California Public Records Act: cyberattacks.
AB 370 exempts cybersecurity vulnerability and attack information from California public records disclosure to prevent future exploitation while maintaining government transparency safeguards.
AB 370 exempts cybersecurity vulnerability and attack information from California public records disclosure to prevent future exploitation while maintaining government transparency safeguards.
AB 370 amends California's Public Records Act to establish exemptions for records related to cyberattacks on public agencies. The bill allows government entities to withhold specific information about cybersecurity vulnerabilities, attack methods, and response strategies from public disclosure to protect critical infrastructure and prevent future attacks.
As cyberattacks on government systems increase in frequency and sophistication, agencies face tension between transparency obligations and security needs. This law recognizes that disclosing certain cybersecurity details could enable malicious actors to exploit vulnerabilities, while balancing the public's right to know about threats to their government's operations and data.
Compiled from official sources — confirm details with the bill’s official record.
Sign in to ask a question.