uniform statewide standards for the purpose of storing and recording public records in electronic media or in a cloud computing storage service. permanent documents in electronic media. 
(b) In order to ensure that uniform statewide standards remain current and relevant, the Secretary of State, in consultation with the Department of Technology,  State  shall approve and adopt appropriate uniform statewide  standards by using standards that are accredited by  established by  the American National Standards Institute or other applicable industry-recognized standards making body, including the International Organization for Standardization TR 15801:2017 or successor standard, for storing and recording public records in electronic media or in a cloud computing storage service. Institute. 
(c) (1)  The standards specified in subdivision (b) shall include a requirement that a trusted system be utilized. For this purpose and for purposes of Sections 25105, 26205, 26205.1, 26205.5, 26907, 27001, 27322.2, 34090.5, and 60203, Section 102235 of the Health and Safety Code, and Section 10851 of the Welfare and Institutions Code, “trusted system” means a combination of technologies, policies, and procedures for which there is no plausible scenario in which a public record  document  retrieved from or reproduced by the system could differ substantially from the public record  document  that is originally stored.
(2) For a state agency that stores and records public records pursuant to this section, the uniform statewide standards specified in subdivision (b) shall include a definition of “trusted system” that combines the various elements of trusted systems specified in this section.
(d) (1)  A cloud computing storage service that complies with International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry-recognized standards standard  relating to security  techniques and information security management, and that  provides administrative users with controls to prevent stored public  records from being overwritten, deleted, or altered, altered  shall be considered a trusted system.
(2) Notwithstanding paragraph (1), all public records stored or recorded in electronic media or in a cloud computing service by a state agency shall comply with a trusted system as defined in the uniform statewide standards adopted pursuant to subdivision (b).
(e) A trusted system using cloud computing storage service shall also  shall  comply with applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual. This requirement applies to state agencies and does not apply to local government entities, except to local government entities that have a system interconnection or data exchange with a state agency, or that contract with a state agency, for the development, use, or maintenance of an information system, product, solution, or service. entities. 
(f) (1) A state agency, prior to establishing an information technology system interconnection or data exchange with a local government entity or otherwise partnering with a local government entity for the development, use, or maintenance of an information technology system, product, or service, shall first enter into a written agreement with that local government entity for the purpose of establishing mutually agreeable terms that protect relevant public records.
(2) The requirements of paragraph (1) shall apply prospectively, after the effective date of this subdivision, to new agreements of the types specified and to existing agreements of the types specified when they are considered for renewal.
(g) For the purposes of this section, the following definitions shall apply:
(1) (f)  “Cloud computing” has the same definition as the term  For purposes of this section “cloud computing”  is defined by the National Institute of Standards and Technology Special Publication 800-145, 800-145  or a successor publication, and includes the service and deployment models referenced therein.
(2) “Public records” includes permanent and nonpermanent documents.
(3) “State agency” has the same meaning as that term is defined in Section 11000.
(h) (g)  The Secretary of State  State officials  shall ensure that microfilming, electronic data imaging, and photographic reproduction are done in compliance with the minimum standards or guidelines, or both, as recommended by the American National Standards Institute for recording of public records or any other applicable and comparable industry standard. permanent records. 
(i) (h)  Nothing in this section shall prohibit a local government entity from adopting applicable standards articulated in the Secretary of State’s uniform statewide standards for Trustworthy Electronic Document or Record Preservation, the State Administrative Manual, or State Administrative Manual and  the Statewide Information Management Manual for purposes of utilizing a trusted system as defined in subdivision (c).