27390-27399

GOVERNMENT CODE
SECTION 27390-27399




27390.  (a) This article shall be known and may be cited as the
Electronic Recording Delivery Act of 2004.
   (b) For the purposes of this article, the following definitions
shall apply:
   (1) "Authorized submitter" means a party that has entered into a
contract with a county recorder pursuant to subdivision (b) of
Section 27391 and is not disqualified pursuant to Section 27395.
   (2) "Computer security auditor" means computer security personnel
hired to perform an independent audit of the electronic recording
delivery system. The computer security auditor shall be independent
of the county recorder and the authorized submitter and shall not be
the same contractor hired to establish or participate in a county's
electronic recording delivery system or in the authorized submitter's
portion of that system.
   (3) "Digital electronic record" means a record containing
information that is created, generated, sent, communicated, received,
or stored by electronic means, but not created in original paper
form.
   (4) "Digitized electronic record" means a scanned image of the
original paper document.
   (5) "Electronic recording delivery system" means a system to
deliver for recording, and to return to the party requesting
recording, digitized or digital electronic records.
   (6) "Security testing" means an independent security audit by a
computer security auditor, including, but not limited to, attempts to
penetrate an electronic recording delivery system for the purpose of
testing the security of that system.
   (7) "Source code" means a program or set of programs, readable and
maintainable by humans, translated or interpreted into a form that
the electronic recording delivery system can execute.
   (8) "System certification" means the issuance of a confirmation
letter regarding a county's electronic recording delivery system by
the Attorney General.



27391.  (a) Upon approval by resolution of the board of supervisors
and system certification by the Attorney General, a county recorder
may establish an electronic recording delivery system.
   (b) Upon system certification, a county recorder may enter into a
contract with a title insurer, as defined in Section 12340.4 of the
Insurance Code, underwritten title company, as defined in Section
12340.5 of the Insurance Code, institutional lender, as defined in
paragraph (1), (2), or (4) of subdivision (j) of Section 50003 of the
Financial Code, or an entity of local, state, or federal government
for the delivery for recording, and return to the party requesting
recording, of a digitized electronic record that is an instrument
affecting a right, title, or interest in real property. The contract
may provide for the delivery of documents by an agent. However, the
agent shall not be a vendor of electronic recording delivery systems.
   (c) A county recorder may refuse to enter into a contract with any
party or may terminate or suspend access to a system for any good
faith reason, including, but not limited to, a determination by the
county recorder that termination or suspension is necessary to
protect the public interest, to protect the integrity of public
records, or to protect homeowners from financial harm, or if the
volume or quality of instruments submitted by the requester is not
sufficient to warrant electronic recordation. A county recorder may
also terminate or suspend access to a system if a party commits a
substantive breach of the contract, the requirements of this article,
or the regulations adopted pursuant to this article.
   (d) Notwithstanding Section 27321, a county recorder may require a
party electronically submitting records to mail a copy of the
recorded electronic document to the address specified in the
instructions for mailing upon completion of recording.
   (e) When a signature is required to be accompanied by a notary's
seal or stamp, that requirement is satisfied if the electronic
signature of the notary contains all of the following:
   (1) The name of the notary.
   (2) The words "Notary Public."
   (3) The name of the county where the bond and oath of office of
the notary are filed.
   (4) The sequential identification number assigned to the notary,
if any.
   (5) The sequential identification number assigned to the
manufacturer or vendor of the notary's physical or electronic seal,
if any.


27392.  (a) No electronic recording delivery system may become
operational without system certification by the Attorney General. The
certification shall affirm that the proposed county system conforms
to this article and any regulations adopted pursuant to this article,
that security testing has confirmed that the system is secure and
that the proposed operating procedures are sufficient to assure the
continuing security and lawful operation of that system. The
certification may include any agreements between the county recorder
and the Attorney General as to the operation of the system,
including, but not limited to, the nature and frequency of computer
security audits. Certification may be withdrawn for good cause.
   (b) The Attorney General shall approve software and other services
for electronic recording delivery systems pursuant to regulations
adopted as described in paragraph (7) of subdivision (b) of Section
27393.


27393.  (a) The Attorney General shall, in consultation with
interested parties, adopt regulations for the review, approval, and
oversight of electronic recording delivery systems. Regulations shall
be adopted pursuant to the Administrative Procedure Act (Chapter 3.5
(commencing with Section 11340) of Part 1 of Division 3). The
regulations shall comply with Section 12168.7.
   (b) The regulations adopted pursuant to subdivision (a) may
include, but need not be limited to, all of the following:
   (1) Establishment of baseline technological and procedural
specifications for electronic recording delivery systems.
   (2) Requirements for security, capacity, reliability, and
uniformity.
   (3) Requirements as to the nature and frequency of computer
security audits.
   (4) A statement of a detailed and uniform definition of the term
"source code" consistent with paragraph (7) of subdivision (b) of
Section 27390, and as used in this article, and applicable to each
county's electronic recording delivery system.
   (5) Requirements for placement of a copy of the operating system,
source code, compilers, and all related software associated with each
county's electronic recording delivery system in an approved escrow
facility prior to that system's first use.
   (6) Requirements to ensure that substantive modifications to an
operating system, compilers, related software, or source code are
approved by the Attorney General.
   (7) Procedures for initial certification of vendors offering
software and other services to counties for electronic recording
delivery systems.
   (8) Requirements for system certification and for oversight of
approved systems.
   (9) Requirements for fingerprinting and criminal records checks
required by Section 27395, including a list of employment positions
or classifications subject to criminal records checks under
subdivision (f) of that section.
   (10) Requirements for uniform index information that shall be
included in every digitized or digital electronic record.
   (11) Requirements for protecting proprietary information accessed
pursuant to subdivision (e) of Section 27394 from public disclosure.
   (12) Requirements for certification under Section 27397.5.
   (c) The Attorney General may promulgate any other regulations
necessary to fulfill his or her obligations under this article.
   (d) An electronic recording delivery system shall be subject to
local inspection and review by the Attorney General. The Attorney
General shall furnish a statement of any relevant findings associated
with a local inspection of an electronic recording delivery system,
to the county recorder and the district attorney of the affected
county, and to all technology vendors associated with that system.



27394.  (a) To be eligible to establish an electronic recording
delivery system, a county recorder shall contract with, and obtain a
report from, a computer security auditor selected from a list of
computer security auditors approved by the Attorney General.
   (b) The Attorney General shall approve computer security auditors
on the basis of significant experience in the evaluation and analysis
of Internet security design, the conduct of security testing
procedures, and specific experience performing Internet penetration
studies. The Attorney General shall complete the approval of security
auditors within 90 days of a request from a county recorder. The
list shall be a public record.
   (c) An electronic recording delivery system shall be audited, at
least once during the first year of operation and periodically
thereafter, as set forth in regulation and in the system
certification, by a computer security auditor. The computer security
auditor shall conduct security testing of the electronic recording
delivery system. The reports of the computer security auditor shall
include, but not be limited to, all of the following considerations:
   (1) Safety and security of the system, including the vulnerability
of the electronic recording delivery system to fraud or penetration.
   (2) Results of testing of the system's protections against fraud
or intrusion, including security testing and penetration studies.
   (3) Recommendations for any additional precautions needed to
ensure that the system is secure.
   (d) Upon completion, the reports and any response to any
recommendations shall be transmitted to the board of supervisors, the
county recorder, the county district attorney, and the Attorney
General. These reports shall be exempt from disclosure under the
California Public Records Act (Chapter 3.5 (commencing with Section
6250) of Division 7 of Title 1).
   (e) A computer security auditor shall have access to any aspect of
an electronic recording delivery system, in any form requested.
Computer security auditor access shall include, but not be limited
to, permission for a thorough examination of source code and the
associated approved escrow facility, and necessary authorization and
assistance for a penetration study of that system.
   (f) If the county recorder, a computer security auditor, a
district attorney for a county participating in the electronic
recording delivery system, or the Attorney General reasonably
believes that an electronic recording delivery system is vulnerable
to fraud or intrusion, the county recorder, the board of supervisors,
the district attorney, and the Attorney General shall be immediately
notified. The county recorder shall immediately take the necessary
steps to guard against any compromise of the electronic recording
delivery system, including, if necessary, the suspension of an
authorized submitter or of the electronic recording delivery system.



27395.  (a) No person shall be a computer security auditor or be
granted secure access to an electronic recording delivery system if
he or she has been convicted of a felony, has been convicted of a
misdemeanor related to theft, fraud, or a crime of moral turpitude,
or if he or she has pending criminal charges for any of these crimes.
A plea of guilty or no contest, a verdict resulting in conviction,
or the forfeiture of bail, shall be a conviction within the meaning
of this section, irrespective of a subsequent order under Section
1203.4 of the Penal Code.
   (b) All persons entrusted with secure access to an electronic
recording delivery system shall submit fingerprints to the Attorney
General for a criminal records check according to regulations adopted
pursuant to Section 27393.
   (c) (1) The Attorney General shall submit to the Department of
Justice the fingerprint images and related information of persons
with secure access to the electronic recording delivery system and
computer security auditors for the purpose of obtaining information
as to the existence and nature of a record of state or federal
convictions and arrests for which the Department of Justice
establishes that the applicant was released on bail or on his or her
own recognizance pending trial.
   (2) The Department of Justice shall respond to the Attorney
General for criminal offender record information requests submitted
pursuant to this section, with information as delineated in
subdivision (l) of Section 11105 of the Penal Code.
   (3) The Department of Justice shall forward requests from the
Attorney General to the Federal Bureau of Investigation for federal
summary criminal history information pursuant to this section.
   (4) The Attorney General shall review and compile the information
from the Department of Justice and the Federal Bureau of
Investigation to determine whether a person is eligible to access an
electronic recording delivery system pursuant to this article.
   (5) The Attorney General shall request subsequent arrest
notification service, pursuant to Section 11105.2 of the Penal Code,
for all persons with secure access to the electronic recording
delivery system and all computer security auditors.
   (d) The Attorney General shall deliver written notification of an
individual's ineligibility for access to an electronic recording
delivery system to the individual, his or her known employer, the
computer security auditor, and the county recorder.
   (e) The Department of Justice shall charge a fee sufficient to
cover the cost of processing a state or federal criminal offender
record information request and any other costs incurred pursuant to
this section.
   (f) The Attorney General shall define "secure access" by
regulation and by agreement with the county recorder in the system
certification.



27396.  (a) The Attorney General shall monitor the security of
electronic recording delivery systems statewide, in close cooperation
with county recorders and public prosecutors. In the event of an
emergency involving multiple fraudulent transactions linked to one
county's use of an electronic recording delivery system, the Attorney
General may order the suspension of electronic recording delivery
systems in any county or in multiple counties, if necessary to
protect the security of the system, for a period of up to seven court
days. The Attorney General may seek an order from the superior court
if it is necessary to extend this order.
   (b) (1) The Attorney General, a district attorney, or a city
prosecutor may bring an action in the name of the people of the state
seeking declaratory or injunctive relief, restitution for damages or
economic loss, rescission, or other equitable relief pertaining to
any alleged violation of this article or regulations adopted pursuant
to this article. Injunctive relief may include, but is not limited
to, an order suspending a party from participation in the electronic
recording delivery system, on a temporary or permanent basis.
   (2) Nothing in this subdivision shall be construed to prevent the
Attorney General, a district attorney, or a city prosecutor from
seeking legal or equitable relief under any other provision of law.




27397.  (a) A county establishing an electronic recording delivery
system under this article shall pay for the direct cost of regulation
and oversight by the Attorney General.
   (b) The Attorney General may charge a fee directly to a vendor
seeking approval of software and other services as part of an
electronic recording delivery system. The fee shall not exceed the
reasonable costs of approving software or other services for vendors.
   (c) In order to pay costs under this section, a county may do any
of the following:
   (1) Impose a fee in an amount up to and including one dollar ($1)
for each instrument that is recorded by the county. This fee may, at
the county's discretion, be limited to instruments that are recorded
pursuant to the electronic recording delivery system.
   (2) Impose a fee upon any vendor seeking approval of software and
other services as part of an electronic recording delivery system.
   (3) Impose a fee upon any person seeking to contract as an
authorized submitter.
   (d) The total fees assessed by a county recorder pursuant to this
section may not exceed the reasonable total costs of the electronic
recording delivery system, the review and approval of vendors and
potential authorized submitters, security testing as required by this
article and the regulations of the Attorney General, and
reimbursement to the Attorney General for regulation and oversight of
the electronic recording delivery system.
   (e) Fees paid to the Attorney General pursuant to subdivisions (a)
and (b) shall be deposited in the Electronic Recording Authorization
Account, which is hereby created in the Special Deposit Fund, and,
notwithstanding Section 13340, is continuously appropriated, without
regard to fiscal years, to the Attorney General for the costs
described in those subdivisions.



27397.5.  (a) A county recorder may include in the county's
electronic recording delivery system a secure method for accepting
for recording a digital or digitized electronic record that is an
instrument of reconveyance, substitution of trustee, or assignment of
deed of trust.
   (b) A county recorder may contract with a title insurer, as
defined in Section 12340.4 of the Insurance Code, underwritten title
company, as defined in Section 12340.5 of the Insurance Code, an
entity of state, local, or federal government, or an institutional
lender, as defined in Section 50003 of the Financial Code, or their
authorized agents, to be an authorized submitter of the documents
specified in subdivision (a).
   (c) With respect to the electronic submission of the records
described in subdivision (a), the requirements that an authorized
submitter be subject to a security audit under Section 27394 and a
criminal records check under Section 27395 shall not apply where the
certification requirements of subdivision (d) have been met.
   (d) (1) In order for subdivision (c) to apply, the county recorder
and the Attorney General shall certify that the method of submission
allowed under the system will not permit an authorized submitter or
its employees and agents, or any third party, to modify, manipulate,
insert, or delete information in the public record, maintained by the
county recorder, or information in electronic records submitted
pursuant to subdivision (b) of Section 27391.
   (2) Certification under this section may be withdrawn by either
the county recorder or the Attorney General at any time either
determines that the requirements of this subdivision are not met.
   (e) For purposes of this section, an agent of an authorized
submitter shall not include a vendor of electronic recording delivery
systems.


27398.  (a) The Attorney General shall conduct an evaluation of
electronic recording delivery systems authorized by this article, and
report to both houses of the Legislature on or before June 30, 2009.
   (b) It is the intent of the Legislature that the evaluation
include an analysis of costs, cost savings, security and real estate
fraud prevention, and recommendations as to improvements and possible
expansion of the provisions of this article.
   (c) The evaluation shall also include a study of the feasibility
of expanding the provisions of this article to cover the delivery,
recording, and return of other electronic records.



27399.  (a) Nothing in this article shall be construed to authorize
any state agency to administer any of the processes or procedures
relating to the business of the county recorders of the state in any
manner not otherwise specifically set forth in this article.
   (b) The authority granted in this article is in addition to any
other authority or obligation under state or federal law.
   (c) Nothing in this article shall be construed to repeal or affect
Section 27279, 27279.1, 27279.2, 27297.6, 27387.1, or 27399.7, or
the authority of the Counties of Orange and San Bernardino to act
under those provisions.