Explore The NRA Universe Of Websites

APPEARS IN News

Going, Going… Gone? Privacy and Gun Owner Data Security in California

Monday, February 10, 2025

Going, Going… Gone? Privacy and Gun Owner Data Security in California

Where does privacy go to die? For gun owners and concealed carry applicants and permit holders in the Golden State, the answer must surely be California.

Under California law, applicants and holders of concealed carry licenses are required to provide sensitive personal information to the state: besides name, address, place of birth, and phone number, individuals must disclose their occupation, driver’s license or state ID number, and physical descriptors (race, sex, height, weight, hair color, eye color). Mandatory reporting is also required for every person who lawfully purchases a firearm or ammunition: what was purchased, when and where it was bought, and more. The information so collected is maintained in California Department of Justice (DOJ) databases.

In 2021, California Governor Gavin Newsom (D) signed a bill into law that authorizes the DOJ to turn over the information in these databases to third parties – the “California Firearm Violence Research Center” at the University of California Davis, and “any other nonprofit bona fide research institution accredited by the United States Department of Education or the Council for Higher Education Accreditation.” The law directs that “[m]aterial identifying individuals shall only be provided for research or statistical activities and shall not be … used for purposes other than research or statistical activities,” but includes no penalties for misuse or any enforcement mechanism for this provision.

On behalf of anonymous plaintiffs, the NRA filed a lawsuit against the state in federal court, alleging that handing over sensitive, identifying personal information to organizations that have no duty to safeguard it violated state and federal laws. California’s filing in response, dated February 9, 2022 and seeking to dismiss the lawsuit, asserted that the plaintiffs “worry that their records will become public, increasing the risk that they will be harassed and targeted for crime. Those concerns are entirely speculative. Ironically, researchers could probably use the very information Plaintiffs want suppressed to test their theory.” Even assuming the concern over public disclosure was reasonable, “the State’s interest in addressing firearm violence through research unquestionably outweighs whatever interest of a constitutional magnitude (if there even is one) that Plaintiffs have in keeping their information private.”

Shortly after that flippant dismissal of security concerns as baseless and “speculative,” the DOJ’s own newly-unveiled “2022 Firearms Dashboard Portal” exposed the personal information (name, address, age, Criminal Identification Index (CII) number and license type) of every concealed carry permit (CCW) holder in California. A statement by the Fresno County Sheriff’s Office advised that the DOJ had shuttered the site upon learning of the data breach, but “portions of private information may have been posted on social media websites. It is unknown exactly how much time the information was accessible.” The State Attorney General’s Office was expected to “institute a program to reduce any harm or damages to CCW holders that resulted from the breach.”

A statement issued by the DOJ on the breach confirmed that it was much more damaging. It included the data for individuals who had been granted or denied a permit between 2011 and 2021 (names, date of birth, gender, race, driver’s license number, addresses, and criminal history) and potentially extended to the “following dashboards: Assault Weapon Registry, Dealer Record of Sale, Firearm Certification System, and Gun Violence Restraining Order dashboards.” Attorney General Rob Bonta, the defendant in the NRA case, was quoted in the statement as saying, “The California Department of Justice is entrusted to protect Californians and their data. We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered.”

If that wasn’t enough to put paid to the California government’s assertions that fears of unauthorized access and misuse are unfounded and overblown, it now appears that another repository of secured, sensitive information maintained by the State has been inappropriately accessed and used by law enforcement, in direct violation of the applicable rules. According to the Electronic Frontier Foundation (EFF), a nonprofit group defending privacy rights and other civil liberties in the digital world, the “Los Angeles County Sheriff’s Department (LACSD) committed wholesale abuse of sensitive criminal justice databases in 2023, violating a specific rule against searching the data to run background checks for concealed carry firearm permits.”

The database at issue is the California Law Enforcement Telecommunications System (CLETS), which the EEF describes as containing “a lot of sensitive information” across a variety of databases, including records from the Department of Motor Vehicles, the National Law Enforcement Telecommunications System, Criminal Justice Information Services, and the National Crime Information Center.

According to a 2019 DOJ manual on CLETS, the controls against unauthorized use include a requirement that “[a]ll persons having access to information from the CLETS … undergo a background security clearance to determine their suitability for logical or physical access to the CLETS. This includes, at minimum, the required state and federal fingerprint-based criminal offender record information search,” and sign a user agreement statement. “Access is restricted to “authorized law enforcement, criminal justice personnel or their lawfully authorized designees;” the information from CLETS is “confidential and for official use only;” and CLETS cannot be used for “licensing, certification or employment purposes.” Further, “[s]ecurity and awareness training shall be required for all personnel who have direct or indirect access to CLETS systems,” and the training “must include the requirement that CLETS information shall only be obtained in the course of official business.”

Due to the nature of the database information, law enforcement agencies with access to CLETS must inform the DOJ of any investigations and discipline related to misuse of the system. “Misuse” specifically includes “[q]uerying the Automated Criminal History System for licensing, employment or certification purposes (e.g., Carry Concealed Weapon permits),” and “[q]uerying yourself, family members, romantic partners, business associates, friends, neighbors” and the like.  

The EFF periodically files freedom of information requests for the reports on misuse. The information on mandatory reporting for 2024 is due imminently, but the 2023 information reveals a “record 7,275 violations across California,” with the bulk of those being the LACSD’s 6,789 abuses. Singling out this misuse of CLETS for concealed carry permit research as one of the “highest profile” instances in 2023, the EFF notes that the “LACSD retrained all staff and implemented new processes. However, state Justice Department officials acknowledged that this problem was not unique, and they had documented other agencies abusing the data in the same way.” (Emphasis added.) 

The sanctions imposed for 2023 violations included 24 officers being suspended, six officers resigning, and nine being fired. Interestingly, the 2023 suspensions represent nearly half of all of the suspensions (55) that resulted for misuse over a four-year period (2019 to 2023).

The critical fact underlying CLETS misuse is that it only came to light because of a mandatory reporting requirement. Unlike the CLETS system, which controls access continuously through a background security clearance, training, and other restrictions, it is not at all clear whether anything remotely approaching these (obviously not foolproof) access and misuse safeguards apply to UC Davis and whatever other entity receives the DOJ information. As the EFF findings demonstrate, even the many rules against misuse of CLETS were of limited effectiveness and failed to prevent a “wholesale abuse of sensitive criminal justice databases” in 2023. In the case of the DOJ database information that’s available to public researchers, how would anyone know there’s been unauthorized use, a data breach, or inappropriate disclosure?

As the EFF accurately observes, “CLETS is only one of many massive databases available to law enforcement, but it is one of the very few with a mandatory reporting requirement for abuse; violations of other systems likely never go reported to a state oversight body or at all. The sheer amount of misuse should serve as a warning that other systems police use, such as automated license plate reader and face recognition databases, are likely also being abused at a high rate – or even higher, since they are not subject to the same scrutiny as CLETS.”

Despite the assurances of California officials on the importance of “protecting” residents and their data, the reality is that government data leaks and actual misuse are far from isolated occurrences. And, given the magnitude of recent misuse and breaches, any privacy California’s legitimate firearm owners have managed to hang onto by now will continue to take a backseat to whatever gun control agenda the Golden State is pushing.

TRENDING NOW
Trump Reinforces Support for the Second Amendment During National AM250 Address

News  

Monday, July 13, 2026

Trump Reinforces Support for the Second Amendment During National AM250 Address

It may not need to be said, but we’ll keep saying it: Donald Trump is the most pro-Second Amendment president in the NRA’s history of protecting the right to keep and bear arms.  While the nation ...

NRA Files Comments in Response to ATF’s Regulatory Reforms, Urges Participation!

News  

Monday, July 13, 2026

NRA Files Comments in Response to ATF’s Regulatory Reforms, Urges Participation!

Last week, NRA filed its first round of comments in response to ATF’s comprehensive regulatory overhaul. NRA’s latest input shows the Association’s efforts coming full circle.

Judge Rules Preliminary Injunction Against Virginia “Assault Firearm” and Magazine Bans Secured by NRA Applies Statewide

Wednesday, July 8, 2026

Judge Rules Preliminary Injunction Against Virginia “Assault Firearm” and Magazine Bans Secured by NRA Applies Statewide

In the NRA’s challenge to Virginia’s “assault firearm” and magazine bans, Santolla v. Katz, Judge Jeffrey L. Campbell of the Washington County Circuit Court issued a letter opinion yesterday making clear that the preliminary injunction ...

NRA Files Lawsuit Challenging Illinois’s Waiting Period Requirement for Firearm Purchases

Wednesday, July 8, 2026

NRA Files Lawsuit Challenging Illinois’s Waiting Period Requirement for Firearm Purchases

The National Rifle Association filed a lawsuit challenging Illinois’s 72-hour waiting period requirement for firearm purchases.

Virginia Anti-gun Lawmakers Delay “Assault Firearm” Carry and Transportation Restriction

News  

Monday, July 6, 2026

Virginia Anti-gun Lawmakers Delay “Assault Firearm” Carry and Transportation Restriction

Virginia Governor Abigail Spanberger (D) and the General Assembly’s ruling anti-gun majority have delayed the enactment of one of their most controversial pieces of legislation, a severe restriction on Virginians’ ability to move about the ...

Make America Beautiful Again Progress Report Reinforces NRA’s Sporting Priorities

News  

Monday, July 13, 2026

Make America Beautiful Again Progress Report Reinforces NRA’s Sporting Priorities

In the continuing celebratory spirit of America’s 250th anniversary, the Trump administration released the 2026 Make America Beautiful Again (MABA) Midterm Report, a progress report  prepared by the MABA Commission to provide updates on conservation-related initiatives ...

As the Court Decisions Roll In, Have Gun Controllers Finally Overplayed Their Hand?

News  

Thursday, July 2, 2026

As the Court Decisions Roll In, Have Gun Controllers Finally Overplayed Their Hand?

The final week of June brought a flurry of legal action on various gun control laws in the states.

SCOTUS Agrees to Hear Challenges to “Assault Weapon” Bans

Wednesday, July 1, 2026

SCOTUS Agrees to Hear Challenges to “Assault Weapon” Bans

Today, the United States Supreme Court granted certiorari in two cases challenging bans on “assault weapons.”

U.S. House Passes Legislation to Block Credit Card Gun Registry

News  

Tuesday, July 14, 2026

U.S. House Passes Legislation to Block Credit Card Gun Registry

On July 14, 2026, the U.S. House passed H.R. 1181, the Protecting Privacy in Purchases Act. This important legislation, sponsored by Representative Riley Moore (R-WV-02), would prohibit credit card companies from tracking the purchases of ...

NRA Files Amicus Brief Urging Sixth Circuit to Strike Down NFA Restrictions on Short-Barreled Rifles

Monday, July 13, 2026

NRA Files Amicus Brief Urging Sixth Circuit to Strike Down NFA Restrictions on Short-Barreled Rifles

Today, the National Rifle Association, joined by the Firearms Policy Coalition, Second Amendment Foundation, and American Suppressor Association, filed an amicus brief in United States v. Machamer, urging the U.S. Court of Appeals for the ...

MORE TRENDING +
LESS TRENDING -

More Like This From Around The NRA

NRA ILA

Established in 1975, the Institute for Legislative Action (ILA) is the "lobbying" arm of the National Rifle Association of America. ILA is responsible for preserving the right of all law-abiding individuals in the legislative, political, and legal arenas, to purchase, possess and use firearms for legitimate purposes as guaranteed by the Second Amendment to the U.S. Constitution.