KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We keep the source links front and center and leave the decision up to you.

Back to California

AB-370 • 2026

California Public Records Act: cyberattacks.

California Public Records Act: cyberattacks.

Education
Enacted

This bill passed the Legislature and reached final enactment based on the latest official action.

Sponsor
Carrillo
Last action
2025-07-14
Official status
Chaptered by Secretary of State - Chapter 34, Statutes of 2025.
Effective date
Not listed

Plain English Breakdown

The official source does not provide specific details on the duration of time extensions during a cyberattack or the impact on all types of emergencies.

California Public Records Act: Cyberattack Provisions

AB-370 modifies the California Public Records Act to allow agencies more time to respond to record requests during a cyberattack and clarifies that emergencies must directly impact an agency's ability to respond.

What This Bill Does

  • Expands the definition of 'unusual circumstances' to include when a cyberattack prevents an agency from accessing its electronic servers or systems.
  • Limits the time extension for responding to record requests due to a cyberattack until the agency can access its servers again.
  • Requires emergencies affecting agencies to directly impact their ability to respond to public records requests.

Who It Names or Affects

  • State and local agencies in California
  • People requesting copies of public records from affected agencies

Terms To Know

Unusual circumstances
Special situations that allow an agency to take more time than usual to respond to a request for public records.
State-mandated local program
A state requirement that forces local agencies to follow new rules, which may increase their duties or costs.

Limits and Unknowns

  • The bill does not specify how long an agency can take to respond during a cyberattack.
  • It is unclear if the changes will affect all types of emergencies equally.

Bill History

  1. 2025-07-14 California Legislative Information

    Chaptered by Secretary of State - Chapter 34, Statutes of 2025.

  2. 2025-07-14 California Legislative Information

    Approved by the Governor.

  3. 2025-07-11 California Legislative Information

    Enrolled and presented to the Governor at 11 a.m.

  4. 2025-07-03 California Legislative Information

    In Assembly. Ordered to Engrossing and Enrolling.

  5. 2025-07-03 California Legislative Information

    Read third time. Passed. Ordered to the Assembly. (Ayes 35. Noes 0. Page 1931.).

  6. 2025-07-01 California Legislative Information

    Read second time. Ordered to Consent Calendar.

  7. 2025-06-30 California Legislative Information

    From committee: Be ordered to second reading file pursuant to Senate Rule 28.8 and ordered to Consent Calendar.

  8. 2025-06-17 California Legislative Information

    From committee: Do pass and re-refer to Com. on APPR. with recommendation: To Consent Calendar. (Ayes 12. Noes 0.) (June 17). Re-referred to Com. on APPR.

  9. 2025-05-28 California Legislative Information

    Referred to Com. on JUD.

  10. 2025-04-24 California Legislative Information

    In Senate. Read first time. To Com. on RLS. for assignment.

  11. 2025-04-24 California Legislative Information

    Read third time. Passed. Ordered to the Senate. (Ayes 75. Noes 0. Page 1278.)

  12. 2025-04-10 California Legislative Information

    Read second time. Ordered to Consent Calendar.

  13. 2025-04-09 California Legislative Information

    From committee: Do pass. To Consent Calendar. (Ayes 14. Noes 0.) (April 9).

  14. 2025-03-13 California Legislative Information

    Re-referred to Com. on APPR.

  15. 2025-03-12 California Legislative Information

    Read second time and amended.

  16. 2025-03-11 California Legislative Information

    From committee: Amend, and do pass as amended and re-refer to Com. on APPR. with recommendation: To Consent Calendar. (Ayes 12. Noes 0.) (March 11).

  17. 2025-02-18 California Legislative Information

    Referred to Com. on JUD.

  18. 2025-02-04 California Legislative Information

    From printer. May be heard in committee March 6.

  19. 2025-02-03 California Legislative Information

    Read first time. To print.

Official Summary Text

AB 370, Carrillo.
California Public Records Act: cyberattacks.
The California Public Records Act requires state and local agencies to make their records available for public inspection, except as specified. Existing law requires each agency, within 10 days of a request for a copy of records, to determine whether the request seeks copies of disclosable public records in possession of the agency and to promptly notify the person of the determination and the reasons therefor. Existing law authorizes that time limit to be extended by no more than 14 days under unusual circumstances, and defines “unusual circumstances” to include, among other things, the need to search for, collect, and appropriately examine records during a state of emergency when the state of emergency currently affects the agency’s ability to timely respond to requests due to staffing shortages or closure of facilities, as provided.
This
bill would revise the definition of unusual circumstances as it applies to a state of emergency to require the state of emergency, in addition to currently affecting the agency’s ability to timely respond to requests as described above, to also require the state of emergency to directly affect the agency’s ability to timely respond to requests as described above. By restricting the time period in which a local agency may respond to requests, thus increasing the duties of local officials, this bill would create a state-mandated local program.
This bill would also expand the definition of unusual circumstances to include the inability of the agency, because of a cyberattack, to access its electronic servers or systems in order to search for and obtain a record that the agency believes is responsive to a request and is maintained on the servers or systems in an
electronic format. Under the bill, the extension would apply only until the agency regains its ability to access its electronic servers or systems and search for and obtain electronic records that may be responsive to a request.
The California Constitution requires local agencies, for the purpose of ensuring public access to the meetings of public bodies and the writings of public officials and agencies, to comply with a statutory enactment that amends or enacts laws relating to public records or open meetings and contains findings demonstrating that the enactment furthers the constitutional requirements relating to this purpose.
This bill would make legislative findings to
that effect.
Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest.
This bill would make legislative findings to that effect.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that no reimbursement is required by this act for a specified reason.

Current Bill Text

Read the full stored bill text 
Download Bill PDF