27390-27399
GOVERNMENT CODE
SECTION 27390-27399
27390. (a) This article shall be known and may be cited as the Electronic Recording Delivery Act of 2004. (b) For the purposes of this article, the following definitions shall apply: (1) "Authorized submitter" means a party that has entered into a contract with a county recorder pursuant to subdivision (b) of Section 27391 and is not disqualified pursuant to Section 27395. (2) "Computer security auditor" means computer security personnel hired to perform an independent audit of the electronic recording delivery system. The computer security auditor shall be independent of the county recorder and the authorized submitter and shall not be the same contractor hired to establish or participate in a county's electronic recording delivery system or in the authorized submitter's portion of that system. (3) "Digital electronic record" means a record containing information that is created, generated, sent, communicated, received, or stored by electronic means, but not created in original paper form. (4) "Digitized electronic record" means a scanned image of the original paper document. (5) "Electronic recording delivery system" means a system to deliver for recording, and to return to the party requesting recording, digitized or digital electronic records. (6) "Security testing" means an independent security audit by a computer security auditor, including, but not limited to, attempts to penetrate an electronic recording delivery system for the purpose of testing the security of that system. (7) "Source code" means a program or set of programs, readable and maintainable by humans, translated or interpreted into a form that the electronic recording delivery system can execute. (8) "System certification" means the issuance of a confirmation letter regarding a county's electronic recording delivery system by the Attorney General. 27391. (a) Upon approval by resolution of the board of supervisors and system certification by the Attorney General, a county recorder may establish an electronic recording delivery system. (b) Upon system certification, a county recorder may enter into a contract with a title insurer, as defined in Section 12340.4 of the Insurance Code, underwritten title company, as defined in Section 12340.5 of the Insurance Code, institutional lender, as defined in paragraph (1), (2), or (4) of subdivision (j) of Section 50003 of the Financial Code, or an entity of local, state, or federal government for the delivery for recording, and return to the party requesting recording, of a digitized electronic record that is an instrument affecting a right, title, or interest in real property. The contract may provide for the delivery of documents by an agent. However, the agent shall not be a vendor of electronic recording delivery systems. (c) A county recorder may refuse to enter into a contract with any party or may terminate or suspend access to a system for any good faith reason, including, but not limited to, a determination by the county recorder that termination or suspension is necessary to protect the public interest, to protect the integrity of public records, or to protect homeowners from financial harm, or if the volume or quality of instruments submitted by the requester is not sufficient to warrant electronic recordation. A county recorder may also terminate or suspend access to a system if a party commits a substantive breach of the contract, the requirements of this article, or the regulations adopted pursuant to this article. (d) Notwithstanding Section 27321, a county recorder may require a party electronically submitting records to mail a copy of the recorded electronic document to the address specified in the instructions for mailing upon completion of recording. (e) When a signature is required to be accompanied by a notary's seal or stamp, that requirement is satisfied if the electronic signature of the notary contains all of the following: (1) The name of the notary. (2) The words "Notary Public." (3) The name of the county where the bond and oath of office of the notary are filed. (4) The sequential identification number assigned to the notary, if any. (5) The sequential identification number assigned to the manufacturer or vendor of the notary's physical or electronic seal, if any. 27392. (a) No electronic recording delivery system may become operational without system certification by the Attorney General. The certification shall affirm that the proposed county system conforms to this article and any regulations adopted pursuant to this article, that security testing has confirmed that the system is secure and that the proposed operating procedures are sufficient to assure the continuing security and lawful operation of that system. The certification may include any agreements between the county recorder and the Attorney General as to the operation of the system, including, but not limited to, the nature and frequency of computer security audits. Certification may be withdrawn for good cause. (b) The Attorney General shall approve software and other services for electronic recording delivery systems pursuant to regulations adopted as described in paragraph (7) of subdivision (b) of Section 27393. 27393. (a) The Attorney General shall, in consultation with interested parties, adopt regulations for the review, approval, and oversight of electronic recording delivery systems. Regulations shall be adopted pursuant to the Administrative Procedure Act (Chapter 3.5 (commencing with Section 11340) of Part 1 of Division 3). The regulations shall comply with Section 12168.7. (b) The regulations adopted pursuant to subdivision (a) may include, but need not be limited to, all of the following: (1) Establishment of baseline technological and procedural specifications for electronic recording delivery systems. (2) Requirements for security, capacity, reliability, and uniformity. (3) Requirements as to the nature and frequency of computer security audits. (4) A statement of a detailed and uniform definition of the term "source code" consistent with paragraph (7) of subdivision (b) of Section 27390, and as used in this article, and applicable to each county's electronic recording delivery system. (5) Requirements for placement of a copy of the operating system, source code, compilers, and all related software associated with each county's electronic recording delivery system in an approved escrow facility prior to that system's first use. (6) Requirements to ensure that substantive modifications to an operating system, compilers, related software, or source code are approved by the Attorney General. (7) Procedures for initial certification of vendors offering software and other services to counties for electronic recording delivery systems. (8) Requirements for system certification and for oversight of approved systems. (9) Requirements for fingerprinting and criminal records checks required by Section 27395, including a list of employment positions or classifications subject to criminal records checks under subdivision (f) of that section. (10) Requirements for uniform index information that shall be included in every digitized or digital electronic record. (11) Requirements for protecting proprietary information accessed pursuant to subdivision (e) of Section 27394 from public disclosure. (12) Requirements for certification under Section 27397.5. (c) The Attorney General may promulgate any other regulations necessary to fulfill his or her obligations under this article. (d) An electronic recording delivery system shall be subject to local inspection and review by the Attorney General. The Attorney General shall furnish a statement of any relevant findings associated with a local inspection of an electronic recording delivery system, to the county recorder and the district attorney of the affected county, and to all technology vendors associated with that system. 27394. (a) To be eligible to establish an electronic recording delivery system, a county recorder shall contract with, and obtain a report from, a computer security auditor selected from a list of computer security auditors approved by the Attorney General. (b) The Attorney General shall approve computer security auditors on the basis of significant experience in the evaluation and analysis of Internet security design, the conduct of security testing procedures, and specific experience performing Internet penetration studies. The Attorney General shall complete the approval of security auditors within 90 days of a request from a county recorder. The list shall be a public record. (c) An electronic recording delivery system shall be audited, at least once during the first year of operation and periodically thereafter, as set forth in regulation and in the system certification, by a computer security auditor. The computer security auditor shall conduct security testing of the electronic recording delivery system. The reports of the computer security auditor shall include, but not be limited to, all of the following considerations: (1) Safety and security of the system, including the vulnerability of the electronic recording delivery system to fraud or penetration. (2) Results of testing of the system's protections against fraud or intrusion, including security testing and penetration studies. (3) Recommendations for any additional precautions needed to ensure that the system is secure. (d) Upon completion, the reports and any response to any recommendations shall be transmitted to the board of supervisors, the county recorder, the county district attorney, and the Attorney General. These reports shall be exempt from disclosure under the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1). (e) A computer security auditor shall have access to any aspect of an electronic recording delivery system, in any form requested. Computer security auditor access shall include, but not be limited to, permission for a thorough examination of source code and the associated approved escrow facility, and necessary authorization and assistance for a penetration study of that system. (f) If the county recorder, a computer security auditor, a district attorney for a county participating in the electronic recording delivery system, or the Attorney General reasonably believes that an electronic recording delivery system is vulnerable to fraud or intrusion, the county recorder, the board of supervisors, the district attorney, and the Attorney General shall be immediately notified. The county recorder shall immediately take the necessary steps to guard against any compromise of the electronic recording delivery system, including, if necessary, the suspension of an authorized submitter or of the electronic recording delivery system. 27395. (a) No person shall be a computer security auditor or be granted secure access to an electronic recording delivery system if he or she has been convicted of a felony, has been convicted of a misdemeanor related to theft, fraud, or a crime of moral turpitude, or if he or she has pending criminal charges for any of these crimes. A plea of guilty or no contest, a verdict resulting in conviction, or the forfeiture of bail, shall be a conviction within the meaning of this section, irrespective of a subsequent order under Section 1203.4 of the Penal Code. (b) All persons entrusted with secure access to an electronic recording delivery system shall submit fingerprints to the Attorney General for a criminal records check according to regulations adopted pursuant to Section 27393. (c) (1) The Attorney General shall submit to the Department of Justice the fingerprint images and related information of persons with secure access to the electronic recording delivery system and computer security auditors for the purpose of obtaining information as to the existence and nature of a record of state or federal convictions and arrests for which the Department of Justice establishes that the applicant was released on bail or on his or her own recognizance pending trial. (2) The Department of Justice shall respond to the Attorney General for criminal offender record information requests submitted pursuant to this section, with information as delineated in subdivision (l) of Section 11105 of the Penal Code. (3) The Department of Justice shall forward requests from the Attorney General to the Federal Bureau of Investigation for federal summary criminal history information pursuant to this section. (4) The Attorney General shall review and compile the information from the Department of Justice and the Federal Bureau of Investigation to determine whether a person is eligible to access an electronic recording delivery system pursuant to this article. (5) The Attorney General shall request subsequent arrest notification service, pursuant to Section 11105.2 of the Penal Code, for all persons with secure access to the electronic recording delivery system and all computer security auditors. (d) The Attorney General shall deliver written notification of an individual's ineligibility for access to an electronic recording delivery system to the individual, his or her known employer, the computer security auditor, and the county recorder. (e) The Department of Justice shall charge a fee sufficient to cover the cost of processing a state or federal criminal offender record information request and any other costs incurred pursuant to this section. (f) The Attorney General shall define "secure access" by regulation and by agreement with the county recorder in the system certification. 27396. (a) The Attorney General shall monitor the security of electronic recording delivery systems statewide, in close cooperation with county recorders and public prosecutors. In the event of an emergency involving multiple fraudulent transactions linked to one county's use of an electronic recording delivery system, the Attorney General may order the suspension of electronic recording delivery systems in any county or in multiple counties, if necessary to protect the security of the system, for a period of up to seven court days. The Attorney General may seek an order from the superior court if it is necessary to extend this order. (b) (1) The Attorney General, a district attorney, or a city prosecutor may bring an action in the name of the people of the state seeking declaratory or injunctive relief, restitution for damages or economic loss, rescission, or other equitable relief pertaining to any alleged violation of this article or regulations adopted pursuant to this article. Injunctive relief may include, but is not limited to, an order suspending a party from participation in the electronic recording delivery system, on a temporary or permanent basis. (2) Nothing in this subdivision shall be construed to prevent the Attorney General, a district attorney, or a city prosecutor from seeking legal or equitable relief under any other provision of law. 27397. (a) A county establishing an electronic recording delivery system under this article shall pay for the direct cost of regulation and oversight by the Attorney General. (b) The Attorney General may charge a fee directly to a vendor seeking approval of software and other services as part of an electronic recording delivery system. The fee shall not exceed the reasonable costs of approving software or other services for vendors. (c) In order to pay costs under this section, a county may do any of the following: (1) Impose a fee in an amount up to and including one dollar ($1) for each instrument that is recorded by the county. This fee may, at the county's discretion, be limited to instruments that are recorded pursuant to the electronic recording delivery system. (2) Impose a fee upon any vendor seeking approval of software and other services as part of an electronic recording delivery system. (3) Impose a fee upon any person seeking to contract as an authorized submitter. (d) The total fees assessed by a county recorder pursuant to this section may not exceed the reasonable total costs of the electronic recording delivery system, the review and approval of vendors and potential authorized submitters, security testing as required by this article and the regulations of the Attorney General, and reimbursement to the Attorney General for regulation and oversight of the electronic recording delivery system. (e) Fees paid to the Attorney General pursuant to subdivisions (a) and (b) shall be deposited in the Electronic Recording Authorization Account, which is hereby created in the Special Deposit Fund, and, notwithstanding Section 13340, is continuously appropriated, without regard to fiscal years, to the Attorney General for the costs described in those subdivisions. 27397.5. (a) A county recorder may include in the county's electronic recording delivery system a secure method for accepting for recording a digital or digitized electronic record that is an instrument of reconveyance, substitution of trustee, or assignment of deed of trust. (b) A county recorder may contract with a title insurer, as defined in Section 12340.4 of the Insurance Code, underwritten title company, as defined in Section 12340.5 of the Insurance Code, an entity of state, local, or federal government, or an institutional lender, as defined in Section 50003 of the Financial Code, or their authorized agents, to be an authorized submitter of the documents specified in subdivision (a). (c) With respect to the electronic submission of the records described in subdivision (a), the requirements that an authorized submitter be subject to a security audit under Section 27394 and a criminal records check under Section 27395 shall not apply where the certification requirements of subdivision (d) have been met. (d) (1) In order for subdivision (c) to apply, the county recorder and the Attorney General shall certify that the method of submission allowed under the system will not permit an authorized submitter or its employees and agents, or any third party, to modify, manipulate, insert, or delete information in the public record, maintained by the county recorder, or information in electronic records submitted pursuant to subdivision (b) of Section 27391. (2) Certification under this section may be withdrawn by either the county recorder or the Attorney General at any time either determines that the requirements of this subdivision are not met. (e) For purposes of this section, an agent of an authorized submitter shall not include a vendor of electronic recording delivery systems. 27398. (a) The Attorney General shall conduct an evaluation of electronic recording delivery systems authorized by this article, and report to both houses of the Legislature on or before June 30, 2009. (b) It is the intent of the Legislature that the evaluation include an analysis of costs, cost savings, security and real estate fraud prevention, and recommendations as to improvements and possible expansion of the provisions of this article. (c) The evaluation shall also include a study of the feasibility of expanding the provisions of this article to cover the delivery, recording, and return of other electronic records. 27399. (a) Nothing in this article shall be construed to authorize any state agency to administer any of the processes or procedures relating to the business of the county recorders of the state in any manner not otherwise specifically set forth in this article. (b) The authority granted in this article is in addition to any other authority or obligation under state or federal law. (c) Nothing in this article shall be construed to repeal or affect Section 27279, 27279.1, 27279.2, 27297.6, 27387.1, or 27399.7, or the authority of the Counties of Orange and San Bernardino to act under those provisions.