Article 6 - Electronic Recording Delivery Act of 2004

California Government Code — §§ 27390-27399

Sections (9)

Amended by Stats. 2016, Ch. 380, Sec. 2. (AB 2143) Effective January 1, 2017.

(a)This article shall be known and may be cited as the Electronic Recording Delivery Act of 2004.

(b)For the purposes of this article, the following definitions shall apply:

(1)“Authorized submitter” means a party that has entered into a contract with a county recorder pursuant to Section 27391 and is not disqualified pursuant to Section 27395.

(2)“Computer security auditor” means computer security personnel hired to perform an independent audit of the electronic recording delivery system. The computer security auditor shall

be independent of the county recorder and the authorized submitter and shall not be the same contractor hired to establish or participate in a county’s electronic recording delivery system or in the authorized submitter’s portion of that system.

(3)“Digital electronic record” means a record containing information that is created, generated, sent, communicated, received, or stored by electronic means, but not created in original paper form.

(4)“Digitized electronic record” means a scanned image of the original paper document.

(5)“Electronic recording delivery system” means a system to deliver for recording, and to return to the party requesting recording, digitized or digital electronic records.

(6)“Security testing” means an independent security audit by a computer security auditor, including, but not limited to, attempts to penetrate an electronic recording delivery system for the purpose of testing the security of that system.

(7)“Source code” means a program or set of programs, readable and maintainable by humans, translated or interpreted into a form that the electronic recording delivery system can execute.

(8)“System certification” means the issuance of a confirmation letter regarding a county’s electronic recording delivery system by the Attorney General.

§ 27392

Added by Stats. 2004, Ch. 621, Sec. 2. Effective September 21, 2004.

(a)No electronic recording delivery system may become operational without system certification by the Attorney General. The certification shall affirm that the proposed county system conforms to this article and any regulations adopted pursuant to this article, that security testing has confirmed that the system is secure and that the proposed operating procedures are sufficient to assure the continuing security and lawful operation of that system. The certification may include any agreements between the county recorder and the Attorney

General as to the operation of the system, including, but not limited to, the nature and frequency of computer security audits. Certification may be withdrawn for good cause.

(b)The Attorney General shall approve software and other services for electronic recording delivery systems pursuant to regulations adopted as described in paragraph (7) of subdivision (b) of Section 27393.

§ 27394

Amended by Stats. 2021, Ch. 615, Sec. 190. (AB 474) Effective January 1, 2022. Operative January 1, 2023, pursuant to Sec. 463 of Stats. 2021, Ch. 615.

(a)To be eligible to establish an electronic recording delivery system, a county recorder shall contract with, and obtain a report from, a computer security auditor selected from a list of computer security auditors approved by the Attorney General.

(b)The Attorney General shall approve computer security auditors on the basis of significant experience in the evaluation and analysis of internet security design, the conduct of security testing procedures, and specific experience performing internet penetration studies. The Attorney General shall complete the approval of security auditors within 90 days of a request from a county recorder. The list

shall be a public record.

(c)An electronic recording delivery system shall be audited, at least once during the first year of operation and periodically thereafter, as set forth in regulation and in the system certification, by a computer security auditor. The computer security auditor shall conduct security testing of the electronic recording delivery system. The reports of the computer security auditor shall include, but not be limited to, all of the following considerations:

(1)Safety and security of the system, including the vulnerability of the electronic recording delivery system to fraud or penetration.

(2)Results of testing of the system’s protections against fraud or intrusion, including security testing and

penetration studies.

(3)Recommendations for any additional precautions needed to ensure that the system is secure.

(d)Upon completion, the reports and any response to any recommendations shall be transmitted to the board of supervisors, the county recorder, the county district attorney, and the Attorney General. These reports shall be exempt from disclosure under the California Public Records Act (Division 10 (commencing with Section 7920.000) of Title 1).

(e)A computer security auditor shall have access to any aspect of an electronic recording delivery system, in any form requested. Computer security auditor access shall include, but not be limited to, permission for a thorough examination of source code and the associated

approved escrow facility, and necessary authorization and assistance for a penetration study of that system.

(f)If the county recorder, a computer security auditor, a district attorney for a county participating in the electronic recording delivery system, or the Attorney General reasonably believes that an electronic recording delivery system is vulnerable to fraud or intrusion, the county recorder, the board of supervisors, the district attorney, and the Attorney General shall be immediately notified. The county recorder shall immediately take the necessary steps to guard against any compromise of the electronic recording delivery system, including, if necessary, the suspension of an authorized submitter or of the electronic recording delivery system.

§ 27395

Amended by Stats. 2005, Ch. 520, Sec. 1. Effective January 1, 2006.

(a)No person shall be a computer security auditor or be granted secure access to an electronic recording delivery system if he or she has been convicted of a felony, has been convicted of a misdemeanor related to theft, fraud, or a crime of moral turpitude, or if he or she has pending criminal charges for any of these crimes. A plea of guilty or no contest, a verdict resulting in conviction, or the forfeiture of bail, shall be a conviction within the meaning of this section, irrespective of a subsequent order under Section 1203.4 of the

Penal Code.

(b)All persons entrusted with secure access to an electronic recording delivery system shall submit fingerprints to the Attorney General for a criminal records check according to regulations adopted pursuant to Section 27393.

(c)(1) The Attorney General shall submit to the Department of Justice the fingerprint images and related information of persons with secure access to the electronic recording delivery system and computer security auditors for the purpose of obtaining information as to the existence and nature of a record of state or federal convictions and arrests for which the Department of Justice establishes that the applicant was released on bail or on his or her own recognizance pending trial.

(2)The Department of Justice shall respond to the Attorney General for

criminal offender record information requests submitted pursuant to this section, with information as delineated in subdivision (l) of Section 11105 of the Penal Code.

(3)The Department of Justice shall forward requests from the Attorney General to the Federal Bureau of Investigation for federal summary criminal history information pursuant to this section.

(4)The Attorney General shall review and compile the information from the Department of Justice and the Federal Bureau of Investigation to determine whether a person is eligible to access an electronic recording delivery system pursuant to this article.

(5)The Attorney General shall request subsequent arrest notification service, pursuant to Section 11105.2 of the Penal Code, for all persons with secure access to the electronic recording delivery system

and all computer security auditors.

(d)The Attorney General shall deliver written notification of an individual’s ineligibility for access to an electronic recording delivery system to the individual, his or her known employer, the computer security auditor, and the county recorder.

(e)The Department of Justice shall charge a fee sufficient to cover the cost of processing a state or federal criminal offender record information request and any other costs incurred pursuant to this section.

(f)The Attorney General shall define “secure access” by regulation and by agreement with the county recorder in the system certification.

§ 27396

Added by Stats. 2004, Ch. 621, Sec. 2. Effective September 21, 2004.

(a)The Attorney General shall monitor the security of electronic recording delivery systems statewide, in close cooperation with county recorders and public prosecutors. In the event of an emergency involving multiple fraudulent transactions linked to one county’s use of an electronic recording delivery system, the Attorney General may order the suspension of electronic recording delivery systems in any county or in multiple counties, if necessary to protect the security of the system, for a period of up to seven court days. The Attorney

General may seek an order from the superior court if it is necessary to extend this order.

(b)(1) The Attorney General, a district attorney, or a city prosecutor may bring an action in the name of the people of the state seeking declaratory or injunctive relief, restitution for damages or economic loss, rescission, or other equitable relief pertaining to any alleged violation of this article or regulations adopted pursuant to this article. Injunctive relief may include, but is not limited to, an order suspending a party from participation in the electronic recording delivery system, on a temporary or permanent basis.

(2)Nothing in this subdivision shall be construed to prevent the Attorney General, a district attorney, or a city prosecutor from seeking legal or equitable relief under any other provision of law.

§ 27397

Amended by Stats. 2018, Ch. 467, Sec. 14. (SB 1498) Effective January 1, 2019.

(a)A county establishing an electronic recording delivery system pursuant to this article shall pay for the direct cost of regulation and oversight by the Attorney General.

(b)The Attorney General may charge a fee directly to a vendor seeking approval of software and other services as part of an electronic recording delivery system. The fee shall not exceed the reasonable costs of approving software or other services for vendors.

(c)In order to pay costs under this section, a county may do any of the following:

(1)Impose a fee in an amount up to and

including one dollar ($1) for each instrument, paper, or notice that is recorded by the county. This fee may, at the county’s discretion, be limited to instruments, papers, or notices that are recorded pursuant to the electronic recording delivery system.

(2)Impose a fee upon any vendor seeking approval of software and other services as part of an electronic recording delivery system.

(3)Impose a fee upon any person seeking to contract as an authorized submitter.

(d)The total fees assessed by a county recorder pursuant to this section may not exceed the reasonable total costs of the electronic recording delivery system, the review and approval of vendors and potential authorized submitters, security testing as

required by this article and the regulations of the Attorney General, and reimbursement to the Attorney General for regulation and oversight of the electronic recording delivery system.

(e)Fees paid to the Attorney General pursuant to subdivisions (a) and (b) shall be deposited in the Electronic Recording Authorization Fund which is hereby created in the State Treasury, and, notwithstanding Section 13340, is continuously appropriated, without regard to fiscal years, to the Attorney General for the costs described in those subdivisions. Moneys deposited in the Electronic Recording Authorization Account prior to the effective date of the amendments to this subdivision made during the 2015 Regular Session shall be immediately transferred to the Electronic Recording Authorization Fund.

§ 27397.5

Added by Stats. 2004, Ch. 621, Sec. 2. Effective September 21, 2004.

(a)A county recorder may include in the county’s electronic recording delivery system a secure method for accepting for recording a digital or digitized electronic record that is an instrument of reconveyance, substitution of trustee, or assignment of deed of trust.

(b)A county recorder may contract with a title insurer, as defined in Section 12340.4 of the Insurance Code, underwritten title company, as defined in Section 12340.5 of the Insurance Code, an entity of state,

local, or federal government, or an institutional lender, as defined in Section 50003 of the Financial Code, or their authorized agents, to be an authorized submitter of the documents specified in subdivision (a).

(c)With respect to the electronic submission of the records described in subdivision (a), the requirements that an authorized submitter be subject to a security audit under Section 27394 and a criminal records check under Section 27395 shall not apply where the certification requirements of subdivision (d) have been met.

(d)(1) In order for subdivision (c) to apply, the county recorder and the Attorney General shall certify that the method of submission allowed under the system will not permit an authorized submitter or its employees and agents, or any third party, to modify, manipulate, insert, or delete information in the public record,

maintained by the county recorder, or information in electronic records submitted pursuant to subdivision (b) of Section 27391.

(2)Certification under this section may be withdrawn by either the county recorder or the Attorney General at any time either determines that the requirements of this subdivision are not met.

(e)For purposes of this section, an agent of an authorized submitter shall not include a vendor of electronic recording delivery systems.

§ 27398

Added by Stats. 2004, Ch. 621, Sec. 2. Effective September 21, 2004.

(a)The Attorney General shall conduct an evaluation of electronic recording delivery systems authorized by this article, and report to both houses of the Legislature on or before June 30, 2009.

(b)It is the intent of the Legislature that the evaluation include an analysis of costs, cost savings, security and real estate fraud prevention, and recommendations as to improvements and possible expansion of the provisions of this article.

(c)The evaluation shall also include a study of the feasibility of expanding the provisions of this article to cover the delivery, recording, and return of other electronic records.

§ 27399

Added by Stats. 2004, Ch. 621, Sec. 2. Effective September 21, 2004.

(a)Nothing in this article shall be construed to authorize any state agency to administer any of the processes or procedures relating to the business of the county recorders of the state in any manner not otherwise specifically set forth in this article.

(b)The authority granted in this article is in addition to any other authority or obligation under state or federal law.

(c)Nothing in this article shall be

construed to repeal or affect Section 27279, 27279.1, 27279.2, 27297.6, 27387.1, or 27399.7, or the authority of the Counties of Orange and San Bernardino to act under those provisions.