San Bernardino Privacy Rules: Guide for Small Businesses

Technology and Data California 4 Minutes Read ยท published February 10, 2026 Flag of California

Small business owners in San Bernardino, California must balance daily operations with evolving privacy obligations from city and state law. This guide explains which municipal sources to check, practical steps to limit risk, how enforcement works, and where to find official forms and contacts. It focuses on local rules, relevant city departments, and state privacy requirements that commonly affect small retailers, service providers, and online sellers operating in San Bernardino.

Understanding the legal framework

San Bernardino enforces local codes through its municipal code and administrative departments; small businesses should review the City of San Bernardino municipal code for local regulations and contact the licensing or code enforcement offices for questions. The California privacy regime (CCPA/CPRA) also applies to many businesses and is enforced at state level; read the Attorney General guidance for consumer privacy obligations and enforcement priorities. Municipal Code[1] and California AG CCPA/CPRA guidance[2].

Start by cataloguing what personal data you collect and why.

Key compliance areas for small businesses

  • Privacy notices: post clear consumer notices on websites and at point of sale.
  • Data inventory: document categories of personal data, retention periods, and processors.
  • Opt-out and rights handling: implement processes for access, deletion, and opt-out requests.
  • Vendor contracts: require data protection terms with third-party processors.
  • Staff training: train employees on handling consumer data and breach reporting.

Penalties & Enforcement

San Bernardino relies primarily on its municipal code and enforcement divisions for local violations; specific monetary fines for privacy violations at the municipal level are not listed directly in the municipal code pages cited. For state-level privacy violations under the CCPA/CPRA, enforcement is carried out by the California Attorney General and related civil penalties and remedies are set at state law. Where a city code section addresses business licensing or consumer protections it may authorize administrative fines or license actions; if a specific fine amount or escalator is needed, the municipal code pages should be consulted directly for the controlling section. See municipal code[1].

If you receive a complaint, act promptly and document your response.
  • Fines: not specified on the cited municipal page; state-level penalties for privacy violations are set by California law and described by the Attorney General.[2]
  • Escalation: municipal codes often provide for increasing penalties for repeat or continuing violations; specific ranges are not specified on the cited municipal page.
  • Non-monetary sanctions: orders to cease operations, license suspension or revocation, injunctive relief, and court actions may apply depending on the ordinance or state action.
  • Enforcer & complaint pathway: contact the City of San Bernardino Code Enforcement or Business License division to report local violations; for state privacy enforcement contact the California Attorney General's office.[1][2]
  • Appeals & review: appeals processes vary by ordinance; time limits for administrative appeals or filing in court depend on the specific code section or state statute and are not specified on the cited municipal page.

Applications & Forms

  • Business license application: check the City of San Bernardino licensing office for the local business license form and submission instructions; fee amounts and deadlines are listed on the licensing page or application where published.
  • Public records or records request forms: use the City Clerk for official public records requests related to municipal investigations, if applicable.

How-To

  1. Map what personal data you collect and where it is stored.
  2. Create a simple privacy notice for customers and post it on your website and at your premises.
  3. Put basic contractual protections in vendor agreements for data processors.
  4. Train staff to recognize data requests and report breaches promptly.
  5. If you get a complaint, document steps taken and contact City licensing or code enforcement if municipal rules may be implicated.
Keep simple logs of rights requests and responses for at least a year.

FAQ

Do city privacy rules apply to all small businesses in San Bernardino?
No single city privacy ordinance applies to every business; businesses must follow applicable municipal codes and state privacy laws such as the CCPA/CPRA when they apply.
Where do I report a privacy-related complaint in the city?
Start with the City of San Bernardino Code Enforcement or Business License division; for state-level privacy violations contact the California Attorney General.[1][2]
Are there standard forms for consumer data requests?
There is no single city form for consumer data requests; businesses should follow state guidance and maintain a process to respond. Specific municipal forms, if any, appear on the city licensing or clerk pages.

Key Takeaways

  • Check both San Bernardino municipal code and California privacy law to understand obligations.
  • Document data practices, post clear notices, and train staff to handle requests and breaches.
  • Contact city licensing or code enforcement early if you receive a complaint.

Help and Support / Resources

  1. [1] City of San Bernardino Municipal Code
  2. [2] California Attorney General - CCPA/CPRA guidance

Categories

General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data