San Bernardino Data Privacy Ordinances Guide

Technology and Data California 4 Minutes Read · published February 10, 2026 Flag of California

San Bernardino, California residents should know how local practices and state privacy laws govern the collection, use, and disclosure of personal data held by the city and by businesses that operate in the city. This article explains whether the City of San Bernardino has a separate municipal data privacy ordinance, how California privacy law applies, what enforcement and appeals look like, and practical steps residents can take to exercise privacy rights or report concerns.

Check the city privacy notice for how the city collects and shares personal information.

Overview

The City of San Bernardino publishes a privacy notice and manages city-held records through its public records and information-technology practices; the city does not publish a distinct municipal data-privacy ordinance on its main site as of the check referenced here[1]. Separately, California consumer privacy laws such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) set statewide rights and enforcement mechanisms that apply to businesses and certain public entities in California[2].

What the City Typically Controls

  • City records and public-request handling are managed under California public records law and the city’s records rules; specific retention and disclosure practices are in the city’s privacy or records pages.
  • Complaints about city-held records, false data, or access requests are usually directed to the City Clerk or the department that maintains the records.
  • Operational privacy safeguards (IT security, data access controls) are managed by the city’s Information Technology or related departments.
If you need city-specific procedures, contact the City Clerk or the department listed on the city privacy notice.

Penalties & Enforcement

Because San Bernardino does not publish a standalone municipal data-privacy ordinance on its main site, municipal fines and penalty schedules specific to a local privacy ordinance are not specified on the cited page[1]. Enforcement and financial penalties for privacy violations relevant to residents are therefore most often governed by California law and enforced by the California Attorney General or private action where applicable[2].

  • State civil penalties: under California enforcement practice, administrative or civil penalties may be sought by the Attorney General; amounts on state pages are summarized by the state agency and can include per-violation penalties and higher sums for intentional violations.
  • Private statutory damages for data breaches: California law provides a private right of action for certain security breaches with statutory damages ranges for affected consumers when applicable.
  • Non-monetary sanctions: injunctive relief, orders to stop unlawful practices, mandatory data deletion or correction orders, and court-supervised compliance plans are possible under state enforcement.
  • Enforcers: primary enforcement authority for statewide consumer privacy statutes is the California Attorney General; city departments handle compliance for city-held records and may receive complaints for departmental action.
  • Inspection and complaint pathways: residents can submit complaints to the city departments identified in the city privacy notice or file enforcement complaints with the California Attorney General’s office.
  • Appeals and review: enforcement actions brought by the state are subject to judicial review; time limits for bringing private actions or administrative appeals vary by statute and are specified in the governing state provisions or agency rules.

Applications & Forms

The city does not list a dedicated municipal privacy-ordinance application or permit on its main site; for city records requests or corrections, use the City Clerk’s public records request process listed in the city’s records or privacy pages[1]. For statewide consumer privacy requests (access, deletion, opt-out), follow the guidance and request templates provided by the California Attorney General and relevant state resources[2].

Common Violations & Typical Outcomes

  • Failure to honor verified consumer access or deletion requests — may trigger administrative enforcement or required corrective actions.
  • Data security lapses resulting in breaches — can lead to statutory damages, corrective orders, and enforcement fines.
  • Improper sharing or sale of personal information without required notices — may prompt injunctions and penalties under state law.
Keep records of requests and communications; they are essential if you need to escalate a complaint.

How to Report, Appeal, or Seek Remedies

  • Report city-record or city-department concerns to the City Clerk or the department handling the record; follow the city’s published complaint procedure.
  • Submit verified consumer requests (access, deletion, correction) directly to the business or government entity holding the data using the methods they publish.
  • If unresolved, file an enforcement complaint with the California Attorney General or pursue a private statutory claim where available.

Action Steps for Residents

  • Identify what data you want to access, delete, or correct and gather account or transaction details.
  • Submit a verified request to the holder of the data following their published procedure; keep copies and timestamps.
  • If the holder does not respond or you receive an unsatisfactory response, contact the city department (for city records) or the California Attorney General (for business compliance) to file a complaint.

FAQ

Does San Bernardino have its own data privacy ordinance?
No standalone municipal data privacy ordinance is published on the City of San Bernardino main site as of the referenced check; residents are generally covered by California privacy law for consumer matters and by city records processes for city-held data.[1][2]
Who enforces privacy rules that affect me in San Bernardino?
City departments enforce rules for city-held records and operations; statewide statutes are enforced by the California Attorney General and through private claims where provided by law.[2]
How do I request deletion or access to my data?
Submit a verified request to the data holder using the contact or form they publish; for city records, use the City Clerk or the department’s published public records process.[1]

How-To

  1. Prepare: collect identifiers, account details, and a clear statement of the data action you want (access, deletion, correction).
  2. Submit: send the request to the entity using its published method and keep proof of submission and any verification info.
  3. Wait and follow up: note statutory response windows, escalate to the City Clerk for city records or to the California Attorney General for business compliance if needed.
  4. Enforce: if unresolved, file a formal complaint with the Attorney General or seek legal counsel for a private action if eligible.

Key Takeaways

  • San Bernardino relies on city privacy notices and state law; no separate municipal privacy ordinance is published on the city main site.
  • Residents should use city records procedures for city-held data and state enforcement routes for business privacy violations.

Help and Support / Resources

  1. [1] City of San Bernardino — official website
  2. [2] California Attorney General — CCPA/CPRA information

Categories

General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data