California Leaks Personal Data of Carry Permit Holders
On Monday June 27, California Attorney General Rob Bonta announced the launch of the California Department of Justice (DOJ)’s Firearms Dashboard Portal. The data tool was designed to give granular firearm transaction and Concealed Carry Weapons (CCW) permit holder data to anyone visiting the DOJ’s website. However, astute users quickly realized that the dashboard could be used to access the personally identifying information of California CCW holders - including date of birth, full name, and address.
Initial reports of the leak appeared on social media and on firearm enthusiast internet forums. According to several social media users, individuals were able to download all of the leaked personal information from the DOJ website – meaning this information is likely now in the public in perpetuity.
As of Tuesday afternoon, the California DOJ had removed the Firearms Dashboard Portal from its website.
However, on Tuesday an attorney for a firm that works with the NRA California state affiliate, California Rifle & Pistol Association, made clear that he had been provided with video evidence of the breach.
Likewise, firearm news outlet The Reload reported Tuesday that “[a] video reviewed by The Reload shows the databases with detailed information were initially available for download via a button on the website’s mapping feature.” Explaining some of the extent of the breach, The Reload item explained,
The Reload reviewed a copy of the Lost Angeles County database and found 244 judge permits listed in the database. The files included the home addresses, full names, and dates of birth for all of them. The same was true for seven custodial officers, 63 people with a place of employment permit, and 420 reserve officers.
2,891 people in Los Angeles County with standard licenses also had their information compromised by the leak, though the database appears to include some duplicate entries as well.
NRA was independently contacted by a concerned California resident who provided the organization with an image containing some of the leaked information, including gun owners’ full names and dates of birth.
This breach of gun owner data comes as NRA is in litigation with California over gun owner privacy.
In September 2021, California enacted AB 173. This law allows for the disclosure of highly sensitive information, including a gun owner’s name, address, place of birth, phone number, occupation, driver’s license or ID number, race, sex, height, weight, hair color, eye color, and even their social security number and types of firearms that they own to universities and any “bona fide research institute.” In January, NRA filed suit in Doe v. Bonta to stop this attack on gun owner privacy.
During an April 5 hearing in the Doe v. Bonta case, the California DOJ acknowledged that there are civil remedies for the leak of the sensitive gun owner data at issue in the case, and even the potential for criminal prosecution. The representative for the DOJ stated,
We acknowledge that the information is confidential. AB 173, I think, is quite clear that the information can’t be shared publicly. It’s our position that, if there is a disclosure, that those whose information is disclosed would have various remedies including – there might be criminal implications for someone who disclosed the information knowingly. There is civil remedies under various state laws. And so the information is confidential…
The court then asked about the DOJ’s understanding regarding the standard of proof necessary for obtaining a civil remedy for a state agency’s breach of confidential information. Both the court and the DOJ appeared to acknowledge that mere negligence in disclosing confidential information would give rise to a civil remedy.
NRA is monitoring the unfolding situation in California and will keep gun owners apprised of any further developments.
© 2022 National Rifle Association of America, Institute for Legislative Action. This may be reproduced. This may not be reproduced for commercial purposes.