Skip to statewide header Skip to site header Skip to main content Skip to site footer Skip to statewide footer

2026-134 California Fusion Centers—State and Local Oversight

Audit Scope & Objectives

The audit by the California State Auditor will provide independently developed and verified information related to the state and local oversight of the operations and status of California’s fusion centers, focusing on compliance with laws, rules, and regulations governing the fusion centers and access to and use of sensitive personally identifiable information by participating agencies. The audit’s scope will include the State Threat Assessment Center (STAC) and two selected local fusion centers, and will include, but not be limited to, the following activities:

  1. Review and evaluate the laws, rules, and regulations significant to the audit objectives.
  2. Identify the policies and procedures in place for overseeing fusion center activities and ensuring compliance with applicable laws, regulations, and policies, including, to the extent possible:
    • Policies related to who determines which agencies (local, state, or federal) are allowed to participate in fusion center activities.
    • How other state and local law enforcement agencies obtain intelligence, data, or assistance from the fusion center.
    • Assigning and permitting officials – including elected officials (local, state, and federal) – to have access to the fusion center, and the organizational structure of officials responsible for these efforts.
    • Local, state, and federal entities that have staff assigned to the STAC and local fusion centers, including national guard members, and the processes for determining which entities and staff are assigned, under what authority and supervision, and who is responsible for ensuring their compliance with restrictions on accessing law enforcement information.
    • To the extent possible, identify the above for federal entities and any non-government entities that have personnel assigned to the STAC and local fusion centers, and whether they operate within legal requirements.
  3. Determine whether the law authorizes STAC’s and local fusion centers’ information collection and sharing practices and whether such collection and sharing practices comply with applicable requirements. To the extent possible, evaluate data sharing practices specifically related to state and local agencies sharing information with the federal government, including for purposes of immigration enforcement, and whether those practices comply with all applicable laws, regulations, and policies.
  4. To the extent possible, determine whether STAC and local fusion centers establish and enforce data quality standards, and evaluate the processes the STAC and local fusion centers use to decide what information they share with partner agencies, including federal agencies, to determine whether those processes protect against the dissemination of incorrect or misleading information. Evaluate the mitigation processes used if it is determined that incorrect or misleading information has been disseminated.
  5. To the extent possible, assess how the STAC and local fusion centers ensure that they adequately protect against the unauthorized disclosure of information. In doing so, review the following:
    • The hiring or screening practices they use to determine whether users of the data are suitable to be authorized access to information.
    • The practices they use to ensure that only authorized users are permitted access to information.
    • The practices they use to protect against unauthorized disclosure of information.
    • The protocols they follow for responding to unauthorized disclosures and data breaches, including a determination of whether the STAC and local fusion centers have ever needed to respond to such occurrences, the extent and breadth of the disclosure of information that occurred, and whether those responses were appropriate.
  6. To the extent possible, determine STAC and local fusion centers utilization of proprietary data systems, analytical tools, and data sets owned or controlled by non-governmental and/or private entities or contractors. Determine whether a selection of these private contractors were chosen based on applicable law, and how their suitability for access to sensitive law enforcement information is determined.
  7. Determine the percentage of funding that federal, state, local, and private sources provide to support the STAC and local fusion centers. Determine the value of in-kind contributions, such as personnel or equipment, on which the STAC and fusion centers may rely, and identify any policies related to conflicts of interest related to procurement practices.
  8. To the extent possible, determine whether STAC and the local fusion centers have defined missions and have established metrics that they use to assess their performance. If so, assess the validity of these metrics. Review the performance of the STAC and local fusion centers against these or other applicable measures of performance to determine whether they are effective in their mission and purpose. Identify performance trends based on any internal evaluation reports over the past 10 years.
  9. Review and assess any other issues that are significant to the audit.
Opens in new window