An Upland attorney is suing state Attorney General Rob Bonta after a leak exposed the contents of a state database of concealed-weapon permit holders’ personal data.
“We have four females,” attorney Brian Hannemann said this week. “They’re all solid human beings. Older. Every one of the females that we represent obtained their (carrying a concealed-weapon permit) because they’re upstanding citizens, they’re good mothers, they’re concerned for the safety for their families. They’re not, ‘Let’s go shoot automatic weapons on weekends.’ They’re regular people who want to protect their families. They’re ordinary soccer moms.”
On June 27, California’s new 2022 Firearms Dashboard Portal went online. The dashboard was only supposed to provide specific public information, including a decade’s worth of gun sales records, gun violence restraining orders, CCW permits, firearms safety certificates, assault weapons and a roster of certified handguns. The goal, according to Bonta’s office, was to provide actual hard numbers for a debate often lacking them.
But the personal data of at least 242,727 people who applied for a permit between 2011 and 2021, including at least 140 current or former judges, was made available. The information was taken down in less than 24 hours, according to Bonta’s office. News of the data breach first came to light June 28, when the Fresno County Sheriff’s Office announced they had been told of the leak by California Department of Justice.
“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” Bonta said in a statement released by his department. “I immediately launched an investigation into how this occurred at the California Department of Justice and will take strong corrective measures where necessary. The California Department of Justice is entrusted to protect Californians and their data. We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered.”
The leak occurred four days after the U.S. Supreme Court ruled New York’s restrictions on CCW permits unconstitutional, a decision expected to potentially increase the number of concealed weapons in California, which had a similarly restrictive law.
In his lawsuit, Hannemann says Bonta violated his clients’ Second Amendment rights to keep and bear arms, including through the chilling effect that applying for a CCW permit in the future may lead to their personal data being revealed to criminals and the public; their Fourth Amendment rights to privacy; California’s constitutional rights to privacy; and California’s Information Practices Act of 1977, which limits government use of personal data.
He’s seeking compensatory damages and a declaration that the state collecting this information violates both federal and state law.
The California Department of Justice did not immediately respond to a request for comment on the lawsuit.
A class-action lawsuit by the National Association for Gun Rights was filed against Bonta on July 1, but Hannemann said that suit isn’t attempting to get discovery about how the leak happened, which his suit is doing.
News of the dashboard data leak has been jarring to permit holders and applicants, including Hannemann’s clients.
“None of them would have gotten CCWs if they had known this was going to happen,” he said.
Among the information posted were the full name, date of birth, address, gender, race and CCW license number. In some cases, a driver’s license number was also available.
The state dashboard was taken offline June 28 and remains offline as of July 18.
Critics blasted the California Department of Justice over the leak:
“The Riverside County Sheriff’s Department is demanding a detailed and thorough investigation of the DOJ to determine the cause and reason this information was publicly released,” a sheriff’s department news release reads in part. “The safety and security of our community members is our highest priority and we are committed to holding DOJ accountable by demanding reassurance and a prevention plan that our citizens will not be endangered by future criminal or negligent data leaks.”
In a tweet, Assembly Republican leader James Gallagher, R-Chico, called the leak “another example of how inept our state government is.”
Hannemann, a CCW permit holder himself, says the leak shows that having a single master database of this information — rather than having it be at the county level, as sheriff’s departments are the agencies that issue the permits in the state — is an inherently bad idea. (Hannemann and San Diego attorney Marc Mabile are also plaintiffs in the lawsuit.)
He wants the state to allow permit applicants to list a P.O. Box for their address.
“Now, if the information somehow leaks, criminals will know where we live,” he said. “We want all CCW holders to be treated like police officers, so their data will be private.”
According to California State Sheriffs' Association, the leaked information has been copied and at least some of it was posted online before the data breach was detected. As of July 18, there has been no official confirmation that the data was downloaded or that any private list of CCW permit holders and applicants exists.
©2022 MediaNews Group Inc. Distributed by Tribune Content Agency, LLC.