Explore The NRA Universe Of Websites

APPEARS IN News

Going, Going… Gone? Privacy and Gun Owner Data Security in California

Monday, February 10, 2025

Going, Going… Gone? Privacy and Gun Owner Data Security in California

Where does privacy go to die? For gun owners and concealed carry applicants and permit holders in the Golden State, the answer must surely be California.

Under California law, applicants and holders of concealed carry licenses are required to provide sensitive personal information to the state: besides name, address, place of birth, and phone number, individuals must disclose their occupation, driver’s license or state ID number, and physical descriptors (race, sex, height, weight, hair color, eye color). Mandatory reporting is also required for every person who lawfully purchases a firearm or ammunition: what was purchased, when and where it was bought, and more. The information so collected is maintained in California Department of Justice (DOJ) databases.

In 2021, California Governor Gavin Newsom (D) signed a bill into law that authorizes the DOJ to turn over the information in these databases to third parties – the “California Firearm Violence Research Center” at the University of California Davis, and “any other nonprofit bona fide research institution accredited by the United States Department of Education or the Council for Higher Education Accreditation.” The law directs that “[m]aterial identifying individuals shall only be provided for research or statistical activities and shall not be … used for purposes other than research or statistical activities,” but includes no penalties for misuse or any enforcement mechanism for this provision.

On behalf of anonymous plaintiffs, the NRA filed a lawsuit against the state in federal court, alleging that handing over sensitive, identifying personal information to organizations that have no duty to safeguard it violated state and federal laws. California’s filing in response, dated February 9, 2022 and seeking to dismiss the lawsuit, asserted that the plaintiffs “worry that their records will become public, increasing the risk that they will be harassed and targeted for crime. Those concerns are entirely speculative. Ironically, researchers could probably use the very information Plaintiffs want suppressed to test their theory.” Even assuming the concern over public disclosure was reasonable, “the State’s interest in addressing firearm violence through research unquestionably outweighs whatever interest of a constitutional magnitude (if there even is one) that Plaintiffs have in keeping their information private.”

Shortly after that flippant dismissal of security concerns as baseless and “speculative,” the DOJ’s own newly-unveiled “2022 Firearms Dashboard Portal” exposed the personal information (name, address, age, Criminal Identification Index (CII) number and license type) of every concealed carry permit (CCW) holder in California. A statement by the Fresno County Sheriff’s Office advised that the DOJ had shuttered the site upon learning of the data breach, but “portions of private information may have been posted on social media websites. It is unknown exactly how much time the information was accessible.” The State Attorney General’s Office was expected to “institute a program to reduce any harm or damages to CCW holders that resulted from the breach.”

A statement issued by the DOJ on the breach confirmed that it was much more damaging. It included the data for individuals who had been granted or denied a permit between 2011 and 2021 (names, date of birth, gender, race, driver’s license number, addresses, and criminal history) and potentially extended to the “following dashboards: Assault Weapon Registry, Dealer Record of Sale, Firearm Certification System, and Gun Violence Restraining Order dashboards.” Attorney General Rob Bonta, the defendant in the NRA case, was quoted in the statement as saying, “The California Department of Justice is entrusted to protect Californians and their data. We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered.”

If that wasn’t enough to put paid to the California government’s assertions that fears of unauthorized access and misuse are unfounded and overblown, it now appears that another repository of secured, sensitive information maintained by the State has been inappropriately accessed and used by law enforcement, in direct violation of the applicable rules. According to the Electronic Frontier Foundation (EFF), a nonprofit group defending privacy rights and other civil liberties in the digital world, the “Los Angeles County Sheriff’s Department (LACSD) committed wholesale abuse of sensitive criminal justice databases in 2023, violating a specific rule against searching the data to run background checks for concealed carry firearm permits.”

The database at issue is the California Law Enforcement Telecommunications System (CLETS), which the EEF describes as containing “a lot of sensitive information” across a variety of databases, including records from the Department of Motor Vehicles, the National Law Enforcement Telecommunications System, Criminal Justice Information Services, and the National Crime Information Center.

According to a 2019 DOJ manual on CLETS, the controls against unauthorized use include a requirement that “[a]ll persons having access to information from the CLETS … undergo a background security clearance to determine their suitability for logical or physical access to the CLETS. This includes, at minimum, the required state and federal fingerprint-based criminal offender record information search,” and sign a user agreement statement. “Access is restricted to “authorized law enforcement, criminal justice personnel or their lawfully authorized designees;” the information from CLETS is “confidential and for official use only;” and CLETS cannot be used for “licensing, certification or employment purposes.” Further, “[s]ecurity and awareness training shall be required for all personnel who have direct or indirect access to CLETS systems,” and the training “must include the requirement that CLETS information shall only be obtained in the course of official business.”

Due to the nature of the database information, law enforcement agencies with access to CLETS must inform the DOJ of any investigations and discipline related to misuse of the system. “Misuse” specifically includes “[q]uerying the Automated Criminal History System for licensing, employment or certification purposes (e.g., Carry Concealed Weapon permits),” and “[q]uerying yourself, family members, romantic partners, business associates, friends, neighbors” and the like.  

The EFF periodically files freedom of information requests for the reports on misuse. The information on mandatory reporting for 2024 is due imminently, but the 2023 information reveals a “record 7,275 violations across California,” with the bulk of those being the LACSD’s 6,789 abuses. Singling out this misuse of CLETS for concealed carry permit research as one of the “highest profile” instances in 2023, the EFF notes that the “LACSD retrained all staff and implemented new processes. However, state Justice Department officials acknowledged that this problem was not unique, and they had documented other agencies abusing the data in the same way.” (Emphasis added.) 

The sanctions imposed for 2023 violations included 24 officers being suspended, six officers resigning, and nine being fired. Interestingly, the 2023 suspensions represent nearly half of all of the suspensions (55) that resulted for misuse over a four-year period (2019 to 2023).

The critical fact underlying CLETS misuse is that it only came to light because of a mandatory reporting requirement. Unlike the CLETS system, which controls access continuously through a background security clearance, training, and other restrictions, it is not at all clear whether anything remotely approaching these (obviously not foolproof) access and misuse safeguards apply to UC Davis and whatever other entity receives the DOJ information. As the EFF findings demonstrate, even the many rules against misuse of CLETS were of limited effectiveness and failed to prevent a “wholesale abuse of sensitive criminal justice databases” in 2023. In the case of the DOJ database information that’s available to public researchers, how would anyone know there’s been unauthorized use, a data breach, or inappropriate disclosure?

As the EFF accurately observes, “CLETS is only one of many massive databases available to law enforcement, but it is one of the very few with a mandatory reporting requirement for abuse; violations of other systems likely never go reported to a state oversight body or at all. The sheer amount of misuse should serve as a warning that other systems police use, such as automated license plate reader and face recognition databases, are likely also being abused at a high rate – or even higher, since they are not subject to the same scrutiny as CLETS.”

Despite the assurances of California officials on the importance of “protecting” residents and their data, the reality is that government data leaks and actual misuse are far from isolated occurrences. And, given the magnitude of recent misuse and breaches, any privacy California’s legitimate firearm owners have managed to hang onto by now will continue to take a backseat to whatever gun control agenda the Golden State is pushing.

TRENDING NOW
Trump Administration Revives Federal Firearm Rights Restoration Provision

News  

Friday, March 21, 2025

Trump Administration Revives Federal Firearm Rights Restoration Provision

On March 20, the U.S. Department of Justice (DOJ) published an interim final rule entitled, Withdrawing the Attorney General’s Delegation of Authority. That bland title belies the historic nature of the measure, which is aimed at reviving ...

Colorado: "Polis Permission Slip" Signed Into Law in a Secret Ceremony

Thursday, April 10, 2025

Colorado: "Polis Permission Slip" Signed Into Law in a Secret Ceremony

Ignoring months of advocacy and correspondence from tens of thousands of Coloradans, Governor Jared Polis has signed Senate Bill 25-003 into law.

Rep. Hinson and Sen. Cotton Reintroduce Bill to Repeal Firearm Transfer Tax

News  

Thursday, April 3, 2025

Rep. Hinson and Sen. Cotton Reintroduce Bill to Repeal Firearm Transfer Tax

On April 1, 2025, Representative Ashley Hinson (R-IA-02) and Senator Tom Cotton (R-AR) reintroduced the Repealing Illegal Freedom and Liberty Excises Act, or the RIFLE Act. These bills (H.R. 2552 and S.1224 respectively) would remove a $200 excise tax that is imposed ...

No Fooling: Trump Administration Pares Back Anti-Gun CDC Center

News  

Monday, April 7, 2025

No Fooling: Trump Administration Pares Back Anti-Gun CDC Center

On April 1, the Trump administration announced wide-ranging reforms to the embattled U.S. public health bureaucracy. According to an article from Politico, part of the reform effort is a “reduction in force that aims to cut 10,000” ...

Colorado: FOID Bill On Governor Polis' Desk, More Gun Control On the Move

Wednesday, April 2, 2025

Colorado: FOID Bill On Governor Polis' Desk, More Gun Control On the Move

As the clock runs down on Governor Polis' 10-day window to veto Senate Bill 25-003, the semi-auto ban turned FOID-scheme bill, he continues to sit on his hands and let the bill gather dust on his ...

North Carolina: Pro-Gun Bill on the Move in the House

Wednesday, April 9, 2025

North Carolina: Pro-Gun Bill on the Move in the House

Last week, House Bill 193 reportedly favorably out of the House Judiciary 2 committee and was referred to the House Committee on Education-K-12 for further consideration.

Cory Booker Goes from “I am Spartacus” to “I am Hypocrite”

News  

Monday, April 7, 2025

Cory Booker Goes from “I am Spartacus” to “I am Hypocrite”

Last week, U.S. Senator Cory Booker (D-N.J.) took to the Senate floor so that he could complain about President Trump and Elon Musk.  He went on for over 24 hours.  One can speculate as to ...

Maine: Massive NRA Grassroots Mobilization Makes Lawmakers Take Notice

Thursday, April 10, 2025

Maine: Massive NRA Grassroots Mobilization Makes Lawmakers Take Notice

NRA members are more active in the political process than ever, and Maine politicians are taking notice. At recent Public Hearings on a slew of anti-gun bills, lawmakers on both sides of the political spectrum ...

Washington Post Admits that Anti-gun Lawfare “Cannot be the Solution” to Crime

News  

Monday, March 17, 2025

Washington Post Admits that Anti-gun Lawfare “Cannot be the Solution” to Crime

In a turnabout worthy of Invasion of the Body Snatchers, The Washington Post (WAPO) published an editorial last Tuesday criticizing the gun control movement for ignoring the Protection of Lawful Commerce in Arms Act (PLCAA) and pursuing its agenda in ...

Zeroed Out: Trump Administration Formally Ends Biden-Era War on Gun Dealers

News  

Second Amendment  

Tuesday, April 8, 2025

Zeroed Out: Trump Administration Formally Ends Biden-Era War on Gun Dealers

On April 7, the Trump Administration formally revoked the Biden-Harris Administration’s “zero tolerance” policy for inspections of federal firearm licensees (FFLs). The edict ended a bureaucratic reign of terror that was costing small business people their livelihoods over harmless ...

MORE TRENDING +
LESS TRENDING -

More Like This From Around The NRA

NRA ILA

Established in 1975, the Institute for Legislative Action (ILA) is the "lobbying" arm of the National Rifle Association of America. ILA is responsible for preserving the right of all law-abiding individuals in the legislative, political, and legal arenas, to purchase, possess and use firearms for legitimate purposes as guaranteed by the Second Amendment to the U.S. Constitution.