Complying with the California Public Records Act (CRPA)

What is the California Public Information Act?

The California Public Records Act (CPRA) -- often referred to as the California Public Information Act – was enacted in 1968 to ensure government transparency and uphold the public’s right to access records related to public business. CRPA applies to state and local agencies and covers all formats of records – including digital messages, emails, texts, social media, and collaboration content.

Under CPRA (Gov. Code § 7920.000 et seq.), any writing that relates to public business and is prepared, owned, used, or retained by a government agency is considered a public record, unless exempt.

Modern compliance challenges for California agencies

For public-sector organizations across California – including school districts, city governments, and state agencies – public records compliance has become increasingly complex.

Manual or fragmented systems can result in:

• Missed or delayed responses
• Unlocated records
• Regulatory risk and legal exposure
• Erosion of public trust

To meet the requirements of the California Public Information Act, agencies must adopt a more streamlined, tech-enabled records management strategy.

For many government and education-sector entities in California, the complexity of modern communications — multiple channels, formats, and storage locations — makes compliance challenging. Public records often span emails, texts/SMS, collaboration tools, social media, and more. Manual or decentralized systems can easily lead to delays, missed records, and compliance risks.

California’s local government agencies must adopt a multifaceted strategy that balances transparency and efficiency to address the complexities of complying with the California Public Records Act (CPRA) and the federal Freedom of Information Act (FOIA). Doing so helps preserve transparency, efficiency, and public trust.

Overview of the California Public Records Act

The California Public Records Act (sometimes referred to as the California public information act), was enacted in 1968. The purpose and core intent of CPRA are to ensure that “access to information concerning the conduct of the people’s business is a fundamental and necessary right of every person in this state.”

Under the law, “public records” are broadly defined. Any writing, regardless of physical form or characteristics, that relates to the conduct of public business, prepared, owned, used, or retained by any state or local agency qualifies as a public record.

California open records compliance guidelines

Who can submit a request?

• Requests can be submitted by any individual. There’s no requirement that the requester be a resident of California or have special status.
• Requests should include details (e.g., date range, subject, department) to allow the agency to identify and locate the record(s).

Response timeline (CPRA § 7922.535)

• Agencies must respond to public records requests within 10 business days.
• If more time is needed (e.g., to locate, review, or process records), the agency must at least acknowledge the request and provide an estimated timeframe — often within 14 business days.

What records are exempt under the California Public Information Act?

Agencies must make records available for public inspection or disclosure, unless those records are explicitly exempted.

However, under Section 7922 of the CPRA, records are allowed to be exempted if an agency can prove that keeping the record private protects the public more than releasing it would.

“An agency shall justify withholding any record by demonstrating that the record in question is exempt under express provisions of this division, or that on the facts of the particular case the public interest served by not disclosing the record clearly outweighs the public interest served by disclosure of the record.”

Common explicit exemptions include:

• Privacy-related records: Personal data, personnel files, medical records, etc.
• Preliminary drafts or non-final documents: Agencies are not required to retain these items
• Records subject to legal privilege: Attorney-client communications, pending litigation records, and other law-protected categories.
• Law enforcement-sensitive records: Victim identification, confidential informants, ongoing investigations, etc.
• Balance of public interest vs. privacy or safety: An agency shall justify withholding any record by demonstrating that the record in question is exempt under express provisions of this division, or that on the facts of the particular case, the public interest served by not disclosing the record clearly outweighs the public interest served by disclosure of the record.

In all cases, agencies bear the burden of proving exemptions apply.

Risk of manual records management

Manual records management of modern communications data is inefficient and can:

• Increase the risk of failing to locate records at all
• Increase the risk of errors and delays
• Increase costs and staff burden
• Erode public trust and undermine transparency obligations
• Damage a government’s or agency’s reputation
• Divert staff time from other critical tasks

Simplify CPRA compliance with Smarsh

Smarsh helps agencies streamline compliance with the California Public Records Act by automatically capturing and archiving communications across all channels — including email, SMS, social media, and collaboration tools — so nothing falls through the cracks.

With centralized storage, automated retention, and powerful search capabilities, records managers can quickly locate and produce records when requests come in, reducing the risk of missed deadlines or incomplete responses. A unified dashboard provides clear oversight into requests and processing status, easing administrative burden and improving transparency.

By replacing manual, scattered processes with an integrated system, Smarsh makes it easier, faster, and more reliable for public sector organizations to meet their open records obligations.

Stay ahead of California records compliance

As public records requests grow in volume and complexity, agencies can’t rely on manual processes or scattered systems to stay compliant with the California Public Records Act. A modern records management platform helps organizations respond faster, reduce human error, and maintain complete visibility across all communication channels. Meet your public records deadlines while protecting sensitive information to maintain your constituents’ trust.

To see how your team can modernize compliance, talk to a compliance expert, or explore the technology firsthand by seeing how it works.

Looking for other state records law? Explore public records compliance in all 50 states.

CPRA FAQs

1. What is the California Public Records Act?
   The California Public Records Act (CPRA), sometimes called the California public information act, is a state law enacted in 1968. It gives the public the right to access records created or maintained by California state and local agencies, unless those records are specifically exempt.

2. How do I file a public records request in California?
   Anyone can file a public records request in California by submitting a written or verbal request to the relevant state or local agency. The request should describe the records being sought in enough detail for the agency to locate them, but no specific form or justification is required.

3. How long do agencies have to respond in California?
   Under the California Public Records Act, agencies generally must respond within 10 business days. Agencies may extend the response time by an additional 14 days if they need more time to locate, review, or compile the requested records.

4. What types of records are exempt under the California Public Records Act?
   Common exemptions include personal privacy information, personnel files, medical records, attorney-client privileged documents, certain law-enforcement records, and preliminary drafts not retained by the agency. A record may also be withheld if the public interest in nondisclosure clearly outweighs the interest in disclosure.

5. What software can help with California FOIA compliance?
   AI-enabled records management platforms like Smarsh help California agencies meet CPRA requirements by automatically capturing, preserving, and indexing communications across email, SMS, social media, and collaboration tools. Centralized search, automated retention, and audit-ready reporting make it easier to process public records requests accurately and on time.