Pomona IT Cybersecurity Standards & Breach Process

Pomona, California municipal IT systems must balance service delivery and legal obligations for data protection. This guide explains the city-level standards, who enforces them, and the step-by-step process when a security incident or data breach affects Pomona systems. It summarizes required actions for departments, reporting routes for staff and public complaints, typical penalties or remedies where available, and practical steps to contain, report, and remediate incidents while preserving evidence for review and appeal.

Standards & Responsibilities

City departments operating IT systems are expected to follow documented information security practices, access controls, and incident response procedures maintained by the City of Pomona Information Technology Office. For municipal policy references and department contact information see the City of Pomona IT page City IT Department^[1]. Departments must also retain records in accordance with the municipal code and state law found in the Pomona municipal code Pomona Municipal Code^[2].

Incident Response Process

When a suspected breach is discovered, Pomona IT procedures generally require rapid containment, evidence preservation, internal notification, and external notification when legally required. City staff should follow these steps: identify scope, isolate affected systems, collect forensic evidence, and begin remediation while coordinating with the city attorney or risk manager where legal or public-notification obligations may apply. External reporting obligations for breaches of personal data are governed by California law; see the California Attorney General guidance on data breach notification California AG - Data Breach^[3].

• Containment actions should begin immediately on detection to limit exposure.
• Preserve system logs, access records, and device images for forensic review.
• Notify the City of Pomona IT helpdesk and follow departmental escalation protocols.
• Coordinate with the City Attorney for legal review and public notification decisions.

Penalties & Enforcement

Pomona enforces cybersecurity and data-handling obligations through its existing municipal code, administrative policies, and through referrals to law enforcement or civil litigation where applicable. Specific monetary fines, daily penalties, or statutory fee schedules for cybersecurity breaches are not listed on the city IT pages or the consolidated municipal code pages and therefore are not specified on the cited page. See the City IT page and municipal code for current policy references and procedures.^[1][2]

• Fine amounts: not specified on the cited page.
• Escalation (first/repeat/continuing offences): not specified on the cited page.
• Non-monetary sanctions: administrative orders, corrective action, suspension of access, account termination, or referral to criminal prosecution where applicable.
• Enforcer: City of Pomona Information Technology Office in coordination with the City Attorney and, where relevant, Pomona Police Department or County/State authorities.
• Inspection and complaint pathways: report incidents to City IT helpdesk and use departmental complaint/contact pages listed in Resources.
• Appeals and review: administrative review routes are handled through departmental procedures or appeals to the City Manager or Council where specified; specific time limits are not specified on the cited page.
• Defences/discretion: documented reasonable steps, approved variances, or emergency actions may be considered in mitigation by enforcement authorities.

Applications & Forms

No specific public-facing breach notification form for municipal incidents is published on the City IT pages; when required, departments typically submit incident reports and requests for legal review through internal workflows or to the City Clerk/City Attorney as directed. This absence is noted on the cited City IT page and municipal code location ^[1][2].

How-To

1. Detect and document: note time of discovery, affected systems, and initial indicators.
2. Contain and preserve: isolate affected devices and preserve logs and images for forensics.
3. Report internally: notify the City of Pomona IT helpdesk and your department head immediately.
4. Notify external authorities if required: coordinate with City Attorney and follow California breach-notification rules when personal data is involved.

FAQ

Who must report a breach affecting Pomona systems?

Any city employee, contractor, or department that discovers a security incident must report it to the City of Pomona IT helpdesk and their supervisor immediately.

Will Pomona notify affected residents?

Notification to affected individuals follows legal requirements under California law and city policies; whether public notice is required depends on the type of data and scope of the incident.

Are there published fines for cybersecurity failures?

Specific fine amounts for municipal IT breaches are not specified on the cited City IT or municipal code pages.

Key Takeaways

• Act fast: contain and preserve evidence on detection.
• Report: notify City IT and coordinate with the City Attorney.
• Document: keep detailed logs and chain-of-custody for investigations.

Help and Support / Resources

• City of Pomona - Information Technology
• Pomona Municipal Code (Municode)
• City Attorney - City of Pomona
• California Attorney General - Data Breach

1. [1] City of Pomona - Information Technology
2. [2] Pomona Municipal Code - Municode
3. [3] California Attorney General - Data Breach Notification