Amended  IN  Assembly  April 24, 2024

CALIFORNIA LEGISLATURE— 2023–2024 REGULAR SESSION

Assembly Bill
No. 2715


Introduced by Assembly Member Boerner

February 14, 2024


An act to amend Section 54957 of the Government Code, relating to local government.


LEGISLATIVE COUNSEL'S DIGEST


AB 2715, as amended, Boerner. Ralph M. Brown Act: closed sessions.
Existing law, the Ralph M. Brown Act, generally requires that all meetings of a legislative body of a local agency be open and public and that all persons be permitted to attend and participate. Existing law authorizes a legislative body to hold a closed session with specified individuals on, among other things, matters posing a threat to the security of essential public services, as specified.
This bill would additionally authorize a legislative body to hold a closed session to consider or evaluate matters related to cybersecurity, as specified, provided that any action taken on those matters is done in open session. with other law enforcement or security personnel and to hold a closed session on a threat to critical infrastructure controls or critical infrastructure information, as defined, relating to cybersecurity.
Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest.
This bill would make legislative findings to that effect.
The California Constitution requires local agencies, for the purpose of ensuring public access to the meetings of public bodies and the writings of public officials and agencies, to comply with a statutory enactment that amends or enacts laws relating to public records or open meetings and contains findings demonstrating that the enactment furthers the constitutional requirements relating to this purpose.
This bill would make legislative findings to that effect.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: NO   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 Section 54957 of the Government Code is amended to read:

54957.
 (a) (1) This chapter does not prevent the legislative body of a local agency from holding closed sessions with the Governor, Attorney General, district attorney, agency counsel, sheriff, or chief of police, or their respective deputies, or other law enforcement or security personnel, or a security consultant or a security operations manager, on matters posing a threat to the security of public buildings, a threat to the security of essential public services, including water, drinking water, wastewater treatment, natural gas service, and electric service, or a threat to the public’s right of access to public services or public facilities. facilities, or a threat to critical infrastructure controls or critical infrastructure information relating to cybersecurity.
(2) For purposes of this subdivision, the following definitions apply:
(A) “Critical infrastructure controls” means networks and systems controlling assets so vital to the local agency that the incapacity or destruction of those networks, systems, or assets would have a debilitating impact on public health, safety, economic security, or any combination thereof.
(B) “Critical infrastructure information” means information not customarily in the public domain pertaining to any of the following:
(i) Actual, potential, or threatened interference with, or an attack on, compromise of, or incapacitation of critical infrastructure controls by either physical or computer-based attack or other similar conduct, including, but not limited to, the misuse of, or unauthorized access to, all types of communications and data transmission systems, that violates federal, state, or local law or harms public health, safety, or economic security, or any combination thereof.
(ii) The ability of critical infrastructure controls to resist any interference, compromise, or incapacitation, including, but not limited to, any planned or past assessment or estimate of the vulnerability of critical infrastructure.
(iii) Any planned or past operational problem or solution regarding critical infrastructure controls, including, but not limited to, repair, recovery, reconstruction, insurance, or continuity, to the extent it is related to interference, compromise, or incapacitation of critical infrastructure controls.

(b)This chapter does not prevent the legislative body of a local agency from holding closed sessions to consider or evaluate matters related to cybersecurity, including vulnerabilities of, or potential or ongoing threats to, an agency’s cybersecurity provided that any action taken by the legislative body on those matters is done in open session.

(c)

(b) (1) Subject to paragraph (2), this chapter does not prevent the legislative body of a local agency from holding closed sessions during a regular or special meeting to consider the appointment, employment, evaluation of performance, discipline, or dismissal of a public employee or to hear complaints or charges brought against the employee by another person or employee unless the employee requests a public session.
(2) As a condition to holding a closed session on specific complaints or charges brought against an employee by another person or employee, the employee shall be given written notice of their right to have the complaints or charges heard in an open session rather than a closed session, which notice shall be delivered to the employee personally or by mail at least 24 hours before the time for holding the session. If notice is not given, any disciplinary or other action taken by the legislative body against the employee based on the specific complaints or charges in the closed session shall be null and void.
(3) The legislative body also may exclude from the public or closed meeting, during the examination of a witness, any or all other witnesses in the matter being investigated by the legislative body.
(4) For the purposes of this subdivision, the term “employee” shall include an officer or an independent contractor who functions as an officer or an employee but shall not include any elected official, member of a legislative body or other independent contractors. This subdivision shall not limit local officials’ ability to hold closed session meetings pursuant to Sections 1461, 32106, and 32155 of the Health and Safety Code or Sections 37606 and 37624.3 of the Government Code. Closed sessions held pursuant to this subdivision shall not include discussion or action on proposed compensation except for a reduction of compensation that results from the imposition of discipline.

SEC. 2.

 The Legislature finds and declares that Section 1 of this act, which amends Section 54957 of the Government Code, imposes a limitation on the public’s right of access to the meetings of public bodies or the writings of public officials and agencies within the meaning of Section 3 of Article I of the California Constitution. Pursuant to that constitutional provision, the Legislature makes the following findings to demonstrate the interest protected by this limitation and the need for protecting that interest:
By authorizing closed sessions of legislative bodies relating to cybersecurity, this bill allows a legislative body to receive, confidentially discuss, and learn about cybersecurity risks, vulnerabilities, and threats facing the agency, thereby enabling the legislative body to make fully informed cybersecurity-related decisions in open session. The bill protects information and deliberations related to an agency’s cybersecurity in order to protect against current or future cybersecurity attacks on the agency that can damage public facilities and services.

SEC. 3.

 The Legislature finds and declares that Section 1 of this act, which amends Section 54957 of the Government Code, furthers, within the meaning of paragraph (7) of subdivision (b) of Section 3 of Article I of the California Constitution, the purposes of that constitutional section as it relates to the right of public access to the meetings of local public bodies or the writings of local public officials and local agencies. Pursuant to paragraph (7) of subdivision (b) of Section 3 of Article I of the California Constitution, the Legislature makes the following findings:
By authorizing closed sessions of legislative bodies relating to cybersecurity, this bill allows a legislative body to receive, confidentially discuss, and learn about cybersecurity risks, vulnerabilities, and threats facing the agency, thereby enabling the legislative body to make fully informed cybersecurity-related decisions in open session. The bill protects information and deliberations related to an agency’s cybersecurity in order to protect against current or future cybersecurity attacks on the agency that can damage public facilities and services.