As we previously reported, the California Department of Justice began mailing letters like this one to Certified California Firearm Safety Instructors in late December. Those letters ominously warned that that DOJ had “inadvertently” released vital private information of instructors, including instructors’ names, dates of birth, driver’s license numbers, and other information that could be used by identity thieves.  DOJ’s letter simply states that the information was released to an unknown “requestor” pursuant to a Public Records Act request. We now have more information on how many people are affected by the privacy breach and to whom the information was provided.

We can now tell you that DOJ claims 3,424 Firearm Safety Instructors had their information illegally disclosed. More surprisingly, the recipient of the unlawfully-released information was Aaron Mendelson, a reporter for Southern California Public Radio (KPCC). Mendelson obtained instructors’ private information by submitting a Public Records Act request to DOJ on August 24, 2016. He asked DOJ to provide “[a]ll data on Firearm Safety Certifications kept by the California Department of Justice,” including the “name, date, location, instructor and so on.” Mendelson also sought “any training materials instructors receive informing them how to submit Firearm Safety Certifications.” Notably, Mendelson himself understood and acknowledged that due to the breadth of information he was requesting about instructors, some of the information may be protected by privacy laws and therefore require redaction. In fact, he indicated that he fully expected the information provided to him by DOJ to include redacted material, and requested that he merely be notified of the legal justification for the expected redactions DOJ would make.

But as many have now been notified, DOJ failed to recognize what both the law and Mendelson understood: that instructors’ vital private information should not be disclosed in response to a PRA request. Thus, in responding to Mendelson’s request on October 14, DOJ failed to properly redact the private information of every single Firearm Safety Instructor about whom it produced records. DOJ discovered their costly mistake three days later. Thus, DOJ is attempting to rectify the situation by claiming it has asked Mendelson to destroy the information and to not disseminate it any further. But DOJ has not clarified if Mendelson has done so, or if he has already published any of the information he received. A cursory search of Mendelson’s publications through Southern California Public Radio does not yet include any information on Firearm Safety Instructors that would have been culled from the disclosures made to him by DOJ.

Perhaps most disturbing of all is the timing of DOJ’s notice. DOJ was clearly aware of the breach in October, but failed to notify the more than 3,000 affected individuals for over two months. It is also not entirely clear when exactly DOJ notified Mendelson, or what additional communications it may have had with him and his station.

NRA and CRPA attorneys are currently monitoring this situation as it develops. If you received a letter from DOJ stating that your information was improperly disclosed, you can send an email to [email protected] and sign up for NRA and CRPA email alerts to keep informed.


  1. As a DOJ Certified Instructor, I was appalled upon learning of this breach of trust! I have to say though, that with Kamala Harris at the helm, and now the newly appointed (by Moonbeam) Attorney General it isn’t surprising. Even with California’s massive number of legal firearms owners, the government in this state is doing everything it can to cause a public furor. It is reaching the point that the firearms owners in this state need to take a lesson from the people of our northern neighbor, Washington and peacefully demonstrate against the legislature. It only seems fitting, since all of the “Movie People” are staging the 100,000 Women’s march against Trump…and he’s the good guy!

    1. I’M WITH YOU TOM all of us gun owners need to walk on the cort house and demand to have our 2admen. be put back place here in ca. all of our laws do nothing to make us safer .how can we get this done?

  2. If this type of information is so easily made available to news sources, it is reasonable to expect the same type of disclosure and lack of privacy throughout the DOJ. Specifically any information obtained through assault weapon registration and ammunition purchaser records. This is just one more reason to fight any and all firearm owner registration. Government agencies at all levels, whether federal, state or local, have never shown competent records security.

  3. Why has CRPA (and others) not demanded the state legislature (or other investigative authority) investigate this egregious failure – if it was in fact a failure and not a deliberate act – of the DOJ to protect private information and to identify (and fire) the person or persons responsible? How will DOJ prevent the disclosure of the private information obtained by, or to be obtained, about residents as the result of mandated firearms registration?

  4. I would assume soon there will be an accident releasing every persons name and address of whom own a registered assault weapon

  5. We must assume that Mendelson knew what he was doing when he requested the information and that he intended to release the information as a brazen attempt to harass and intimidate those who support the 2A. While I’m not one to follow liberal doctrine of pushing for boycotts, I don’t even listen to NPR or KPCC, they are taxpayer funded and I would push for reduction or removal of their funding. I would also contact KPCC and demand that they take action against Mendelson up to and including termination for violating privacy laws. Despicable actions by these liberal activists.

  6. It is time to put some real teeth in Government Data Security. We need to have one of our bretheren congresspersons at the Federal Level introduce legislation in support of:
    “any data breach, compromise, security failure or other negligent exposure to a citizen’s personally identifiable information for any reason as is associated with any information sought, required by, maintained by, managed by any government entity is punishable by minimum one year term of confinement in a Federal Correctional Facility and a $10,000 fine for each personally identifiable information file beached. Just watch how data security improves when the liberty and financial well being of the data guardian is at stake! I seem to recall in my Navy days that falling asleep while on watch during war time was a capital offense. punishable (at least in the Civil War days) by hanging the offender by the yard arm after a Captain’s Mast. In case one wonders, WE ARE AT WAR WITH THOSE WHO WOULD STEAL OUR PRIVATE INFORMATION which means we are on a war footing, and thus, all bets for leniency are off of the table in my humble opinion.

Leave a Reply

Your email address will not be published. Required fields are marked *