|Submitted||Oct. 27, 2014|
MuckRock users can file, duplicate, track, and share public records requests like this one. Learn more.
To Whom It May Concern:
Pursuant to the California's Sunshine Amendment (Cal. Const. Art. I, § 3(b)), I hereby request the following records:
Any slides, memos, e-mails, or training materials issued to employees relating to the operation of electronic devices (computer, tablet, or mobile phone) issued since 2011 regarding the following topics:
1. Data Security (including the usage and configuration of Anti-Virus, Firewalls, Password reset policies, and VPNs.)
2. Whole Disk Encryption (and required configuration settings)
3. Mobile Device Management provisioning (including information on settings for tracking and restrictions placed on devices by installed device management profiles)
Additionally, I request information on Operating System and Application update requirements, such as standards in place requiring employees to update or not update devices, including emails and communications where IT departments request that employees defer updates from being applied immediately.
I also request that, if appropriate, fees be waived as I believe this request is in the public interest. The requested documents will be made available to the general public free of charge as part of the public information service at MuckRock.com, processed by a representative of the news media/press and is made in the process of news gathering and not for commercial usage.
In the event that fees cannot be waived, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.
Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 10 calendar days, as the statute requires.
Dear Mr. Guichet -
This email serves as the City of Irvine's response to your request under the California Sunshine Amendment (Cal. Const. Art. I, § 3(b) for slides, memos, e-mails, or training materials issued to employees relating to the operation of electronic devise (computer, tablet, or mobile phone) issued since 2011 relating to the following topics:
1) Data security (including the usage and configuration of anti-virus, firewalls, password reset policies and VPNs.)
2) Whole disk encryption (and required configuration settings)
3) Mobile device management (including information on settings for tracking and restrictions placed on devices by installed device management profiles)
Additionally, you are requesting information on Operating System and Application update requirements, including emails and communications where IT departments request that employees defer updates from being applied immediately.
The City of Irvine has reviewed your request for records and have determined they are exempt from disclosure under Government Code section 6254(f). To the extent the information would disclose or leave vulnerable Irvine Police Department's security procedures, this exemption would apply. Your request also seeks information regarding electronic security measures which, with disclosure, could leave our databases vulnerable to hacking. Based on Government Code 6255, these documents are also exempt from release.
If you have any questions, please contact me.
LEAD RECORDS SPECIALIST
City of Irvine l Police Department
P.O. Box 19575
Irvine, CA 92623
I appreciate your follow up.
6254(f) seems to primarily apply to specific techniques utilized during active investigations rather than departmental procedural material. I am not requesting material related to specific investigations, and therefore I believe this does not apply.
Further, it should be clear that I am not requesting any specific server access locations or passwords--I am only looking for documents related to departmental policies and training materials, and these responsive documents as requested should not constitute a vulnerability to the City of Irvine unless the standards of security are of question where password information is in cleartext in the responsive documents rather than shared as appropriate on a need to know basis though secure communication channels.
Dear Mr. Guichet,
Thank you for getting back to us with your concern/question. I have attached the City’s Information Technology Use Policy. Please let me know if this is what you are referring to in your Public Records Act request.
Kasandra Bowden l Supervisor
Records and Business Services Bureau
City of Irvine l Police Department
P. 949.724.7060 l F. 949.724.7157
Mailing: P.O. Box 19575 | Irvine , CA 92623