On the heels of last week’s California Public Records Act dustup, we’ve seen another sign that local governments don’t want to be told how, or foot the bills, to keep the public informed.
The state Senate Judiciary Committee today voted 7-0 to pass AB 1149 by Assemblywoman Nora Campos, D-San Jose, which would require all local government agencies to notify their workers and constituents if their electronic data has been hacked, as the state and the private sector already are required to do.
But the bill’s opponents include the Association of California Healthcare Districts, California Association of Joint Powers Authorities, California Special Districts Association, California State Association of Counties, the League of California Cities and the Urban Counties Caucus.
“AB 1149 infringes on local governments that have already adopted their own policies related to information breaches, and we are concerned about the potential cost implications for some cities of setting up the breach notifications outlined in the bill,” Natasha Karl, the League of California Cities’ legislative representative, said via e-mail today.
In other words, they don’t want to be told how – or be forced – to do it, or to pay for it. Campos contends that without such a law, there’s a patchwork of local policies – or no local policies at all – on disclosing such information leaks.
“People have the right to know if their personal information has been stolen so they can take appropriate steps to prevent further theft,” she said. “It’s outrageous that local governments are standing in the way of this. They say it would be too costly. But this is a public duty.”
Campos said her account was once hacked when she served on the San Jose City Council, and she was grateful for the alert she received so that she could contact her bank and credit card companies to warn them of any potential identity theft.
Judiciary Committee Chairwoman Noreen Evans, D-Santa Rosa, said she understood local governments’ misgivings over potential costs, “but this just makes so much sense because local government does use this kind of information… A breach is a breach. It’s very important to have that protection.”
State Senate President Pro Tem Darrell Steinberg, D-Sacramento, and Senate Budget Committee Chairman Mark Leno, D-San Francisco, just last week were contending that few if any local governments would hesitate to foot their own bills for compliance with the California Public Records Act. Such entities would be too scared of the public’s wrath to ignore the law, they insisted as they pushed Gov. Jerry Brown’s proposal that the state stop funding the law and major sections be reduced to recommended best practices if locals don’t want to pay for them.
Amid a public outcry, the lawmakers and Gov. Jerry Brown reversed course. The state will keep reimbursing local governments for compliance with the Public Records Act at least until voters can decide next year whether to enshrine the PRA in the state constitution – and in doing so require the locals to foot the bills themselves.