Wednesday, August 17, 2016

The CalGang Criminal Intelligence System

OFF THE WIRE
The CalGang Criminal
Intelligence System
As the Result of Its Weak Oversight Structure,
It Contains Questionable Information That May
Violate Individuals’ Privacy Rights
Report 2015-130

Doug Cordiner 
Chief Deputy
Elaine M. Howle
State Auditor
621 Capitol Mall, Suite 1200       Sacramento, CA 95814              916.445.0255        916.327.0019 fax              www.auditor.ca.gov
August 11, 2016 
2015-130
The Governor of California 
President pro Tempore of the Senate 
Speaker of the Assembly 
State Capitol 
Sacramento, California  95814
Dear Governor and Legislative Leaders:
As requested by the Joint Legislative Audit Committee, the California State Auditor presents this audit report 
concerning the CalGang database and how law enforcement has implemented requirements for adding juveniles 
to CalGang.
This  report  concludes  that  CalGang’s  current  oversight  structure  does  not  ensure  that  law  enforcement  
agencies  (user  agencies)  collect  and  maintain  criminal  intelligence  in  a  manner  that  preserves  individuals’  
privacy  rights.  Although  the  California  Department  of  Justice  funds  it,  CalGang  is  not  established  in  state  
statute and consequently receives no state oversight. Instead, the CalGang Executive Board and the California 
Gang Node Advisory Committee (CalGang’s governance) oversee CalGang and function independently from 
the State and without transparency or meaningful opportunities for public input. 
Inadequate  oversight  contributed  to  the  numerous  instances  in  which  the  four  user  agencies  we  examined  
could  not  substantiate  the  validity  of  CalGang  entries.  Specifically,  the  agencies  lacked  adequate  support  for  
13  of  100  people  we  reviewed  in  CalGang  and  for  131  of  563  (23  percent)  of  the  CalGang  criteria  entries  we  
reviewed. Although a person’s CalGang record must be purged after five years unless updated with subsequent 
criteria, we found more than 600 people in CalGang whose purge dates extended beyond the five-year limit, 
many of which were more than 100 years in the future. Finally, the user agencies have poorly implemented a 
2014 state law requiring notifications before adding a juvenile to CalGang. Two agencies we reviewed did not 
provide juveniles and parents with enough information to reasonably contest the juveniles’ gang designations, 
thereby denying many people their right to contest a juvenile’s gang designation. 
Although it asserts compliance with federal regulations and state guidelines—standards designed to protect 
privacy  and  other  constitutional  rights—little  evidence  exists  that  CalGang’s  governance  has  ensured  these  
standards are met. As a result, user agencies are tracking some people in CalGang without adequate justification, 
potentially  violating  their  privacy  rights.  Further,  by  not  reviewing  information  as  required,  CalGang’s  
governance and user agencies have diminished the system’s crime-fighting value. Although CalGang is not to 
be used for expert opinion or employment screenings, we found at least four appellate cases referencing expert 
opinions  based  on  CalGang  and  three  agencies  we  surveyed  confirmed  they  use  CalGang  for  employment  
screenings. Although these practices do not appear to be common place, they emphasize the effect CalGang 
can have on a person’s life. 
We believe that CalGang needs an oversight structure that ensures that information is reliable and that users 
adhere to requirements that protect individuals’ rights. Thus, we recommend that the Legislature adopt state 
law assigning Justice the responsibility for CalGang oversight and specifying that CalGang must operate under 
defined requirements, such as supervisory and periodic record reviews.
Respectfully submitted,
ELAINE M. HOWLE, CPA 
State Auditor
Blank page inserted for reproduction purposes only.
v
California State Auditor Report 2015-130
August 2016
Contents
Summary
                                                                                                                      1
Introduction
                                                                                                                 9
Audit Results
Due to an Inadequate Leadership Structure, CalGang Has Failed 
to Comply With Requirements Designed to Protect Individuals’
Rights to Privacy 
23
Law Enforcement Agencies Could Not Always Demonstrate That 
They Had Established Reasonable Suspicion That Groups Were 
Gangs Before Entering Them Into CalGang 
28
Law Enforcement Agencies Do Not Have Adequate Support for 
Some of the Individuals and Many of the Criteria They Entered 
Into CalGang 
31
Law Enforcement Agencies Lack Appropriate Safeguards to 
Ensure the Accuracy and Security of CalGang Records 
36
Law Enforcement Agencies Have Failed to Appropriately Notify 
Necessary Parties Before Entering Juveniles Into CalGang 
46
Governmental Oversight and Increased Public Participation 
Could Strengthen CalGang’s Usefulness and Better Ensure It 
Protects Individuals’ Rights  
52
Recommendations                                                                                                    55
Appendix A
Summary of Selected CalGang Survey Responses 
61
Appendix B
Demographics of Individuals in CalGang by Location, Type, 
Gender, Age, and Race 
65
Response to the Audit
California Department of Justice 
69
Los Angeles Police Department 
77
California State Auditor’s Comments on the Response 
From the Los Angeles Police Department 
81
California State Auditor Report 2015-130
August 2016
vi
Santa Ana Police Department 
83
Santa Clara County Sheriff ’s Office 
87
California State Auditor’s Comments on the Response 
From the Santa Clara County Sheriff ’s Office 
89
Sonoma County Sheriff ’s Office 
91
California State Auditor’s Comments on the Response 
From the Sonoma County Sheriff ’s Office 
103
1
California State Auditor Report 2015-130
August 2016
Audit Highlights . . .
Our audit concerning the CalGang database 
and how law enforcement agencies (user 
agencies) have implemented requirements 
for adding juveniles to CalGang revealed 
the following:
»
CalGang’s current oversight structure 
does not ensure that user agencies collect 
and maintain criminal intelligence in a 
manner that does not invade individuals’ 
privacy rights.
»
The CalGang Executive Board and the 
California Gang Node Advisory 
Committee act without statutory 
authority, transparency, or meaningful 
opportunities for public engagement.
»
The four user agencies we examined could 
not substantiate numerous CalGang 
entries they had made, demonstrating 
weaknesses in the processes for entering, 
evaluating, and auditing the data 
in CalGang.
• 
Three user agencies were unable to 
adequately support that many of the 
groups they entered into CalGang met 
the criteria for inclusion.  
• 
All four user agencies lacked support 
for CalGang entry criteria suggesting 
they inappropriately included in 
CalGang 13 of the 100 individuals 
we reviewed.
• 
More than 600 individuals in CalGang 
had purge dates extending beyond the 
five-year limit, many of which were 
not scheduled to be purged for more 
than 100 years.
continued on next page . . .
Summary
Results in Brief
CalGang is a shared criminal intelligence system that law 
enforcement agencies (user agencies) throughout the State use 
voluntarily. User agencies enter information into CalGang on 
suspected gang members, including their names, associated 
gangs, and the information that led law enforcement officers 
to suspect they were gang members. User agencies have noted 
that CalGang’s benefits include directing them to information 
about gang members’ interactions with law enforcement officers 
throughout the State and facilitating cross‑agency collaboration 
when investigating and prosecuting gang‑related crimes. However, 
CalGang’s weak leadership structure has been ineffective at 
ensuring that the information the user agencies enter is accurate 
and appropriate, thus lessening CalGang’s effectiveness as a tool 
for fighting gang‑related crimes. Further, the inaccurate data 
within CalGang may violate the privacy rights of individuals whose 
information appears in CalGang records but who do not actually 
meet the criteria for inclusion in the system.
Both the United States Constitution and the California 
Constitution recognize the right to privacy—the former implicitly 
and the latter explicitly. However, CalGang’s current oversight 
structure does not ensure that user agencies collect and maintain 
criminal intelligence in a manner that preserves individuals’ 
privacy rights. Specifically, although the California Department of 
Justice (Justice) funds a contract to maintain CalGang, the system 
is not established in state statute and consequently receives no 
state oversight. Instead, CalGang’s user agencies elect their peers 
to serve as members of two entities—the CalGang Executive Board 
(board) and its technical subcommittee called the California 
Gang Node Advisory Committee (committee)—that oversee 
CalGang. These oversight entities function independently from 
the State and without transparency or meaningful opportunities 
for public engagement. When the committee and the board 
established CalGang’s policies and procedures (CalGang policy), 
they asserted CalGang’s voluntary compliance with two different 
standards: the criminal intelligence requirements in Title 28, Code 
of Federal Regulations, Part 23 (federal regulations) and Justice’s 
Model Standards and Procedures for Maintaining Criminal 
Intelligence Files and Criminal Intelligence Operational Activities
November 2007 (state guidelines)—which were promulgated 
to protect privacy and other constitutional rights. However, in 
practice, we found little evidence that the committee and the board 
have ensured that user agencies comply with either the federal 
regulations or the state guidelines.
California State Auditor Report 2015-130
August 2016
2
A lack of adequate oversight likely contributed to the numerous 
instances we found in which the four user agencies we examined—
the Los Angeles Police Department (Los Angeles), the Santa Ana 
Police Department (Santa Ana), the Santa Clara County Sheriff ’s 
Office (Santa Clara), and the Sonoma County Sheriff ’s Office 
(Sonoma)—could not substantiate CalGang entries they had made.
1
Specifically, Los Angeles, Santa Ana, and Sonoma, which add 
gangs to the system, were able to demonstrate that only one of the 
nine gangs we reviewed met the requirements of CalGang policy 
before entry; Santa Clara does not add gangs to the system. We 
also found that all four user agencies lacked adequate support for 
including 13 of the 100 individuals we reviewed in CalGang. Further, 
we reviewed more than 560 criteria related to these 100 individuals 
and determined that the user agencies lacked adequate support 
for 131, or 23 percent. 
Our review uncovered numerous examples demonstrating 
weaknesses in the user agencies’ approaches for entering 
information into CalGang. For example, Sonoma included a person 
in CalGang for allegedly admitting during his booking into county 
jail that he was a gang member and for being “arrested for an 
offense consistent with gang activity.” However, the supporting files 
revealed that this person stated during his booking interview that 
he was 
not
 a member of a gang and that he preferred to be housed 
in the general jail population. Further, his arrest was for resisting 
arrest, an offense that has no apparent connection to gang activity. 
Throughout our audit, law enforcement officials offered their 
perspective that inclusion in CalGang is of little impact to 
individuals because CalGang only points to source documentation. 
According to CalGang policy, information in the system itself 
should not be the basis of expert opinion or statement of fact in 
official reports, nor should it be used for any purposes unrelated 
to law enforcement, such as employment screenings. However, 
we found that these prohibitions are not always followed. In fact, 
our search of California appellate cases that included the terms 
CalGang 
or 
gang database
 uncovered at least four unpublished 
cases that referred to CalGang as support for expert opinions that 
individuals were or were not gang members. Further, three law 
enforcement agencies that responded to our statewide survey 
admitted to using CalGang for employment or military‑related 
screenings. These instances emphasize that inclusion in CalGang 
has the potential to seriously affect an individual’s life; therefore, 
each entry must be accurate and appropriate. 
1
    Because multiple law enforcement agencies can add information to a gang member’s CalGang 
record, some of the deficiencies we found relate to information other law enforcement agencies 
added to these CalGang records. 
»
The user agencies have not fully 
implemented state law requiring 
notification to juveniles and their parents 
or guardians before adding the juveniles 
to CalGang.
»
CalGang needs an oversight structure 
that better ensures that CalGang’s 
information is reliable and that its users 
adhere to the requirements that protect 
individuals’ rights. 
3
California State Auditor Report 2015-130
August 2016
The four user agencies we reviewed might have been able to avoid 
making inappropriate CalGang entries had they fully followed the 
federal regulations and state guidelines that the committee and 
the board voluntarily adopted. For example, the state guidelines 
require supervisory reviews of all information for CalGang 
entries and annual reviews of all CalGang records to ensure 
their accuracy and relevance. However, we found that none of 
the four user agencies have the necessary processes in place to 
perform these reviews. Further, by requiring only minimal audits 
of the information in CalGang, the committee has limited its own 
accountability in ensuring that user agencies comply with the 
federal regulations and state guidelines. These self‑administered 
audits review less than 1 percent of CalGang’s total records. The 
committee does not document the audit results, which CalGang 
administrators present orally at committee meetings. The limited 
nature of these audits is especially concerning because they are the 
committee’s only oversight tool, yet they are not robust enough 
to ensure that user agencies are maintaining valid and accurate 
criminal intelligence records, adhering to security protocols, and 
upholding individuals’ rights to privacy. 
In addition to the errors we found in the 100 records we reviewed, 
our use of an electronic analysis of all CalGang records uncovered 
a number of problems that highlight the importance of both 
supervisory and ongoing reviews of CalGang information. For 
example, we found 42 individuals in CalGang who were supposedly 
younger than one year of age at the time of entry—28 of whom 
were entered for “admitting to being gang members.” We also found 
a significant number of individuals with illogical record purge 
dates—the dates by which the individuals’ records must be deleted 
from CalGang. Mirroring the federal regulations, CalGang policy 
requires that individuals’ records be purged five years after their 
dates of entry unless user agencies have entered subsequent criteria 
which resets the five‑
year period. Nevertheless, we found more 
than 600 individuals with purge dates that were well beyond the 
five year limit; in fact, more than 250 individuals in CalGang had 
purge dates more than 100 years in the future. By failing to review 
information before and after its entry into CalGang, the committee 
and user agencies diminish the system’s crime‑fighting value and do 
not adequately protect the privacy of those who have been entered 
into the system.
Further, the user agencies we reviewed have not fully implemented 
a state law that took effect in January 2014 that generally requires 
law enforcement agencies to notify juveniles and their parents 
or guardians (parents) before adding the juveniles to a shared 
gang database such as CalGang. As a result, many juveniles and 
their parents were not afforded the right to contest the juveniles’ 
gang designations. Los Angeles and Santa Ana continued to add 
California State Auditor Report 2015-130
August 2016
4
juveniles to CalGang after January 2014, but these two user agencies 
failed to provide proper notification for more than 70 percent of 
the 129 juvenile records we reviewed. Further, the two agencies 
did not provide the juveniles and parents who were sent notices 
with enough information to reasonably contest the juveniles’ 
gang designations. Possibly as a result of insufficient information, 
we found that few juveniles or parents have contested juveniles’ 
inclusion in CalGang. The other two user agencies we reviewed—
Santa Clara and Sonoma—did not add juveniles to CalGang once 
the notification law took effect.
Because of its potential to enhance public safety, CalGang needs 
an oversight structure that better ensures that the information 
entered into it is reliable and that its users adhere to requirements 
that protect individuals’ rights. To this end, we believe the 
Legislature should adopt state law that specifies that CalGang, or 
any equivalent statewide shared gang database, must operate under 
defined requirements that include the federal regulations and key 
safeguards from the state guidelines, such as supervisory and 
periodic record reviews. Further, we believe the Legislature 
should assign Justice the responsibility for overseeing CalGang 
and for ensuring that the law enforcement agencies that use 
CalGang comply with the requirements. Establishing Justice as 
a centralized oversight entity responsible for determining best 
practices and holding user agencies accountable for implementing 
such practices will help ensure CalGang’s accuracy and safeguard 
individuals’ privacy protection. Moreover, we recommend that 
the Legislature create a technical advisory committee to provide 
Justice with information about database best practices, usage, and 
needs to ensure that CalGang remains a useful law enforcement 
tool. Figure 6 on page 54 illustrates what, in our view, would be a 
stronger oversight structure for CalGang.
Recommendations
The Legislature
To ensure that CalGang, or any equivalent statewide shared gang 
database, has an oversight structure that supports accountability 
for proper database use and for protecting individuals’ rights, the 
Legislature should do the following:
• 
Designate Justice as the state agency responsible for 
administering and overseeing CalGang or any equivalent 
statewide shared gang database. 
California State Auditor Report 2015-130
August 2016
6
Justice
As the Legislature considers creating a public program for shared 
gang database oversight and accountability, Justice should guide the 
board and the committee to identify and address the shortcomings 
that exist in CalGang’s current operations and oversight. The 
guidance Justice provides to the board and the committee should 
address, but not be limited to, the following areas:
• 
Developing best practices based on the requirements stated in 
the federal regulations, the state guidelines and state law, and 
advising user agencies on the implementation of those practices 
by June 30, 2017. 
• 
Instructing user agencies to complete a comprehensive review 
of all the gangs documented in CalGang to determine if they 
meet the necessary requirements for inclusion and to purge from 
CalGang any groups that do not meet the requirements. Justice 
should guide the board and the committee to ensure that user 
agencies complete this review in phases, with the final phase 
completed by June 30, 2018. 
• 
Instructing user agencies to complete a comprehensive review 
of the records in CalGang to determine if the user agencies 
have adequate support for the criteria associated with all the 
individuals they have entered as gang members. If the user 
agencies do not have adequate support, they should immediately 
purge the criteria—and, if necessary, the individuals—from 
CalGang. In addition, the user agencies should ensure that all 
the fields in each CalGang record are accurate. Justice should 
guide the board and the committee to ensure that user agencies 
complete this review in phases, with the final phase completed 
by September 30, 2019.
To promote transparency and hold the board, the committee, 
and user agencies accountable for implementing and adhering 
to criminal intelligence safeguards, Justice should post quarterly 
reports on its website beginning June 30, 2017, that summarize 
how it has guided the board and the committee to implement and 
adhere to criminal intelligence safeguards; the progress the board, 
the committee, and the user agencies have made in implementing 
and adhering to these safeguards; the steps these entities still must 
take to implement these safeguards; and any barriers to the board’s 
and the committee’s success.
7
California State Auditor Report 2015-130
August 2016
To promote transparency and encourage public participation in 
CalGang’s meetings, Justice should post summary audit results, 
meeting agendas, and meeting minutes to its website, unless doing 
so would compromise criminal intelligence information or other 
information that must be shielded from public release.
Law Enforcement Agencies
Until they receive further direction from the board, the committee, 
or Justice, the law enforcement agencies we reviewed—Los Angeles, 
Santa Ana, Santa Clara, and Sonoma—should address the specific 
deficiencies we found by taking the following actions: 
• 
Begin reviewing the gangs they have entered into CalGang 
to ensure the gangs meet reasonable suspicion requirements. 
They should also begin reviewing the gang members they 
have entered into CalGang to ensure the existence of proper 
support for each criterion. They should purge from CalGang any 
records for gangs or gang members that do not meet the criteria 
for entry. Individuals who are independent from the ongoing 
administration and use of CalGang should lead this review. 
• 
Develop or modify as necessary, and fully implement by 
March 31, 2017, all their policies and procedures related to 
CalGang to ensure they align with state law, CalGang policy, 
the federal regulations, and the state guidelines. 
Agency Comments
Justice responded to the audit stating that it agreed with all of 
the recommendations. Justice expressed that it will work with the 
board and the committee in various capacities to implement 
the recommendations. However, Justice stated that it believes 
it needs express authority and additional resources from the 
Legislature to assume oversight of CalGang.
Los Angeles, Santa Ana and Santa Clara all indicated that they 
agreed with the recommendations and would take the steps 
necessary to implement them.  
Sonoma disagreed with the audit’s findings and took exception to 
the criteria the audit relied upon. Sonoma stated that it believes it 
has met or exceeded the statutory guidelines for administering a 
model criminal intelligence system. Sonoma also stated that if 
it follows the report’s recommendations it will be forced to stop 
operating as a node administrative agency.
8
California State Auditor Report 2015-130
August 2016
Blank page inserted for reproduction purposes only.
9
California State Auditor Report 2015-130
August 2016
Introduction
Background
Criminal street gangs in California commit a multitude of crimes 
and employ violence to expand their criminal enterprises. The 
Federal Bureau of Investigation’s 2011 
National Gang Threat 
Assessment
 states that gang members are responsible for an average 
of 48 percent of violent crime in most jurisdictions and up to 
90 percent in others. According to a report the California Attorney 
General released in 2014 titled 
Gangs Beyond Borders
, gang 
membership increased by 40 percent nationally between 2009 and 
2011, leading to higher levels of violent crime within California—
particularly assault, extortion, home invasion, homicide, 
intimidation, and shootings—as well as increases both in arrests 
for human trafficking offenses and in seizures of drugs, weapons, 
and cash. Although gang populations are heavily concentrated 
in Southern California counties—Los Angeles, Orange, Riverside, 
San Bernardino, and San Diego—gangs exist in communities across 
the State, as Figure 1 on the following page shows.
The CalGang Criminal Intelligence System 
With funding from the Office of Criminal Justice Planning, CSRA 
International, Inc. (CSRA) developed the proprietary CalGang 
software in 1997.
2
 The system provides current gang information 
to law enforcement agencies that choose to use it (user agencies), 
ideally allowing those agencies to improve the efficiency of their 
criminal investigations, enhance officer safety, and better protect 
the public. Because CalGang allows user agencies to collect, store, 
and share intelligence information about individuals suspected—
but not necessarily convicted—of being involved in criminal 
activity, it qualifies as a criminal intelligence system under Title 28, 
Code of Federal Regulations, Part 23 (federal regulations). These 
federal regulations—which CalGang’s oversight entities voluntarily 
choose to follow—state that criminal intelligence entries must 
be supported by reasonable suspicion that an individual or 
organization is involved in criminal conduct or activity and that 
the information entered into the system must be relevant to 
that criminal conduct or activity. 
2
    CalGang is also known as GangNet, a system that federal law enforcement agencies, other states, 
and Canada use. 
10
California State Auditor Report 2015-130
August 2016
Figure 1
CalGang Regional Nodes and California Counties’ Gang Member and Affiliate Populations
VENTURA
SANT
A BARBARA
SAN LUIS OBISPO
SAN BERNARDINO
RIVERSIDE
ORANGE
SANT
A CRUZ
SANT
A
CL
ARA
SAN  
BENIT
O
MONTEREY
LOS 
ANGELES
KERN
SAN DIEGO
IMPERIAL
TUOLUMNE
TUL
ARE
ST
ANISL
AUS
SAN
JOAQUIN
MONO
MERCED
MARIPOSA
MADERA
KINGS
INYO
FRESNO
CAL
AVERAS
AMADOR
ALPINE
YUBA
YOLO
TRINITY
TEHAMA
SUTTER
SONOMA
SOL
ANO
SISKIYOU
SIERRA
SHAST
A
SAN MA
TEO
SAN FRANCISCO
SACRAMENT
O
PLUMAS
PL
ACER
NEV
ADA
NAP
A
MODOC
MENDOCINO
LASSEN
LAKE
HUMBOLDT
GLENN
EL
 DORADO
DEL 
NOR
TE
CONTRA 
COST
A
COLUSA
BUTTE
AL
AMEDA
        More than 10,000
        5,001–10,000
        2,501–5,000
        501–2,500
        Less than 500
Node Administrator Agency
Number of 
Gang Members and Affiliates
Sonoma County Sheriff’s Office
San Diego Police Department
San Jose Police Department
Santa Barbara Police Department
Fresno County Sheriff ’s Office
San Bernardino County Sheriff’s Office
Riverside County Sheriff ’s Department, 
Riverside County District Attorney’s 
Office, and Riverside Police Department
Kern County Sheriff ’s Office
Los Angeles County Sheriff ’s Department with 
the Los Angeles Police Department
Orange County District Attorney’s Office
MARIN
Sources: 
California State Auditor’s analysis of CalGang data obtained from the California Department of Justice as of November 23, 2015, and 
documents obtained from the California Gang Node Advisory Committee. 
Note: 
We assigned gang members and affiliates based on the location of the law enforcement agency that initially entered them into CalGang. 
We excluded 1,797 individuals for whom we did not have valid county information.
11
California State Auditor Report 2015-130
August 2016
A person can be entered into CalGang either as a documented 
gang member or as an affiliate (an individual who is known to 
associate with active gang members and whom a law enforcement 
officer reasonably suspects may be involved in criminal activity 
or enterprise). As of November 2015, more than 150,000 people 
were in CalGang, and the average length of time they had been in 
CalGang was five and a half years. Table 1 summarizes the number 
of people that law enforcement agencies added and removed from 
CalGang since January 2010 and shows that more people have been 
removed from than added to CalGang since 2011.
Table 1
Number of Gang Members and Affiliates Added to and Removed From CalGang From 2010 Through 2015
2010
2011
2012
2013
2014
2015*
ADDITIONS
Affiliates
3,534
3,419
2,337
1,829
1,717
1,444
Gang members
26,518
21,269
18,209
15,331
15,890
13,490
Total additions
30,052
24,688
20,546
17,160
17,607
14,934
REMOVALS
Affiliates purged
2,946
3,238
4,142
4,617
4,043
3,801
Affiliates manually deleted
63
55
43
15
15
19
Gang members purged
16,790
23,102
25,391
28,275
30,695
29,461
Gang members manually deleted
769
374
221
152
184
150
Total removals
20,568
26,769
29,797
33,059
34,937
33,431
Source: 
California State Auditor’s analysis of CalGang data obtained from the California Department of Justice as of November 23, 2015.
Our analysis for 2015 was limited to additions and removals that occurred as of November 23, 2015.
CalGang is what is called a 
pointer
 system; the records within it 
point—or refer—to documents outside of CalGang that contain 
information about suspected gang members and their affiliates, 
such as arrest reports, reports of interactions with law enforcement 
officers in the field, and booking photographs. Using those documents 
and in‑person observations, law enforcement agency staff—generally 
gang enforcement officers or administrative staff—record in CalGang 
various data points about gang members, including their names, 
birth dates, races, genders, known addresses, vehicles, physical 
descriptors, and personal markings such as tattoos. CalGang also 
captures information specific to gang culture, such as monikers, 
aliases, gang symbols, gang colors, gang territories, weapons, drugs, 
and gang affiliates. However, law enforcement agencies must use the 
information contained in records external to CalGang as the bases for 
any official actions, such as arrests or applications for search warrants, 
rather than the entries in CalGang itself. Figure 2 on the following 
page shows demographic information for individuals in CalGang by 
race, gender, and age. 
California State Auditor Report 2015-130
August 2016
12
Figure 2
Proportion of Gang Members and Affiliates in CalGang by Race, Gender, and Age
GENDER
6.
8
%
FEMALE
93 .1
%
MALE
0 .1
NOT IDENTIFIED
RACE
64.9
HISPANIC
20.5
BLACK
8.2
WHITE
0.6
OTHER*
3.5
NOT IDENTIFIED
2.3
ASIAN/PACIFIC ISLANDER
AGE
5 7. 3
%
18–30 years
33.6
%
31–45 years
1.7
%
Under 18 years
7. 4
%
Over 45 years
Source: 
California State Auditor’s analysis of CalGang data obtained from the California Department 
of Justice as of November 23, 2015.
Other
 includes African, American Indian, and people of two or more races.
13
California State Auditor Report 2015-130
August 2016
CalGang is the primary shared gang database law enforcement 
agencies use throughout the State. When we surveyed law 
enforcement agencies statewide, 92 percent of respondents asserted 
that CalGang was the only shared gang database their agencies 
used. When we reviewed information provided by the remaining 
8 percent of respondents, we were able to verify only one additional 
shared gang database: the Sacramento County Known Persons File. 
However, just one law enforcement agency reported that many 
agencies within Sacramento County use this shared gang database. 
We describe our survey approach and analyze selected responses in 
Appendix A beginning on page 61. 
CalGang’s Oversight Entities and Costs
Several different entities are responsible for aspects of CalGang’s 
funding, operation, and oversight. Specifically, the CalGang 
Executive Board (board) and the California Gang Node Advisory 
Committee (committee) are the system’s two informal governing 
bodies. These two governing bodies work with 10 local agencies 
called 
node administrator agencies
, as we discuss below. In addition, 
the California Department of Justice (Justice) helps to administer 
CalGang by funding its annual software maintenance contract with 
CSRA and providing technology and infrastructure support. 
CalGang’s board is composed of 15 total voting members representing 
node administrator agencies, Justice, and three statewide law 
enforcement associations.
3
 According to the board’s bylaws, its 
objectives and purposes include providing oversight and policy 
direction, ensuring CalGang performs its intended functions, 
facilitating funding, and ensuring compliance with local, state, 
and federal standards. According to the board’s bylaws, the board 
elects a chairperson annually from the 15 voting members, and that 
chairperson appoints a vice chairperson. The board’s officers may 
serve consecutive terms. The bylaws direct the board to meet in 
conjunction with the committee or as needed.
Members of the committee act as CalGang operational subject 
matter experts. The committee’s bylaws establish that each 
node administrator agency can designate one voting committee 
member and that the Justice representative also acts as a voting 
committee member.
4
 Only voting members may serve as 
the committee’s chairperson, vice chairperson, and sergeant at 
3
    The Los Angeles node has two voting members—the Los Angeles County Sheriff ’s Department 
and the Los Angeles Police Department.
4
    California Emergency Management Agency (CalEMA) is listed as a voting member in the 
committee’s bylaws. However, CalEMA has not been represented at committee meetings 
since 2011, and the board voted to remove it as a voting member in 2014
15
California State Auditor Report 2015-130
August 2016
federal regulations and state guidelines.
5
 The requirements include 
node administrator agency and CalGang user agency training, 
system audit and record purges, and information security and 
dissemination. CalGang policy also states that only properly trained 
individuals may access CalGang. We describe these requirements in 
more detail in the Audit Results. 
CalGang policy also specifies the criteria that individuals must meet 
before user agencies can add them to CalGang. Before a CalGang 
user can add an individual to CalGang as a gang member, a trained 
law enforcement officer generally must affirm that the individual 
meets at least two gang membership criteria. As shown in Table 2, 
these criteria include admitting to gang membership, being affiliated 
with known gang members, and exhibiting gang clothing or behavior. 
As previously discussed, a user can also add an individual as a gang 
affiliate if a law enforcement officer suspects the individual is involved 
in criminal activity and he or she affiliates with a documented gang 
member. According to CalGang policy, users must have sufficient 
source documentation to support CalGang entries.
Table 2
The Frequency With Which Law Enforcement Agencies Used Criteria When 
Initially Entering Individuals Into CalGang
 CRITERIA  
(REASONS FOR ENTERING AN INDIVIDUAL INTO CALGANG)
FREQUENCY OF USE 
FOR INITIAL ENTRY
1.
Subject has admitted to being a gang member.
58%
2.
Subject has been seen associating with documented gang members.
44
3.
Subject is known to have gang tattoos.
43
4.
Subject has been seen frequenting gang areas.
30
5.
Subject has been seen wearing gang dress.
25
6.
In-custody classification interview.*
24
7.
Subject has been arrested for offenses consistent with usual gang activity.
11
8.
Subject has been seen displaying gang symbols and/or hand signs.
7
9.
Subject has been identified as a gang member by a reliable informant/source.
6
10.
Subject has been identified as a gang member by an untested informant.
1
Sources: 
Policy and Procedures for the CalGang System, California Gang Node Advisory Committee; 
and California State Auditor’s analysis of CalGang data obtained from the California Department of 
Justice as of November 23, 2015.
Admission of gang membership during a custody classification interview is the one exception to 
the two
-criteria requirement.
5
    According to Los Angeles, at the May 2016 committee meeting, the committee voted to remove 
the State guidelines from its requirements. However, as of July 28, 2016 the board had not voted 
on this recommendation. 
California State Auditor Report 2015-130
August 2016
16
Effective January 1, 2014, state law requires that if law enforcement 
agencies wish to enter juveniles—defined as individuals younger 
than 18 years of age—into a shared gang database such as CalGang, 
the user agencies must first notify the juveniles and their parents 
or guardians in writing. Because those who receive the letters 
have a right to contest the gang designation, this notification 
should explain the juveniles’ rights to contest the gang designation. 
However, if the user agencies determine that notifications will 
compromise active criminal investigations or the juveniles’ health 
or safety, they are not required to provide the notifications or 
supply information to juveniles or their parents or guardians. We 
address the law’s requirements in more detail in the Audit Results. 
Privacy Protections for Californians
Justice stated in the state guidelines that law enforcement agencies 
can collect criminal intelligence information for legitimate law 
enforcement purposes; the trade‑off, however, is that doing so 
potentially violates individuals’ privacy and other constitutional 
rights. The right to privacy is an implied constitutional right under 
the United States Constitution and an express constitutional right 
under the California Constitution. Therefore, both the federal 
regulations and the state guidelines establish certain standards for 
how law enforcement agencies may collect, maintain, and share 
criminal intelligence in a way that protects the privacy rights 
of the individuals in the intelligence files. Because the board 
and committee adopted requirements indicating that CalGang 
will comply with the federal regulations and state guidelines, 
these two bodies have a responsibility to develop processes 
to ensure CalGang operates according to those requirements. 
In addition, CalGang user agencies have a responsibility to 
thoroughly understand and follow the requirements.
Academics and citizen advocacy groups have expressed concerns 
about how collecting and storing criminal intelligence in a database 
such as CalGang can impinge on individuals’ rights. Many of 
these concerns relate to the discretion law enforcement agencies 
have in classifying groups of individuals as gangs and individuals 
as gang members. In particular, academic literature suggests that 
the broad criteria used to label gangs and gang members may 
make it difficult for youth living in gang‑heavy communities to 
avoid meeting the qualifying criteria and that gang labeling can 
stigmatize minority, inner‑city youth, limiting their social and 
economic opportunities. In addition, other critics have expressed 
concerns that collecting and disseminating criminal intelligence 
may infringe upon individuals’ constitutional rights, including the 
rights to free speech, to peaceably assemble, to protection from 
illegal search and seizure, and to equal protection under the law. 
17
California State Auditor Report 2015-130
August 2016
Ultimately, California’s law enforcement agencies must balance 
the need to protect individuals’ rights with the need to protect the 
public from crime caused by gangs. The law enforcement agencies 
can achieve this balance only through rigorous processes designed 
to ensure the information they maintain in CalGang is accurate and 
lawfully obtained. 
Scope and Methodology
The Joint Legislative Audit Committee (Audit Committee) 
directed the California State Auditor to conduct an audit to 
understand the State’s adherence to relevant laws related 
to protecting the rights of individuals for whom information 
is entered into and removed from CalGang. It also asked us to 
determine the extent to which agencies across the State use CalGang. 
Table 3 on the following pages lists the 15 objectives that the Audit 
Committee approved and the methods we used to address them.
Assessment of Data Reliability
In performing this audit, we obtained electronic data files extracted 
from CalGang as of November 23, 2015. The U.S. Government 
Accountability Office (GAO), whose standards we are statutorily 
required to follow, requires us to assess the sufficiency and 
appropriateness of computer‑processed information that we use 
to support our findings, conclusions, or recommendations. To 
accomplish this assessment, we performed data‑set verification and 
electronic testing of key data elements and identified significant 
issues. As we discuss in the Audit Results, we found many instances 
of questionable data entries related to individuals’ birthdates, 
criteria dates, purge dates, and individuals’ location information. 
We also conducted accuracy testing for a selection of 563 criteria 
entries pertaining to 100 individuals in the CalGang data and 
found that 23 percent were not adequately supported. Moreover, 
we identified concerns over the existing controls that safeguard 
CalGang information from inappropriate access and man‑made 
or natural disasters. 
Due to these deficiencies, we did not perform further testing of 
the CalGang data, such as completeness testing. Consequently, 
additional weaknesses may exist that we did not identify during 
our review. As a result of the pervasive deficiencies identified, we 
determined that the CalGang data are not sufficiently reliable. 
Although our determination may affect the precision of the numbers 
we present, sufficient evidence in total exists to support our audit 
findings, conclusions, and recommendations in this report.
18
California State Auditor Report 2015-130
August 2016
Table 3
Audit Objectives and the Methods Used to Address Them
AUDIT OBJECTIVE
METHOD
1
Review and evaluate the laws, rules, 
and regulations significant to the 
audit objectives.
We identified relevant federal regulations; state laws and guidelines; CalGang 
agreements; CalGang Executive Board (board) bylaws; the California Gang Node 
Advisory Committee (committee) bylaws; CalGang policies and procedures; and other 
background materials. 
2
Identify the number of gang database 
systems that exist in California and the 
extent to which they are used by agencies.
See 
Method
 related to Audit Objective 13.
3
Identify and evaluate the roles and 
responsibilities of the California Department 
of Justice (Justice), the committee, the 
board, and any other agencies involved in 
the management and oversight of CalGang, 
including the level of training provided to 
program administrators and operators 
to implement the CalGang program and 
ensure it complies with the law.
•    We reviewed relevant federal regulations, state guidelines, CalGang agreements, the board’s 
and the committee’s bylaws, and CalGang policies and procedures. 
•    We interviewed key officials with Justice, the board, the committee, and with the four law 
enforcement agencies we selected for review—Los Angeles Police Department (Los Angeles), 
Santa Ana Police Department (Santa Ana), Santa Clara County Sheriff ’s Office (Santa Clara), and 
Sonoma County Sheriff ’s Office (Sonoma).
•    In selecting the four law enforcement agencies, we considered the following factors: agency 
location, number of gang members and CalGang users based on the CalGang data set 
described in 
Method
 related to Audit Objective 4, and whether the agency responded to our 
survey. The survey is described further in 
Method
 related to Audit Objective 13.
•    We assessed CalGang’s oversight structure in relation to key requirements specified in the federal 
regulations and in other pertinent requirements.
•    We assessed whether the committee fulfilled its responsibilities related to training materials per 
the CalGang policies and procedures. 
•    We determined whether two node administrator agencies—Los Angeles and Sonoma—fulfilled 
their responsibilities related to training materials per the CalGang policies and procedures, 
including reviewing their training materials to determine whether the materials covered all 
required topics.
4
Assess whether and to what extent access 
to and the release of data in CalGang 
is tracked and monitored to ensure all 
applicable laws, regulations, and policies 
and procedures are consistently followed. 
To the extent possible, determine 
the following for the latest year such 
information is available: 
•    We reviewed relevant federal regulations, state guidelines, and CalGang policies and 
procedures. We interviewed key officials at Justice, the board, the committee, and the 
four law enforcement agencies we selected for review.
•    We reviewed requests for information Justice and the four law enforcement agencies 
received and responded to generally between January 1, 2011, and early March 2016, to 
determine whether they released CalGang data in accordance with applicable requirements. 
•    We obtained a filtered extract of data entered by California law enforcement entities into 
CalGang as of November 23, 2015. We conducted all of the analyses of the CalGang data we 
describe throughout this report using this limited data set.
•    We identified individuals in CalGang data whose birthdates indicated that they were under 
the age of 18 upon initial entry into the system. 
•    CalGang data does not track all juvenile notifications. For review purposes, we relied on 
the notifications each law enforcement agency we reviewed had in its files. Also, as part of 
our statewide survey, we asked law enforcement agencies to report the number of juvenile 
notifications they made between January 1, 2014, and October 31, 2015.
•    We calculated the average length of time individuals were in CalGang as of 
November 23, 2015.
a. 
The number of requests for information 
and the purpose of each request. 
b. 
The number of juveniles added to the 
system since January 1, 2014, and 
the number of related notifications 
made in accordance with Senate Bill 458 
(Chapter 797, Statutes 2013) (SB458).
c. 
The length of time each individual has 
been in CalGang.
19
California State Auditor Report 2015-130
August 2016
AUDIT OBJECTIVE
METHOD
5
For the most recent five years that data 
are available and to the extent possible, 
determine the following:
•    We calculated the number of individuals added to and removed from CalGang data annually 
from January 1, 2010, through November 23, 2015.
•    We reviewed relevant federal regulations, state guidelines, and CalGang policies and 
procedures. We determined that no requirements pertaining to notifying adults added to or 
removed from CalGang currently exist.
•    We analyzed available demographics for individuals in the CalGang data.
•    We reviewed policy and procedures as available from the four law enforcement agencies as 
well as other pertinent documents.
•    We interviewed key officials at the four law enforcement agencies and determined that 
those agencies generally do not track or keep records of adult or juvenile requests for 
removal from the CalGang system. Also, as part of our statewide survey, we asked law 
enforcement agencies to report the number of requests for removal they received and the 
outcome of each. 
•    We analyzed the frequency of the criterion used by law enforcement agencies to initially 
enter individuals into CalGang.
a.    The number of people added 
to and removed from CalGang by year 
and whether they were notified of 
such action. 
b. 
Demographics of individuals in CalGang, 
including age, gender, race, ethnicity, 
and geographic location. 
c. 
Number of requests for removal from 
CalGang received and the outcome 
of each. 
d. 
Number of juvenile appeals for removal 
received and the outcome of each.
e.    The criteria used for adding each individual 
to the system during this period.
6
Determine whether individuals are 
removed from CalGang consistent with any 
guidelines established in law, regulations, 
and policies.
•    We reviewed the relevant federal regulations, state guidelines, CalGang policies and 
procedures, and policies and procedures of the law enforcement agencies, as well as other 
pertinent documents.
•    We interviewed key officials at the four law enforcement agencies.
•    We assessed whether CalGang automatically removes individuals from CalGang after 
five years if individuals do not meet additional entry criteria. 
7
Review and assess any evaluations of 
CalGang that have been conducted to 
determine its effectiveness in achieving its 
intended purpose. 
•    We reviewed the relevant federal regulations, state guidelines, CalGang policies and 
procedures, and committee meeting minutes. 
•    We interviewed key officials at Justice, the board, the committee, and the four local law 
enforcement agencies we selected for review and other key local officials.
•    We performed web searches to determine whether CalGang studies, reviews, evaluations, or 
audits have been performed and reported. 
•    We assessed committee audits and the committee’s audit processes to determine whether 
the audits were effective. 
•    We reviewed committee meeting minutes to determine what information node 
administrators reported and documented, including audit findings and how those findings 
were resolved. 
8
Determine the annual cost of CalGang and 
identify the major categories of expenditure.
•    We interviewed key officials at Justice.
•    We reviewed CalGang contracts and project cost documentation for fiscal years 2012–13 
through 2014–15.
•    As part of our statewide survey, we asked law enforcement agencies to report their costs for 
administering and using CalGang.
9
Determine whether policies and procedures 
exist to prevent, detect, and address 
possible conflicts of interest specific to 
contracting and spending related to the 
administration of CalGang.
•    We reviewed the relevant federal regulations, state guidelines, CalGang policies and 
procedures, and the 
State Contracting Manual
. We also reviewed Justice’s purchasing 
authority and pertinent documentation it maintained related to its contract with CSRA 
International, Inc.
•    We determined that Justice’s contract with CSRA International is low risk and that the 
contract itself is over twenty years old.
continued on next page . . .
20
California State Auditor Report 2015-130
August 2016
AUDIT OBJECTIVE
METHOD
10
At a selection of law enforcement agencies, 
evaluate law enforcement’s compliance with 
relevant laws and policies governing gang 
database systems.
•    We reviewed the relevant federal regulations, state guidelines, and CalGang policies and 
procedures, and other pertinent documents. 
•    We interviewed key officials with the four selected law enforcement agencies.
•    At the law enforcement agencies we selected for review, we assessed their compliance with 
selected administrative safeguards outlined in federal regulations, the state guidelines, and 
other pertinent requirements. 
•    At Sonoma, Los Angeles, and the node administrators for Santa Clara and Santa Ana—
the San Jose Police Department and the Orange County District Attorney’s Office 
respectively—we reviewed compliance with selected technical and physical safeguards 
outlined in federal regulations.
•    At the four law enforcement agencies, we reviewed a selection of gangs to determine 
whether they met gang criteria when law enforcement entered them into CalGang 
and whether they currently meet gang criteria. 
11
At a selection of local law enforcement 
agencies and for the most recent five years, 
identify the criteria being used to designate 
a person as a gang member for inclusion 
in CalGang and determine if the criteria 
align with the intended purpose of CalGang 
and with the definition of gang or gang 
member codified in Section 186.22 of 
the California Penal Code. To the extent 
possible, determine how frequently each 
criterion has been used to identify someone 
as a gang member.
•    We reviewed the relevant federal regulations, state law, state guidelines, CalGang policies 
and procedures, and policies and procedures of the law enforcement agencies, as well as 
other pertinent documents. 
•    We interviewed key officials with the four selected law enforcement agencies and reviewed 
pertinent documents to determine what criteria the agencies use for designating individuals 
as gang members. 
•    We assessed whether CalGang criteria the four local law enforcement agencies use align 
with CalGang’s purpose and with the definition of “criminal street gang.” We determined the 
four local law enforcement agencies are not using additional criteria to enter individuals 
into CalGang.
•    We analyzed the frequency of the criteria used by law enforcement agencies to initially enter 
individuals into CalGang.
12
Determine how those with oversight 
responsibility ensure the following:
•    We interviewed key officials with Justice, the board, and the committee.
•    We reviewed the relevant federal regulations, state law, state guidelines, CalGang policies 
and procedures, and board and committee meeting minutes.
•    We evaluated CalGang’s oversight structure against common characteristics of 
government programs. 
•    We assessed committee audits and the committee’s audit processes to determine whether 
the audits were effective. 
•    We reviewed committee meeting minutes to determine what information node 
administrators reported and documented, including audit findings and how those findings 
were resolved.
a. 
CalGang operates in compliance with all 
relevant laws, regulations, and policies 
and procedures.
b. 
The information included in CalGang is 
current, accurate, and reliable.
21
California State Auditor Report 2015-130
August 2016
AUDIT OBJECTIVE
METHOD
13
Survey local law enforcement agencies 
and visit selected local law enforcement 
agencies to determine the following: 
•    We surveyed 329 local and state law enforcement agencies, including county sheriff ’s offices, 
city police departments, school district police departments, and selected state agencies. 
Appendix A on page 61 further describes how we selected agencies to survey. 
•    The survey questions covered topics such as the extent of the agencies’ use of CalGang; their 
training; their processes for adult and juvenile entry, notification, and removal from CalGang; 
their information requests; and their use of other shared gang databases. 
•    We performed related analyses, including items a through d for this objective.
•    The survey responses were self-reported, and, except as noted, we did not verify the 
accuracy of the responses. We clarified survey responses agencies provided about shared 
gang databases and information requests related to employment.
a. 
Whether the law enforcement employees 
who use CalGang are adequately trained 
to implement the program and ensure 
full compliance with the law. 
b. 
Whether the policies and procedures 
local law enforcement agencies have 
put in place are adequate for ensuring 
compliance with SB 458 and other 
applicable laws.
c. 
How many requests for removal from 
CalGang have been submitted over the 
past five years and the outcomes of 
these requests.
d. 
How many juvenile appeals have been 
made since the approval of SB458 and 
how many names have been removed 
through this appeal process.
14
To the extent possible, evaluate the 
accuracy and completeness of the CalGang 
data, as well as the types of documentation 
maintained to support information entered 
into CalGang.
We selected 100 individuals (25 from each of the local law enforcement agencies we reviewed) 
recorded in CalGang and evaluated the accuracy of criteria entries by analyzing supporting 
documentation. As we discuss in the Assessment of Data Reliability on page 17, we did not test 
the completeness of CalGang.
15
Review and assess any other issues that are 
significant to the audit.
We did not identify any other issues that were significant to the audit. 
Sources: 
California State Auditor’s analysis of Joint Legislative Audit Committee audit request number 2015-130, and information and documentation 
identified in the Table column titled 
Method
Audit Results
Due to an Inadequate Leadership Structure, CalGang Has Failed to 
Comply With Requirements Designed to Protect Individuals’ Rights 
to Privacy
The California Department of Justice (Justice) funds CalGang. 
However, two bodies composed of law enforcement officials—the 
CalGang Executive Board (board) and its technical subcommittee, 
the California Gang Node Advisory Committee (committee)—are 
responsible for overseeing the CalGang database. These bodies 
operate free from the typical safeguards that are the foundation 
of government programs. When the board and the committee 
voluntarily adopted federal and state criminal intelligence 
requirements, they expressed a commitment to protect individuals’ 
privacy rights and maintain a high‑quality tool for law enforcement 
to use to suppress and solve gang crime. However, these entities 
lack the organizational structure and processes necessary to 
ensure that CalGang achieves these objectives. 
Since state funding supports CalGang and law enforcement 
agencies statewide use it, we expected to find in place a state 
law establishing the powers, legal authority, and responsibilities 
that would ensure CalGang’s leadership structure and processes 
reflect the characteristics common to public programs. However, 
CalGang was not created in statute, and Justice is not statutorily 
required to oversee it. Thus, the board and the committee have 
assumed responsibility for managing and overseeing CalGang 
and its user agencies. Because of the value of CalGang to local 
law enforcement agencies, Justice voluntarily funds it and 
provides technical support as needed. Nonetheless, Justice’s 
involvement with those bodies is inconsistent despite holding a 
voting seat on both the board and the committee. For example, 
since 2010 Justice has not been represented at one‑third of 
the board’s meetings. We asked Justice about its not attending 
certain board meetings, and Justice officials explained that it found 
limited value in attending these meetings because board members 
viewed Justice’s role narrowly and as limited to providing technical 
support and funding for CalGang. Justice’s views on policy and 
governance were not given meaningful consideration by the board 
or the committee. Although Justice could have refused to renew 
the CalGang maintenance contract, this was not viewed as a viable 
option because it would likely have caused the program to shut down. 
Justice told us that it did not at that time have any other leverage 
over CalGang to ensure that its input was given any weight.
The board and the committee act without statutory authority, 
transparency, or meaningful opportunities for public engagement. 
Table 4 summarizes the characteristics common to government 
24
California State Auditor Report 2015-130
August 2016
agencies and demonstrates the degree to which CalGang operates 
outside of those characteristics. Government agencies exhibit these 
characteristics as a means to gain the public’s trust and to engage 
the public in their decision‑making processes. Because CalGang’s 
oversight entities operate outside these parameters, their decisions 
lack transparency and public input. Specifically, the board and the 
committee do not conduct open meetings: They do not provide 
public notice of their meetings, post agendas and minutes, or 
accept public testimony. Thus, they limit the opportunity for public 
understanding and input. For example, Justice posted some of the 
board meetings’ minutes and agendas on its website, but the most 
recent document is dated May 2014—more than two years ago, 
despite there being more recent meetings. 
Table 4
Common Characteristics of Government Entities Compared to CalGang’s Current Framework
COMMON CHARACTERISTICS OF GOVERNMENT ENTITIES
CALGANG’S FRAMEWORK
SCORECARD
Statutorily defined authority and responsibilities.
No responsibilities or authority defined in state law; CalGang is subject 
only to rules the CalGang Executive Board (board) and the California Gang 
Node Advisory Committee (committee) have adopted and established. 
5
Transparency and opportunities for public participation.
Limited transparency and opportunities for public participation.
s
Direct reporting to a government agency or department 
that has policy, operations, and administrative oversight. 
Limited oversight of policies and operations. State government is a 
participant with no decision-making authority. 
s
Public input through elections, through an elected body, 
or through the composition of governing bodies. 
The board and the committee determine their own membership 
and leadership.
5
Accountability established by clearly defining the roles 
of oversight entities. 
Individuals serve in multiple roles, creating situations in which they 
oversee themselves. 
5
Independently audited.
Not audited by an external, independent body. User agencies evaluate 
their own records.
5
Specified revenue sources and, if appropriate, the ability 
to collect fees.
No designated revenue source and no authority to collect fees from 
user agencies. 
5
Legal representation. 
No legal representation.
5
Sources: 
California State Auditor’s analysis of documentation from the Institute of Internal Auditors’ 
Public Sector Definition
, excerpts from 
Strategic 
Planning for Public and Nonprofit Organizations
 by John Bryson, excerpts from 
Understanding and Managing Public Organizations
 by Hal Rainey, and 
analysis of the board’s and the committee’s bylaws and minutes and the committee’s policies and procedures. 
5
 = CalGang’s framework does not meet this common characteristic of government entities. 
s
 = CalGang’s framework only partially meets this common characteristic of government entities.
In addition, CalGang’s leadership structure does not provide 
adequate accountability or oversight. Because the board and 
the committee determine which law enforcement agencies (also 
referred to as 
user agencies
) will be node administrator agencies, 
they control the composition of their own membership: Once 
the board approves a law enforcement agency to be a node 
administrator agency, that agency designates individuals to sit 
25
California State Auditor Report 2015-130
August 2016
on the board and the committee. Moreover, the members of the 
board and the committee elect their own leadership. Thus, no 
opportunities exist for public input through elections or elected 
bodies. Accountability is further compromised because individuals 
can serve many roles within the CalGang framework. Table 5 
outlines selected responsibilities of these bodies and illustrates 
how individuals can serve in multiple oversight roles. For example, 
in the Sonoma County Sheriff ’s Office (Sonoma), the sergeant 
who serves on the committee also acts as a node administrator 
and as a CalGang user. In fact, the sergeant stated that he enters 
approximately 95 percent of CalGang records for his agency, 
yet this same sergeant is also responsible for conducting any 
audits of CalGang records for the region because he is the node 
administrator. The sergeant’s conflicting roles highlight the current 
weaknesses in CalGang’s oversight framework. 
Table 5
Selected Responsibilities of CalGang Oversight Entities and User Agencies
COMPOSITION
RESPONSIBILITIES
CalGang Executive 
Board (board)
The chief executive or his or her designee from each 
of the following: the 11 node administrator agencies, 
the California Department of Justice, the California 
District Attorneys Association, and the California State 
Sheriff ’s Association. 
•    Pro
vide oversight and policy direction.
• 
Approve the creation or abolition of a node.
•    Elec
t a chairperson annually.
California Gang Node 
Advisory Committee 
(committee)
Full-time law enforcement officers or support staff 
designated by node administrator agencies, usually 
the node administrators.
• 
Oversee the operations of law enforcement agencies 
(user agencies).
• 
Evaluate requests from agencies interested in becoming nodes.
• 
Elect a chairperson, vice chairperson, and sergeant of arms 
every other year.
Node administrator 
agencies
Designated node administrator. 
• 
Ensure that all users in the node adhere to committee policies.
• 
Conduct triannual audits.
• 
Examine gangs before they are added to CalGang.
User agencies
Law enforcement or support staff who enter 
CalGang data.
• 
Comply with committee policies.
• 
Ensure data are legal, relevant, accurate, timely, and complete.
Sources: 
Board and committee bylaws, committee policies, and interviews with the committee chair. 
Although the board and committee voluntarily committed to 
adhere to Title 28, Code of Federal Regulations, Part 23 (federal 
regulations), which establishes requirements to ensure the privacy 
of those whose data is maintained in criminal intelligence systems 
such as CalGang, their protocols for implementing the federal 
regulations allude to stronger oversight than the entities actually 
provide. Specifically, the federal regulations—which are viewed 
as the national standard for protecting and handling criminal 
intelligence systems—require rules and processes that implement 
administrative, technical, and physical safeguards to protect 
26
California State Auditor Report 2015-130
August 2016
criminal intelligence data and individuals’ rights. On the surface, 
the committee’s policies and procedures (CalGang policy) appear 
to address some of these requirements. However, the board 
and the committee have not implemented or followed all of the 
necessary processes, as summarized in Table 6. For example, federal 
regulations require audits and inspections to ensure that the user 
agencies have necessary processes in place to make key decisions, 
such as determining that reasonable suspicion exists to support 
CalGang entries. However, as we discuss later, we found that the 
committee’s audits are neither independent nor robust and that 
CalGang policy does not include a provision for on‑site inspections 
of records or facilities. 
Table 6
CalGang’s Oversight Entities’ Adherence to Federal Regulations for Protecting Criminal Intelligence
SELECTED REQUIREMENTS UNDER TITLE 28, 
CODE OF FEDERAL REGULATIONS, PART 23
CALGANG’
S IMPLEMENTATION
SCORECARD
Administrative Safeguards
Audit and inspect properly trained participating agencies to 
ensure that reasonable suspicion exists and that users are 
following federal, state, and local laws. 
Audits do not adequately review the establishment of reasonable 
suspicion or compliance with laws. CalGang’s oversight entities do 
not perform on-site inspections. 
5
Adopt procedures to ensure that all information retained in 
the database has relevancy and importance.
Procedures do not exist. 
5
Develop rules to implement authority to remove personnel 
authorized to access the system.
CalGang’s oversight entities have adopted rules to sanction users. 
Technical Safeguards
Store information in a manner such that it cannot be accessed 
without authorization.
At the time of our review, the four nodes lacked policies or 
procedures for ensuring that user accounts are disabled when 
employees transfer or separate from employment.* 
5
Physical Safeguards
Restrict access to its facilities. 
The four nodes we reviewed stored the servers containing CalGang 
information in locked buildings with limited physical access.
Institute procedures to protect criminal intelligence 
information from fire, flood, or other disasters. 
CalGang information is regularly backed up to protect from 
data loss.
Sources: 
California State Auditor’s analysis of Title 28, Code of Federal Regulations, Section 23; CalGang’s administrative, technical, and physical 
oversight processes; and the California Gang Node Advisory Committee’s policies and procedures.
= No significant issues identified.
5
 = Did not adhere to requirements. 
We visited four law enforcement agencies—the Sonoma County Sheriff ’s Office (Sonoma), the Santa Clara County Sheriff ’s Office (Santa Clara), 
the Los Angeles Police Department (Los Angeles), and the Santa Ana Police Department (Santa Ana). Two of these agencies—Sonoma and 
Los Angeles—are node administrator agencies. The other two agencies—Santa Ana and Santa Clara—are part of the nodes overseen by the 
Orange County District Attorney’s Office and the San Jose Police Department, respectively.
   Although we did not identify any significant issues related to protecting criminal intelligence information from fire, flood, or other disasters, the 
nodes we visited did not have adequate plans for restoring the information following a disaster.
   Subsequent to our review, Santa Ana’s node administrator provided us with a new procedure for evaluating the validity of its node’s CalGang 
user accounts.
27
California State Auditor Report 2015-130
August 2016
Moreover, as Table 6 shows, we have concerns about the user 
agencies’ compliance with federal regulations related to safeguarding 
CalGang information from unauthorized access. At the node 
administrator agencies for each of the four law enforcement agencies 
that we reviewed—Sonoma, the Santa Clara County Sheriff ’s Office 
(Santa Clara), the Los Angeles Police Department (Los Angeles), 
and the Santa Ana Police Department (Santa Ana)—we attempted 
to review the policies and procedures for removing or modifying 
employee CalGang user accounts when the employees transfer or 
separate from employment.
6
 However, none of the node administrator 
agencies had such policies or procedures at the time of our review. 
We found 65 active user accounts across Santa Clara, Los Angeles, 
and Sonoma for individuals who no longer worked for the agencies. 
Two of these accounts may have been vulnerable to inappropriate 
access for more than 11 years following the employees’ departures. 
Subsequent to our review, Santa Ana’s node administrator provided us 
with a new procedure for evaluating the validity of its node’s CalGang 
user accounts.
In addition, although each of the node administrator agencies 
we reviewed asserted that they protect their data against loss 
by implementing practices such as performing regular backups 
of data as federal regulations require, we found that none of the 
node administrator agencies have fully documented plans for 
restoring CalGang information after a man‑made or natural 
disaster. Specifically, neither Santa Ana’s node administrator agency 
nor Los Angeles has a contingency plan in place for restoring 
CalGang information after a loss of this nature. In contrast, 
the node administrators for Sonoma and Santa Clara provided 
written agreements with service providers for restoring CalGang 
information after a man‑made or natural disaster. However, these 
service agreements did not specify how quickly the information 
would need to be restored in order to minimize the impact of the 
interruption. Industry best practices state that organizations should 
develop contingency plans that identify maximum acceptable time 
frames during which critical business applications can be inoperable. 
Without sufficient planning, the node administrator agencies risk 
losing the capability to process and retrieve CalGang information, 
which could significantly affect user agencies’ timely access to 
gang‑related intelligence information. 
Ultimately, the board and the committee have not effectively 
communicated the federal regulations and state guidelines to user 
agencies. CalGang’s policies state that CalGang will comply with 
federal regulations and Justice’s 
Model Standards and Procedures 
6
    Two of the law enforcement agencies that we reviewed—Sonoma and Los Angeles—are node 
administrator agencies. The other two agencies—Santa Ana and Santa Clara—are parts of 
the nodes overseen by the Orange County District Attorney’s Office and the San Jose Police 
Department, respectively, which both function as node administrator agencies.
We have concerns about how law 
enforcement agencies safeguard 
CalGang information from 
unauthorized access. We found 
65 active user accounts for former 
employees; two accounts were left 
open for more than 11 years.
California State Auditor Report 2015-130
August 2016
28
for Maintaining Criminal Intelligence Files and Criminal Intelligence 
Operational Activities
, November 2007 (state guidelines). The state 
guidelines provide similar safeguards as the federal regulations but 
in certain areas are more restrictive. We expected that CalGang 
policy or the agreements that user agencies and their respective node 
administrator agencies sign would provide direction on implementing 
the requirements for safeguarding data and ensuring they are reliable. 
However, CalGang policy does not contain such guidance, and the user 
agreements do not reference the specific requirements—in fact, the 
agreements are very broad and simply state that user agencies must 
comply with all applicable laws, rules, and regulations. Consequently, 
the four law enforcement agencies we reviewed did not understand 
these requirements. For example, the sergeant at Santa Clara who is 
solely responsible for determining whether individuals meet the criteria 
for entry into CalGang stated that he was not familiar with the state 
guidelines. As we discuss later, we found that the four agencies had not 
implemented many of the processes the state guidelines require. The 
remainder of this report explores the many examples of broken and 
fragmented processes we identified related to CalGang and how these 
processes weaken the database and create opportunities for violations of 
individuals’ rights. 
Law Enforcement Agencies Could Not Always Demonstrate That They 
Had Established Reasonable Suspicion That Groups Were Gangs Before 
Entering Them Into CalGang
Although CalGang policy requires that all user agencies maintain 
sufficient source documentation to support their CalGang entries, 
we found that the law enforcement agencies we reviewed were unable 
to demonstrate that many of the groups they entered into CalGang met 
the criteria necessary for identification as gangs. The federal regulations 
and the state guidelines require that law enforcement agencies analyze 
legally obtained information to establish reasonable suspicion of 
organizations’ criminal activity before adding those organizations to 
criminal intelligence databases. To establish reasonable suspicion for 
entry into CalGang, the committee requires that law enforcement 
agencies ensure that groups meet the definition of a 
gang
 in CalGang 
policy. Figure 3 illustrates in part the criteria a group of three individuals 
must meet to be considered a gang. These criteria are important 
because after entering a gang into CalGang, a user agency may add 
individuals to that gang as gang members.
7
 An individual’s right to 
privacy is jeopardized if a law enforcement agency justifies collecting 
personal information about that individual by stating that he or she is a 
gang member when the agency has not yet established that such a gang 
exists through a documented pattern of criminal activity.
7
    Throughout this report, we use the term 
gang member
 to refer to both gang members and gang 
affiliates unless specifically stated otherwise.
California State Auditor Report 2015-130
August 2016
30
We reviewed a total of nine gangs that Sonoma, Santa Ana, and 
Los Angeles had entered into CalGang to determine whether 
the user agencies had appropriately established reasonable 
suspicion according to the criteria in CalGang policy when the law 
enforcement agency entered them.
8
 We identified problems with 
Sonoma’s and Santa Ana’s processes for adding new gangs. We 
expected that these two agencies would be able to direct us to the 
records they analyzed to determine that the group of three or more 
individuals had a common sign, symbol, or name and demonstrated 
a pattern of criminal gang activity, as depicted in Figure 3. However, 
we found that Sonoma and Santa Ana generally relied on summary 
statements agency staff provided on forms or in emails that 
described how groups met the reasonable suspicion requirements 
for CalGang entry. Although through subsequent follow up we 
found that these groups 
currently
 meet the definition of a gang, 
neither agency was able to demonstrate which individuals—at 
the time of the groups’ initial entry into CalGang—supported the 
agencies’ conclusions that the groups met the necessary criteria. 
Therefore, neither agency could prove that it performed the analysis 
required to establish reasonable suspicion. In contrast, we found 
that Los Angeles could support the gang we reviewed. Specifically, 
before Los Angeles added the gang into CalGang, it supported that 
reasonable suspicion existed by maintaining a list of individuals and 
their associated arrests, which together established gang criteria.
Sonoma’s process for adding new gangs to CalGang is of particular 
concern to us. The sergeant acting as Sonoma’s node administrator 
is responsible for adding gangs for the 30 counties that make up 
the Sonoma node, yet he does not collect or analyze the source 
documents that support his gang entries. Moreover, he destroys 
the summary documentation the agencies within those counties 
provide after transferring the information into CalGang. Therefore, 
the sergeant could not provide supporting documentation for 
any of the four gangs we examined from Sonoma. This approach 
increases the risk that he will add groups to CalGang even when 
user agencies have not established reasonable suspicion according 
to CalGang policy. Once a gang is added to CalGang, all user 
agencies in the node, which encompasses Northern California, are 
free to collect and share information about individuals they believe 
are gang members, potentially violating those individuals’ rights. 
Additionally, the committee has not ensured that user agencies 
periodically assess gangs to determine whether they continue 
to meet the criteria in CalGang policy. The minutes from board 
and committee meetings show that nodes periodically query 
8
    Santa Clara does not add gangs to CalGang; rather, it links suspected gang members to gangs 
already existing in the database. Consequently, it did not have a process for us to review.
Sonoma’s node administrator adds 
gangs for 30 other counties, yet 
he does not collect or analyze the 
source documents that support his 
gang entries.
31
California State Auditor Report 2015-130
August 2016
CalGang data to identify and remove gangs with fewer than 
three members. However, this type of limited review does not 
confirm that reasonable suspicion continues to exist for larger gangs, 
creating the risk that CalGang contains information on individuals 
who are alleged members of groups that no longer meet the gang 
criteria. Guidance provided by the Institute for Intergovernmental 
Research—the criminal intelligence training vendor with which 
the federal government contracts—indicates that law enforcement 
agencies should periodically validate that reasonable suspicion 
exists for a gang within a specified time frame, called a retention 
period. According to this guidance, the gang and its members should 
generally be purged at the end of this retention period. However, no 
retention period for gangs exists in CalGang if reasonable suspicion 
can no longer be validated. 
As a result, Los Angeles had no information since 2008 in its gang 
history records demonstrating that one gang had engaged in a 
pattern of criminal activity. To determine whether Los Angeles had 
simply neglected to update its history for this gang, we analyzed 
CalGang records for its members between 2010 and 2015 and 
found Los Angeles’ officers documented only one arrest for offenses 
consistent with gang activity. However, we determined through a 
review of that individual’s criminal history records that he was not 
arrested on the date documented in CalGang. As a result, based on our 
review, Los Angeles no longer had sufficient reasonable suspicion in 
its gang records or in CalGang to continue to categorize this group as 
a gang and the node administrator would not have reviewed the gang 
until its membership in CalGang fell below three members. 
After we brought this problem to the attention of Los Angeles, its 
node administrator researched the gang’s members and provided us 
with records of arrests of gang members that law enforcement officers 
did not include in the gang’s history or accurately enter into CalGang. 
Although some of the offenses Los Angeles directed us to are consistent 
with gang activity, we question why Los Angeles failed to enter this 
information into CalGang and update its internal gang history. This 
example demonstrates why it is important for CalGang user agencies 
to establish a retention period and periodically assess whether a gang 
continues to meet reasonable suspicion requirements in order to ensure 
system accuracy and the protection of individuals’ rights. 
Law Enforcement Agencies Do Not Have Adequate Support for Some of 
the Individuals and Many of the Criteria They Entered Into CalGang
When law enforcement agencies cannot provide adequate support 
for the inclusion of individuals in CalGang, documenting those 
individuals’ whereabouts, appearance, and associates in a shared 
database could constitute or lead to a violation of their privacy or 
It is important for CalGang user 
agencies to establish a retention 
period and periodically assess 
whether a gang continues to meet 
reasonable suspicion requirements 
in order to ensure system 
accuracy and the protection of 
individuals’ rights.
32
California State Auditor Report 2015-130
August 2016
other constitutional rights. Further, the inclusion of inaccurate or 
unsupported information in CalGang reduces the system’s value 
to law enforcement agencies. Nonetheless, when we reviewed a 
selection of 100 people included in CalGang, we found that law 
enforcement agencies did not have adequate support for inclusion of 
13 of these individuals. Additionally, because user agencies can identify 
numerous reasons, or criteria, for entering or retaining individuals in 
CalGang, we reviewed more than 500 items of criteria associated with 
these 100 individuals and found that the user agencies lacked adequate 
supporting documentation, such as field notes or arrest report 
narratives, for 23 percent of the criteria. 
CalGang policy requires, with one exception, that a user agency 
identify two documented criteria for initially entering a person into 
CalGang.
9
 For the individual to remain in CalGang longer than 
five years from the date of original entry, a user agency must enter 
subsequent criteria, which will reset the five‑year period from that 
date. User agencies generally enter criteria when they have additional 
contacts with the individuals. Because user agencies may have 
entered numerous criteria for some individuals, those individuals’ 
inclusion in CalGang may be justifiable even if some of these 
criteria are unsupported. As shown in Table 7, we found that 131 of 
the 563 (23 percent) items of criteria we reviewed lacked support. 
Ultimately, this led us to conclude that law enforcement agencies 
did not have adequate support for inclusion in CalGang for 13 of the 
100 individuals we reviewed.
Table 7
Four Law Enforcement Agencies’ Support for a Selection of 100 Individuals in CalGang
LAW ENFORCEMENT AGENCY 
INDIVIDUALS
GANG CRITERIA
NUMBER 
REVIEWED
NUMBER 
ADEQUATELY 
SUPPORTED
NUMBER NOT 
ADEQUATELY 
SUPPORTED
NUMBER 
REVIEWED
NUMBER 
ADEQUATELY 
SUPPORTED
NUMBER NOT 
ADEQUATELY 
SUPPORTED
Los Angeles Police Department
25
23
2
213
165
48
Santa Ana Police Department
25
22
3
104
89
15
Santa Clara County Sheriff ’s Office and 
the San Jose Police Department*
25
24
1
127
107
20
Sonoma County Sheriff ’s Office
25
18
7
119
71
48
Totals
100
87
13
563
432
131
Source: 
California State Auditor’s review of four law enforcement agencies’ support for 100 people included in CalGang.
The San Jose Police Department is responsible for the majority of the entries we reviewed and the criteria we found to not be adequately supported.
   Other agencies in the Sonoma County node—excluding Sonoma County Sheriff ’s Office—were responsible for nearly half of the criteria we found to 
not be adequately supported. 
9
    The only exception to the two
-criteria requirement is when an individual admits to his or her gang 
membership during an in-
custody classification interview for jail or prison housing.
33
California State Auditor Report 2015-130
August 2016
As indicated in Table 8, 31 of the unsupported criteria related to 
the criterion “subject has admitted to being a gang member,” while 
three related to “in‑custody classification interview,” which are 
admissions of gang membership when individuals are brought 
into custody and will be confined with other individuals. In these 
instances, we found that the source documents either contained 
no record of gang membership admissions or, in some instances, 
indicated that the individuals said they were not—or not currently—
gang members. For example, Sonoma justified entering a person into 
CalGang in part because he supposedly admitted to being a gang 
member during a custody classification interview at the county jail. 
However, when we obtained a record of this interview, we found that 
the person said he was not currently a member of the gang to which 
he was later connected in CalGang. In fact, he specifically requested 
to not be housed with this gang. The only criterion for this individual’s 
inclusion in CalGang for which we found support was that he had 
been seen associating with documented gang members. However, 
even that circumstance consisted of no more than an officer’s 
observation that the individual was in the garage of a residence that 
a documented gang member had left. Given that Sonoma did not 
have adequate support for any other criteria for this individual, we 
concluded that his inclusion in CalGang was inappropriate.
Table 8
Number and Types of CalGang Criteria Entries That Lacked Adequate Support
CRITERIA 
NUMBER OF 
CRITERIA NOT SUPPORTED
NUMBER OF 
CRITERIA REVIEWED
Subject has admitted to being a gang member.
31
136
Subject has been arrested for offenses consistent with usual gang activity.
29
70
Subject has been seen associating with documented gang members.
28
98
Subject is known to have gang tattoos.
16
104
Subject has been identified as a gang member by a reliable informant/source.
8
11
Subject has been seen wearing gang dress.
7
33
Subject has been seen frequenting gang areas.
6
63
Subject has been seen displaying gang symbols and/or hand signs.
3
12
In-custody classification interview.
3
35
Subject has been identified as a gang member by an untested informant.
0
1
Totals
131
563
Source: 
California State Auditor’s review of four law enforcement agencies’ support for 100 people included in CalGang, as listed in Table 7 on page 32.
When we asked about these admission‑related entries that did not 
match source documents, representatives of the law enforcement 
agencies often agreed that the criteria were not accurate and even 
purged the information from CalGang. At times they explained that 
34
California State Auditor Report 2015-130
August 2016
they could have used other field observations they did not record in 
CalGang but that were present in the source documents to justify 
the individuals’ inclusion in CalGang. However, admitting that they 
could or should have entered other criteria into CalGang does not 
negate the fact that the system inaccurately reflects individuals’ 
statements regarding gang membership. For CalGang to be 
useful to law enforcement personnel, it should be both complete 
and accurate. 
We also found 29 instances in which user agencies 
were unable to support the criterion “subject has 
been arrested for offenses consistent with usual 
gang activity.” In fact, in nine of these instances, we 
could not find that the person had been arrested 
for any offense—despite the use of this criterion to 
justify putting the individual in CalGang. For the 
remaining 20 entries, we found that the 
individuals had been arrested for common crimes 
that did not necessarily have any connection to 
gang activity, such as probation violations and drug 
possession. Although the committee established 
the 10 criteria listed in Table 8 on page 33, it did 
not implement any policies or procedures further 
describing what offenses are consistent with gang 
activity. However, the Penal Code contains a list of 
offenses that can be used to determine that a group 
is a criminal street gang for the purpose of 
prosecuting its members, a selection of which are 
listed in the text box. Absent any further definition 
from the committee or from the user agencies we 
reviewed, we used the Penal Code’s categories as a 
benchmark for whether individuals’ offenses were, 
in fact, consistent with gang activity.
In response to our concern regarding the offenses law enforcement 
agencies used for this criterion, Santa Ana agreed to remove 
one criteria entry related to loitering and two related to drug 
possession. Conversely, the node administrator in Sonoma stated 
that we misunderstood the concept of “subjective reasonable 
suspicion” and maintained that some of the offenses we were 
questioning—violating probation and resisting arrest—are common 
among gang members. When we questioned a criteria entry 
because the associated offense was the prohibited possession 
of ammunition, which the Penal Code does not identify as a 
gang‑related offense, the Sonoma node administrator responded 
that “possession of ammunition by a gang member is a gang crime.” 
The problem presented by both of these responses is that they 
presuppose that the individuals in question are gang members and 
therefore the offenses for which they were arrested are gang crimes. 
Selection of Offenses Used to Establish  
a Pattern of Criminal Gang Activity
• 
Assault with deadly weapon.
• 
Robbery, burglary, and carjacking.
• 
Homicide and manslaughter.
• 
Sale, or possession for sale, of a controlled substance.
• 
Shooting at an inhabited dwelling or occupied 
motor vehicle.
•    Arson.
• 
Rape, torture, and kidnapping.
• 
Money laundering and counterfeiting.
• 
Intimidation of witnesses and victims.
• 
Prohibited possession of firearm.
• 
Felony vandalism. 
Source: 
Penal Code 186.22, Section (e).
35
California State Auditor Report 2015-130
August 2016
In our view, offenses need to be indicative of gang activity for user 
agencies to justify including individuals in CalGang. Although we 
understand law enforcement officers must exercise judgment in 
making certain criteria determinations, the results of our testing 
suggest that the exercise of this judgment needs to be informed by 
specific regulations.
The user agencies were also frequently unable to support the 
criterion “subject has been seen associating with documented gang 
members.” Specifically, we found 28 criteria entries in which the law 
enforcement agencies did not document that the people with whom 
the individuals in question were associating were gang members. In 
fact, at times we found no record of anyone else even being present 
during the events leading to the particular field observations. 
In regard to the other unsupported criteria listed in Table 8 on 
page 33, we did not question the validity of the law enforcement 
officers’ field observations but rather only identified criteria as 
unsupported if the source documents lacked such observations 
altogether.
10
 For example, if the law enforcement officers indicated 
in source documents that geographical locations, tattoos, 
symbols, or manner of dress were gang‑related, we accepted these 
statements. However, we identified criteria entries as unsupported 
if no such statements were present. For example, Los Angeles used 
the criterion “subject has been identified as a gang member by a 
reliable informant/source” to justify the inclusion of an individual 
in CalGang. Upon hearing our concern that the source document 
made no mention of an informant or other source, the node 
administrator for Los Angeles responded that the “reliable source 
would be the officer making the determination.” This interpretation 
of what constitutes a “reliable informant/source” is inappropriately 
broad and would allow officers to enter this criterion absent 
any evidence other than their own views that individuals are 
gang members. 
We found two primary causes for the inaccurate criteria entries we 
identified. Based on their descriptions of their processes for 
entering information into CalGang, the user agencies we reviewed 
often have administrative staff or other designated officers enter 
information into CalGang rather than the officers who made the 
field observations. CalGang policy does not prohibit this approach 
and we recognize that it can be efficient. However, it may also be 
the cause of some of the discrepancies between CalGang entries 
and the corresponding source documents. Another contributing 
10
  For the criterion “subject has been seen frequenting gang areas,” we accepted the judgment 
of those administering CalGang even when the field officers did not specifically record this 
observation. Given their unique position of regularly recording or observing CalGang entries, 
these administrators are likely to know the geographical locations that gangs frequent.
Although law enforcement officers 
must exercise judgment in making 
certain criteria determinations, 
the results of our testing suggest 
that the exercise of this judgment 
needs to be informed by 
specific regulations.
California State Auditor Report 2015-130
August 2016
36
factor to the deficiencies we found is the lack of strong oversight 
of CalGang. No independent party regularly scrutinizes CalGang 
criteria—a condition we detail later in the report. 
As a result of these inaccurate criteria entries, law enforcement 
agencies are tracking people in CalGang who do not appear to 
justifiably belong in the system. Further, the inaccuracies weaken 
its value to law enforcement because many of the descriptions in 
CalGang do not match the support to which the system is pointing. 
If law enforcement agencies later attempt to use this support as 
evidence in convictions or 
sentencing enhancements
—years added 
to a prison term when an individual commits a crime to promote or 
assist a gang—they will find that the information was not worth the 
time and resources they used to locate and analyze it.
Throughout the audit, law enforcement officials offered their 
perspective that inclusion in CalGang is of little impact to an 
individual because CalGang only points to source documentation. 
CalGang policy prohibits using the system as the basis for expert 
opinion or statements of fact in official reports or for non‑law 
enforcement purposes, such as employment screenings. However, 
we found that neither of these prohibitions is always followed. 
In fact, when we searched California appellate cases that 
contained the terms 
CalGang
 or 
gang database
, we found at least 
four unpublished cases that referred to CalGang as support for 
expert opinions or conclusions in official reports that individuals 
were or were not gang members. Further, we found one case 
in which a CalGang printout was apparently provided to a jury. 
We found numerous other instances in which the unpublished 
decisions by the appellate courts cited or otherwise contained 
references to CalGang or a gang database. As we discuss later in 
this report, three user agencies admitted that they use CalGang 
for employment or military‑related screenings. These examples 
emphasize that inclusion in CalGang has the potential to seriously 
affect a person’s life and therefore the accuracy and appropriate use 
of CalGang is of critical importance. 
Law Enforcement Agencies Lack Appropriate Safeguards to Ensure 
the Accuracy and Security of CalGang Records
Law enforcement agencies have failed to ensure that CalGang 
records are added, removed, and shared in a way that maintains 
the accuracy of the system and safeguards individuals’ rights. 
We found that the agencies we examined did not review records 
before and after entering them in CalGang and that committee 
audits of the information within CalGang lacked independence 
and transparency. Moreover, flaws in CalGang’s controls caused 
many individuals to remain in the system longer than federal 
Inclusion in CalGang has the 
potential to seriously affect a 
person’s life and therefore the 
accuracy and appropriate use of 
CalGang is of critical importance.
37
California State Auditor Report 2015-130
August 2016
regulations allow; in fact, some individuals are currently scheduled 
to remain in CalGang for hundreds of years. Finally, in response to 
our survey, three agencies reported using CalGang for employment 
or military
‑related screenings, which represent an inappropriate 
use of the system. We believe that the committee’s failure to 
implement standardized training has contributed to user agencies’ 
inappropriate and inconsistent use of CalGang. In addition, the 
committee’s lack of oversight and the user agencies’ lack of sound 
processes has increased the risk of inaccuracies in CalGang, which 
could jeopardize the effectiveness of investigations and lead to 
violations of individuals’ privacy rights. 
Law Enforcement Agencies Have Not Established Necessary Processes 
for Reviewing and Purging Records
The federal regulations and state guidelines that CalGang 
adopted outline the requirements for maintaining individuals’ 
criminal intelligence records. The requirements that relate to 
reviewing records accomplish two objectives: They ensure that the 
information in CalGang is accurate, which helps make CalGang 
a valuable tool for solving and preventing crimes, and they help 
ensure that inaccurate information is not added and that unreliable 
and unnecessary information is purged, which protects individuals’ 
rights. As Figure 3 on page 29 indicates, the federal regulations and 
state guidelines require that law enforcement agency supervisors 
review and approve criminal intelligence data before entry. The 
state guidelines also recommend periodic quality control reviews of 
such data and permanently removing data from CalGang if they are 
misleading, obsolete, or otherwise unreliable. 
However, as Table 9 on the following page shows, the four law 
enforcement agencies we reviewed did not have processes in place 
to ensure that agency supervisors and quality control reviewers 
evaluated records before their entry into CalGang. In fact, three 
of the four agencies followed a practice of allowing one law 
enforcement officer or analyst to decide unilaterally which suspected 
gang members to add to CalGang. In contrast, Los Angeles has 
established and generally followed a process requiring that a 
supervisor review records before their entry. However, none of 
the four agencies annually assessed CalGang records as the state 
guidelines require. The Sonoma node administrator explained 
that his agency had not implemented these requirements because 
they would add unnecessary levels of review that would delay the 
entry of information into CalGang. He further stated that until 
the agency enters the information, it is not usable intelligence. 
However, if Sonoma or other agencies believed that the safeguards 
in the state guidelines were too onerous, they should have at least 
established other, compensating processes that would ensure the 
39
California State Auditor Report 2015-130
August 2016
Specifically, the audits are limited in focus and it is difficult 
to determine if any change resulted. Board meeting minutes 
dated January 2006 indicate that the board directed each node 
administrator agency to audit 30 records a year, resulting in the 
annual review of 330 records statewide. However, this level of 
review appears inadequate given that CalGang contains in excess 
of 150,000 individuals’ records. Further, the minutes from the 
committee’s meetings document that the node administrator 
agencies report on the results of their audits, but the minutes lack 
sufficient detail of how the agencies addressed the problems they 
uncovered. Thus, for the majority of its audits, the committee was 
unable to demonstrate the value of its audit process and the related 
outcomes. The limited focus of these audits is especially concerning 
because they are the only oversight tool that the committee uses, 
yet the audits are self‑reported with no independent verification 
of the results, resulting in a process that is not robust enough 
to ensure that user agencies are maintaining valid and accurate 
criminal intelligence records, adhering to security protocols, 
and upholding individuals’ rights to privacy. The lack of an 
appropriate audit process potentially weakens CalGang’s value 
as a law enforcement tool and may contribute to the public’s 
concern that law enforcement agencies are mishandling private, 
sensitive information.
Our review of CalGang records statewide identified a significant 
number of errors that demonstrate the need for stronger controls 
over the processes for entering, evaluating, and auditing the data 
in CalGang. For example, we found 42 individuals in CalGang 
whose birthdates indicated that they were less than one year old at 
the time their information was entered, 28 of whom were entered 
into the system in part because they admitted to being gang 
members. CalGang also contained information that was unusable 
for meaningful data analysis, such as telephone numbers, zip codes, 
or random characters in the data field intended to capture a city 
name. Additionally, we found instances in which city names were 
misspelled or abbreviated in inconsistent ways. For example, we 
identified more than 100 variations for Los Angeles, including 
“Los Angels” and “Los Angeleses.” 
We expected that the law enforcement agencies we examined 
would be familiar with the state guidelines that the committee 
adopted and have the necessary safeguards in place to implement 
the related requirements. However, key officials and CalGang 
users from Los Angeles, Santa Ana, and Santa Clara were all 
unaware of the state guidelines and the requirements therein. At 
Sonoma, the sergeant who functions as the node administrator 
stated that the processes the state guidelines outline were either 
not applicable to CalGang, did not have value, or would be too 
resource‑intensive to fully implement. We disagree with the 
Our review of CalGang records 
statewide identified a significant 
number of errors that demonstrate 
the need for stronger controls 
over the processes for entering, 
evaluating, and auditing the data 
in CalGang.
California State Auditor Report 2015-130
August 2016
40
sergeant’s assertions because CalGang policy explicitly requires 
user agencies to follow the state guidelines. Further, if Sonoma or 
other agencies had concerns regarding the processes in the state 
guidelines, they should have reconciled them with processes that 
were similarly robust but more efficient to implement. Disregarding 
the guidelines designed to enhance CalGang’s accuracy and to 
preserve individuals’ rights degrades the database and calls into 
question user agencies’ commitment to CalGang’s mission—
to provide an accurate resource for law enforcement. 
The programming underlying CalGang also may jeopardize 
individuals’ privacy rights because it did not purge all records 
within the required time frames. User agencies rely upon CalGang’s 
automatic purge function to comply with the requirement in 
the federal regulations to remove criminal intelligence records if 
user agencies have not added new information indicating gang 
membership within five years. However, when we searched 
104 records for individuals in CalGang to ensure that they had 
been purged on schedule, we found that 12 remained in CalGang 
even though they did not contain new information that would have 
warranted extending their purge dates. In fact, these 12 records 
reflected purge dates that should have taken effect in the past. 
Santa Clara, which is within the San Jose node, had created all 
12 records, but neither Santa Clara’s gang sergeant nor the sergeant 
in the gang investigations unit at the San Jose node could offer an 
explanation as to why the automatic purge function had exhibited 
this operational deficiency. When we checked CalGang again 
about three weeks later, the 12 records had been purged. CSRA 
International, Inc. (CSRA)—the company that developed the 
proprietary CalGang software—indicated that errors with 
the San Jose node’s server caused the automatic purge function to 
run improperly for approximately two months. CSRA asserted that 
it resolved this error and has implemented procedures to quickly 
identify similar issues in the future.
Further, as of November 2015, we identified records for 
three additional individuals who should have been purged in 2002, 
2003, and 2008, respectively. When we asked CSRA why these 
individuals were still in CalGang, it identified a programming 
error that caused the automated purge process to overlook the 
three individuals. Consequently, these individuals’ records remained 
in CalGang from seven to 13 years beyond when they should have 
been purged. CSRA asserted that it subsequently corrected this 
error and would report these three individuals to the appropriate 
law enforcement agency for review. As of June 2016, CSRA reported 
that these individuals were no longer in CalGang.
The programming underlying 
CalGang may jeopardize 
individuals’ privacy rights because 
it did not purge all records within 
the required time frames.
41
California State Auditor Report 2015-130
August 2016
Finally, CalGang’s programming has not at times had sufficient 
controls to prevent future dating of entries related to gang 
membership or affiliation. This lack of controls—coupled with 
law enforcement’s failure to establish a thorough review process 
to ensure the accuracy of data entries—could cause individuals to 
inappropriately remain in CalGang for several decades, or even 
centuries. Specifically, we identified 628 individuals whose records 
had purge dates beyond the standard five‑year time period, 
including 257 whose records were not scheduled to be purged 
for more than 100 years. When we inspected these individuals’ 
criteria dates—which is the information CalGang software uses to 
calculate purge dates—we found that the entries were future‑dated. 
For example, one individual had a criteria entry dated in the year 
9992, which resulted in a purge date in the year 9997, or nearly 
8,000 years from now. Although these future dates are most likely 
the result of data entry errors, an incorrect entry has significant 
implications for the timely removal of the individual from CalGang. 
When we asked CSRA how such errors could occur, it stated that 
before 2009, and then again between 2011 and 2014, CalGang 
user agencies could enter future‑dated criteria. CSRA asserted 
that it implemented controls in 2014 designed to prevent users 
from future‑dating criteria. In addition, CSRA indicated that it 
would report the individuals we identified to the appropriate node 
administrators for review and possible deletion. However, as of 
June 2016, CSRA stated that 115 individuals with future‑dated 
criteria remained in CalGang.
Absent a robust review process, the committee has relied 
completely on the CalGang software to remove individuals within 
the time frames federal regulations specify. Software deficiencies 
have allowed some records to remain in CalGang and accessible to 
law enforcement agencies far beyond their purge dates. Retaining 
records in CalGang for longer than the federal regulations allow 
potentially violates individuals’ rights and pollutes CalGang with 
outdated information that may hinder law enforcement agencies’ 
efforts to suppress gang activity. 
Law Enforcement Agencies Lack Processes to Ensure They Share 
CalGang Information Properly and Limit CalGang Access as CalGang 
Policy Requires 
To preserve individuals’ privacy rights, numerous requirements 
contained in the federal regulations, the state guidelines and 
CalGang policy exist around sharing CalGang information. These 
requirements are generally rooted in the concept that CalGang 
information should be shared only for a law enforcement purpose 
and only with requesters that have a “need and right to know.”  
We identified 628 individuals whose 
records had purge dates beyond 
the standard five-year time period, 
including 257 whose records were 
not scheduled to be purged for 
more than 100 years.
California State Auditor Report 2015-130
August 2016
42
Nevertheless, we found that CalGang’s oversight entities and user 
agencies have not taken all the steps necessary to ensure CalGang 
information is shared only when appropriate. Specifically, the four 
local law enforcement agencies we reviewed each lack necessary 
policies and procedures for sharing CalGang information. Further, 
responses to our statewide survey suggest that at least three law 
enforcement agencies may have inappropriately used CalGang as an 
employment screening tool.
The information‑sharing policies of all four user agencies we 
reviewed omit some of the safeguards that CalGang policy requires. 
Requests for CalGang information can come either from within 
user agencies or from external parties, such as law enforcement 
agencies that do not use CalGang, media outlets, and researchers. 
CalGang policy requires that each user agency establish written 
policies and procedures for accessing CalGang information 
that ensure that they only share information in accordance with 
existing laws, regulations, and guidelines. However, we identified 
weaknesses in the policies of each of the four law enforcement 
agencies we reviewed. For example, Los Angeles’s policy addresses 
releasing information for discovery motions and requests for 
records, and it also specifies the parties that must approve 
information releases. Nonetheless, it is silent about documenting 
the requestors’ need and right to know and tracking to whom it 
releases criminal intelligence—both of which are requirements 
in federal regulations and state guidelines. As a result of similar 
types of omissions at all four user agencies, the users at the 
agencies lack the guidance necessary to ensure they share criminal 
intelligence only with authorized recipients and only for law 
enforcement purposes.
We attempted to assess Justice’s and the four user agencies’ past 
decisions to share information, but we have little assurance 
that they identified all of the CalGang requests they received. 
Specifically, Justice and the four agencies could identify requests 
for CalGang information made pursuant to the Public Records 
Act, but none of these law enforcement agencies had processes to 
capture internal requests or requests from other law enforcement 
agencies. Justice, Los Angeles, Santa Clara, and Santa Ana identified 
a combined total of 16 information requests they received between 
January 2011 and early March 2016; in contrast, the sergeant who 
functions as the Sonoma node administrator asserted that Sonoma 
did not receive any requests for information during that time frame. 
Table 10 shows the information requests categorized by requestor 
type and by the nature of the CalGang information requested. We 
found that requestors sought criminal intelligence information 
in four instances and that the agencies declined to provide the 
information because the requestors did not have a right to know it. 
The four local law enforcement 
agencies we reviewed each lack 
necessary policies and procedures 
for sharing CalGang information.
43
California State Auditor Report 2015-130
August 2016
Table 10
Summary of CalGang Information Requests Received Between 
January 2011 and March 2016 by Requestor Type and the Nature of the 
Information Requested
NATURE OF INFORMATION REQUEST
REQUESTOR
CRIMINAL  
INTELLIGENCE RECORDS
CALGANG STATISTICS
POLICY AND PROCEDURES/
OPERATIONAL INFORMATION
Media
0
5
3
Researchers
2
3
3
Legal counsel
2
1
1
Private party
0
1
1
Totals
4
10
8
Source: 
California State Auditor’s analysis of public records requests received by the California 
Department of Justice, Santa Ana Police Department, Santa Clara County Sheriff ’s Office, and 
Los Angeles Police Department. 
Note: 
The Table reflects the nature of all the information the requests specified. Requests may have 
covered more than one category of information; thus, the nature of the requests will not correlate 
with the 16 total requests the four agencies asserted they received. 
Conversely, our statewide survey revealed that, of the 190 law 
enforcement agencies that responded to this question, three may 
have inappropriately shared information because they used 
CalGang to screen for employment or military recruitment 
purposes. Screenings of these types are not apparent law 
enforcement activities—they are not related to preventing or 
solving crimes—and thus do not meet the standard of need 
or right to know for a law enforcement purpose. Specifically, an 
administrative aide from Ventura County Sheriff ’s Department 
(Ventura) asserted that she reviewed CalGang to determine if 
individuals who applied for employment with Ventura were listed 
as gang members. Similarly, a sergeant from Thousand Oaks Police 
Department (Thousand Oaks) asserted that the agency reviewed 
CalGang to assist the military in determining whether a candidate 
was a gang member. Finally, a detective from Santa Barbara County 
Sheriff ’s Office (Santa Barbara) reported using CalGang to screen 
for employment and to assist the military. 
Although each of the three agency officials asserted that they 
did not print or distribute any hard‑copy CalGang information 
resulting from their searches, using the system in this manner 
does not appear appropriate. On three separate occasions dating 
back to 2006, the board or the committee determined that user 
agencies should not use CalGang for employment background 
checks or in response to requests from the military. The board 
established that military recruiters do not have the need or right 
to know CalGang information and therefore users should not fill 
those information requests. Nevertheless, based on our review 
44
California State Auditor Report 2015-130
August 2016
of their respective minutes, neither the board nor the committee 
disseminated these decisions to the CalGang users. Moreover, 
the committee did not clarify in CalGang policy that these uses 
are prohibited. Consequently, two of the three agencies asserted 
that using CalGang to screen employment or military candidates 
was appropriate. For example, according to a Thousand Oaks 
sergeant, using CalGang to respond to requests from military 
recruiters is appropriate because the military does not want to 
train gang members in the use of weapons and tactics, thus making 
those individuals more dangerous to the public. Alternatively, 
the Santa Barbara detective agreed that using CalGang to 
screen candidates for internal positions or for the military was 
inappropriate and planned to suggest the agency change its 
practices. The mix of interpretations is concerning to us and 
suggests that user agencies need better, and perhaps more frequent, 
training, as we describe in the next section.
The Committee and Node Administrators Cannot Demonstrate They 
Follow CalGang Training Policy or Best Practices 
As previously discussed, the board and the committee delegate 
important tasks to user agencies, such as determining whether 
reasonable suspicion of criminal activity exists to warrant entering 
individuals into CalGang. However, the agencies’ 
abilities to effectively perform these tasks 
depends in large part on the training their staff 
receives. Consequently, CalGang policy states 
that the committee will develop, review, and 
approve standardized trainings for the staff at 
user agencies. Although the text box shows the 
committee’s required training topics for user 
agencies, neither the committee nor the two node 
administrator agencies we reviewed could 
demonstrate that the committee had developed 
or approved standardized training materials for 
statewide use. Instead, each node administrator 
agency develops its own materials. In addition, we 
expected to find that the committee had processes 
in place to identify needed changes and updates to 
the content of the training materials. For example, 
changes to state law that took effect in 2014 
regarding notifying juveniles and their parents or 
guardians before entering juveniles into CalGang 
presented the committee with an opportunity to 
update CalGang training materials, but we found 
no evidence that the committee had done so.
Training Topics for CalGang User Agencies 
The CalGang Node Advisory Committee requires that 
training for user agencies must address the following topics, 
at a minimum: 
•    The definition of a 
criminal street gang
•    The accepted criteria for identifying gang members, 
affiliates, and adding photos.
•    The definition of 
criminal predicate
 and 
reasonable suspicion
.
•    Local, state, and federal statutes and policies regarding 
criminal intelligence information.
•    Physical and technical security.
•    Data dissemination protocols.
•    Practical, hands‑on database use.
Source: 
California Gang Node Advisory Committee Policy and 
Procedures for the CalGang System (2007).
45
California State Auditor Report 2015-130
August 2016
The lack of standardized training may have created inconsistencies 
in how user agencies apply the criminal intelligence requirements 
the committee has adopted. Specifically, as discussed previously, 
we found that law enforcement agencies we reviewed did not have 
adequate support for including 13 individuals within CalGang. 
Moreover, three agencies responded to our survey that they used 
CalGang to screen for potential employment, even though this use 
does not appear to meet the standard of need and right to know for 
a law enforcement purpose. The appropriate adding to and sharing 
of information in CalGang is critical to protecting individuals’ right 
to privacy, yet the committee has failed to fulfill its responsibility to 
ensure user agencies are effectively trained in those two functions.
We also found deficiencies with the committee’s approval of 
training content for instructors. CalGang policy requires potential 
instructors to attend a committee‑approved, train‑the‑trainer course 
and requires node administrators to verify potential instructors’ 
experience using CalGang. However, neither the committee nor 
Sonoma and Los Angeles—which are both node administrator 
agencies—could demonstrate that the committee had approved 
an instructor training course. In fact, the committee chair—who is 
also the Los Angeles node administrator—stated that a formalized 
train‑the‑trainer course does not exist. CalGang policy further 
states that instructors must complete the 24‑hour user course in 
addition to a train‑the‑trainer course. However, CalGang instructors 
cannot obtain the requisite number of training hours because the 
user training the nodes provide is just 16 hours in length, not 
the required 24. 
Finally, the committee has not required users to take periodic 
refresher trainings so that their skills remain up to date. The 
committee does not require such trainings, regardless of how 
long users have maintained CalGang access. In our statewide 
survey, 86 (46 percent) of the 186 CalGang user agencies that 
responded to this question indicated that their users could benefit 
from periodic refresher training. Further, a separate analysis we 
performed revealed that half of CalGang’s users have had accounts 
allowing their access to CalGang for six years or more. The full 
distribution of the length of time users have maintained their 
accounts is depicted in Figure 4 on the following page. By requiring 
only an initial training for users, the committee risks that users’ 
knowledge of CalGang policy will fade over time or not keep pace 
with changes, thereby jeopardizing the integrity and accuracy of 
CalGang’s information.
CalGang instructors cannot obtain 
the requisite number of training 
hours because the user training the 
nodes provide is just 16 hours in 
length, not the required 24.
California State Auditor Report 2015-130
August 2016
46
Figure 4
Age of Users’ CalGang Accounts
USER 
ACCOUNT
AGE
0–2 years
2.01–4 years
4.01–6 years
>
 6.01 years
50
%
21
%
14
%
15
%
Source: 
California State Auditor’s analysis of CalGang data obtained from the California Department of 
Justice as of November 23, 2015.
Note: 
Because CalGang did not capture user account creation dates until 2009, we were unable to 
determine the exact age of user accounts older than six years. 
Law Enforcement Agencies Have Failed to Appropriately Notify 
Necessary Parties Before Entering Juveniles Into CalGang
Because two of the four law enforcement agencies we reviewed did 
not send all legally required notices before entering juveniles into 
CalGang, many juveniles and their parents or guardians (parents) 
were not afforded the right to contest the juveniles’ gang designations. 
Further, the two agencies that sent the necessary notifications did not 
provide the juveniles and their parents with adequate information to 
contest the designations. In fact, responses to our statewide survey of 
law enforcement agencies revealed that less than 3 percent of juveniles 
or their parents contested these designations, possibly as a result of 
their notification letters not containing adequate information. Because 
the two law enforcement agencies have not complied with state law 
related to these notifications, they have limited the effectiveness of the 
juvenile notification process as a means to identify juveniles whom 
they may have mistakenly added to CalGang as gang members. 
State law effective January 1, 2014, generally requires law enforcement 
agencies to send juveniles and their parents notices before adding 
juveniles to a shared gang database, such as CalGang. Figure 5 depicts 
the juvenile notification process the state law established. This process 
requires notifying juveniles and parents or guardians of the basis for 
the juveniles’ gang designations and of their right to contest the gang 
designations. The process also describes the limited circumstances in 
which law enforcement agencies do not have to notify the juveniles 
and the parents. 

Figure 5
The Required Juvenile Notification and Contestation Process as Applied to CalGang
The agency agrees
with contestation.
Juvenile’s record
remains in CalGang.
Juvenile’s record
deleted from CalGang.
The agency disagrees
with contestation.
A law enforcement officer
determines a juvenile meets
the minimum criteria required
to be designated as a gang
member (designation).*
The law enforcement agency
(agency) sends written notice
of the designation to the
juvenile and his/her parent or
guardian (parent).
A juvenile or parent contests in
writing the juvenile’s designation.
The agency has 60 days to
review the contestation and
respond to the juvenile and parent
with written verification of the
agency’s decision.
The agency does not send a
written notice because the
notice would do one of
the following:
• Compromise an ongoing
criminal investigation.
• Compromise the juvenile’s
health or safety.
DOES AN
EXCEPTION
EXIST?
The agency adds the juvenile
to CalGang and the law
enforcement officer affirms
that the notice was sent or
an exception applied.
Sources:
California State Auditor’s analysis of the Penal Code and the CalGang juvenile-notification process.
*
A juvenile is defined as an individual who is under 18 years of age. A juvenile can be designated as a gang member or gang affiliate.
If a law enforcement officer indicates in CalGang that the agency did not send a notification because of an exception, the officer must document a
detailed reason for the exception.
Between January 1, 2014, and November 23, 2015, user agencies added
more than 2,200 juveniles to CalGang. Following January 2014, the
number of juveniles that user agencies added to CalGang dropped
significantly; from 2013 to 2014, the number decreased by 1,134, or
48 percent. In fact, the number of juveniles Sonoma and Santa Clara
each added dropped to zero. Officers at each agency asserted that they
48
California State Auditor Report 2015-130
August 2016
stopped adding juveniles to CalGang in direct response to the new
notification requirements. Specifically, the Sonoma gang enforcement
sergeant asserted that Sonoma stopped adding juveniles for reasons
that included the administrative burden and his perception that parents
frequently refuse to believe their children are associated with a gang and
would attack the agency’s motives. On the other hand, Santa Clara’s gang
sergeant asserted that his agency no longer adds juveniles to CalGang
because it does not have a notification process in place and wants to
learn from the processes other agencies have established. However, when
user agencies choose not to add juveniles to CalGang to avoid notifying
juveniles and their parents or to wait and learn from other agencies’
processes, CalGang becomes a less useful tool for protecting the public
from gang violence.
As indicated in Table 11, the two user agencies we reviewed—which were
limited to Los Angeles and Santa Ana for the reasons just described—
were unable to demonstrate that they properly sent letters before adding
juveniles to CalGang for all but 35 of the 129 records we reviewed.
Specifically, we found that Santa Ana did not send letters to juveniles,
but rather only to their parents. Based on interviews with a number
of officials, we determined that Santa Ana misinterpreted the law’s
requirements. In contrast, Los Angeles has a policy that describes a
process that meets the law’s notification requirement, but we found that
officers in the five divisions we reviewed—Los Angeles has 21 divisions
in total—did not follow the policy. Consequently, Los Angeles could
not demonstrate that it sent letters to 29 juveniles and their parents.
Moreover, Los Angeles sent notices for 50 juveniles after entering them
into CalGang instead of before, as required; in fact, in several instances,
it did not send the letters for more than a month after entering the
juveniles into CalGang. As reasons for not following state law, officials
for Los Angeles cited turnover in officer and administrative staff
positions as well as agency staff misunderstanding the requirements.
Table 11
Rates of Adherence to State Law Requiring Juvenile Gang Designation From January 2014 Through November 2015
TOTAL NUMBER OF
JUVENILES’ RECORDS
REVIEWED
RECORDS FOR WHICH
NOTIFICATION
REQUIREMENTS WERE MET
RECORDS FOR WHICH
NOTIFICATION LETTERS
WERE NOT SENT [JUVENILE
AND/OR THEIR PARENTS*]
RECORDS FOR WHICH
NOTIFICATION LETTERS
WERE SENT AFTER
CALGANG ENTRY [JUVENILE
OR THE PARENTS]
Santa Ana Police Department
15
0
15
0
Los Angeles Police Department
114
35
29
50
Totals
129
35
44
50
Percent of total juveniles’ records reviewed
————————
>
27%
34%
39%
73%
Sources:
California State Auditor’s analysis of juvenile notification letters and other documents for the law enforcement agencies listed.
*
Because state law requires law enforcement agencies to send notification letters to the juvenile and their parents or guardians (parents), this column
represents instances in which law enforcement agencies did not send letters to either party and both parties.
49
California State Auditor Report 2015-130
August 2016
We also determined that Los Angeles’s and
Santa Ana’s notices were inadequate because they
did not provide the bases the agencies used for the
juveniles’ gang designations. Although state law
requires law enforcement agencies to provide the
bases for gang designations, the law does not specify
what information the agencies need to include to
fulfill that requirement. A bill analysis on the
juvenile notification law states that the basis for a
gang designation would be source documents, such
as arrest reports and field interview cards, indicating
that the person met the criteria for being considered
a gang member. However, the notification letters
Los Angeles and Santa Ana sent offered only
conclusory language that was so vague it did not
fully inform the juveniles and parents of the contacts
or analyses that led to the designations. The text box
cites the relevant language the agencies included in
their letters to parents. Although the Los Angeles
letters invite juveniles and parents to contact an
officer with their questions, neither letter cites the
specific criteria the agency used for identifying
juveniles as members of gangs.
Without knowing law enforcement agencies’ bases
for suspecting gang membership, juveniles and
their parents do not have sufficient information
to meaningfully challenge those agencies’ decisions to add the
juveniles to CalGang. Part of the Legislature’s intent in developing
the notification process was to ensure that user agencies did not
incorrectly enter juveniles into CalGang. However, parents and
juveniles cannot contest juvenile gang designations effectively, if
at all, without knowing the criteria user agencies determined the
juveniles met. Because of the lack of information in the juvenile
notification letters, parents sometimes submitted letters that simply
stated that their children were not gang members. Other parents
submitted character references from school principals and church
leaders or descriptions of their own efforts to keep their children
away from gangs. These types of responses—which are the result
of the lack of information the user agencies provided—do not
help the agencies identify mistakes they may have made when
concluding that juveniles met the criteria for entry into CalGang.
Thus, the insufficient notification letters have disadvantaged the
law enforcement agencies, juveniles, and parents.
We found that few juveniles and parents contested gang designations
and that—contrary to state law—the two user agencies generally
responded only to the party that contested the designation which
only partially fulfilled the law. Table 12 on the following page
Excerpts From Juvenile Notification Letters Law
Enforcement Agencies Sent to Parents
Los Angeles Police Department (Los Angeles)
On __[date]__, your son/daughter, __[name]_, was involved
in a field contact by officers from the Los Angeles Police
Department. As a result, information relative to __[name]___
participation in or association with an active street gang was
discovered. The contact met the minimum criteria required
by state law to identify him/her as an active gang member
or active affiliate gang member. Therefore, his/her name
and gang affiliation will be entered into the department’s
computerized shared gang database.
Santa Ana Police Department (Santa Ana)
On __[date]__, your son/daughter, __[name]__, was
contacted by Officers from the Santa Ana Police Department.
As a result of a law enforcement officer’s investigation, your
child’s participation in or association with an active criminal
street gang has been included in our files based upon two or
more of the following criteria, including but not limited to:
arrest and/or associating with criminal street gang members,
frequenting gang area, gang indicia, statements made by a
contacted individual.
Sources:
Los Angeles’s and Santa Ana’s juvenile notification
letter templates.
California State Auditor Report 2015-130
August 2016
50
summarizes the number and rate of contested juvenile gang
designations for Los Angeles and Santa Ana, as well as the results
from our survey of 329 law enforcement agencies. Santa Ana’s higher
rate of contestations may be the result of its notification process.
Specifically, it sends notices to parents each time a contact with a
law enforcement officer results in an update to a juvenile’s CalGang
record. This process, which results in multiple letters to parents,
exceeds the requirements of state law. Although the law requires
that agencies inform both juveniles and parents of their decisions
in response to contestations, we found that the two user agencies
generally responded only to the party that contested the designation.
Table 12
Contestations of Juvenile Gang Designations at Two Law Enforcement
Agencies and Statewide From January 1, 2014, Through October 31, 2015
LOS ANGELES POLICE
DEPARTMENT
(LOS ANGELES)
SANTA ANA POLICE
DEPARTMENT
(SANTA ANA)
STATEWIDE
SURVEY
RESULTS*
Number of juveniles
381
140
1,705
Number of contestations received
5
19
47
Contestation rate
1%
14%
3%
Number of juveniles removed from
CalGang in response to a contestation
0
7
15
Sources:
California State Auditor’s analysis of Los Angeles’s and Santa Ana’s juvenile notification
records and other documents, and unaudited statewide survey results.
*
These numbers represent self-reported data from our statewide survey.
Santa Ana’s process requires it to send a letter to a juvenile’s parents for each law enforcement
contact the juvenile has that results in it creating or updating a CalGang record. Sending multiple
letters to parents likely contributed to the higher contestation rate in Santa Ana.
Although the law provides two reasons to justify law enforcement
agencies’ decisions not to notify juveniles and their parents before
adding the juveniles into CalGang, we found that the user agencies
rarely use these options. Specifically, as Figure 5 on page 47 illustrates,
law enforcement agencies can choose not to notify juveniles and
their parents if they believe doing so will compromise either ongoing
criminal investigations or the juveniles’ health or safety. However,
based on our reviews of Santa Ana and Los Angeles, as well as
the responses from our statewide survey, we determined that law
enforcement agencies rarely choose not to send notices for these
two reasons. In fact, Santa Ana has not used either option since the
law went into effect in 2014, and Los Angeles documented using
these options for just five juveniles. Further, the responses from
our survey suggest that user agencies statewide documented only
10 additional instances in which the agencies justified not sending
notices for the exceptions provided in law.
51
California State Auditor Report 2015-130
August 2016
In response to our concerns about their juvenile notification
practices, officials with Los Angeles and Santa Ana asserted
they would take corrective actions. A detective who serves as
the Los Angeles node administrator is working to implement a
juvenile notification review process in which staff will review
all juveniles Los Angeles officers entered since January 1, 2014 and
document whether officers fulfilled the requirements of state law.
If juveniles do not meet the law’s requirements, the detective’s plan
is to delete the juvenile, send proper notification, and reenter the
juvenile into CalGang. The detective is also planning to implement
a process in which he will review some juveniles each month to
ensure adherence to the law’s requirements.
Similarly, a commander from Santa Ana provided updated letter
templates for both juveniles and their parents. However, the letters’
text still does not provide the bases for the juvenile’s designation as
a gang member. According to the commander, Santa Ana chose not
to include more specific information because it believes the letter
gives parents and juveniles a sense of the behavior that led to the
juveniles’ contacts with the law enforcement officers. He also stated
that providing specifics about contacts would focus arguments on
the contacts or incentivize juveniles to stop certain behaviors purely
to prevent police detection, which are outcomes he does not believe
would be productive. He stated that the benefit of the juvenile
notification law is the conversations it can initiate among parents,
juveniles, and law enforcement officers related to the resources
the agency may provide to keep the juveniles away from and out
of gangs. However, we believe that for these conversations to be
productive, parents need specific information about the nature of
their children’s contacts with law enforcement officers.
Notwithstanding Los Angeles’s and Santa Ana’s failures to properly
implement state law, we recognize that both agencies have
demonstrated a commitment to the juveniles they suspect
are gang members. Los Angeles has contacted parents about
juveniles’ gang designations through letters, calls, or in‑person
meetings since at least 1998. Moreover, the letters Los Angeles
currently sends to parents and juveniles invite them to contact
officers about questions and to learn about community programs.
Similarly, since about 1989 Santa Ana has notified juveniles that
their involvement with gangs could subject them to criminal
prosecution. Although this notice does not reference CalGang, it
makes very clear that the agency has determined the juveniles are
a part of or associated with specific gangs; in fact, the agency uses
documentation from these notices to add individuals to CalGang.
After the implementation of the juvenile notification law in 2014,
Santa Ana exceeded the law’s requirements by notifying parents after
each contact juveniles had with police that resulted in updates to
their records.
In response to our concerns about
their juvenile notification practices,
officials with Los Angeles and
Santa Ana asserted they would take
corrective actions.
CalGang instructors cannot obtain
the requisite number of training
hours because the user training the
nodes provide is just 16 hours in
length, not the required 24.
California State Auditor Report 2015-130
August 2016
52
Moreover, Santa Ana’s process when it receives a contestation
letter represents a best practice that we believe could be the
basis for statewide standards. Specifically, at Santa Ana a police
investigator assembles background information on the juvenile’s
case, and a corporal calls the family to discuss the juvenile’s entry
into CalGang. Following the review and conversation, the corporal
decides whether the juvenile should remain in CalGang. Santa Ana’s
approach has resulted in it removing from CalGang more than a
third of the juveniles who were the subject of contestations by the
juveniles or their parents. This approach establishes relationships
that can lead to a better understanding of juveniles’ situations for
both the officers and the families, and it also achieves greater data
accuracy for the law enforcement agencies using CalGang.
Governmental Oversight and Increased Public Participation Could
Strengthen CalGang’s Usefulness and Better Ensure It Protects
Individuals’ Rights
State and local law enforcement officials assert that CalGang is an
important tool because it helps them to quickly identify information
necessary to solve or prosecute gang crimes. User agencies’ success
stories chronicle how they used CalGang to identify homicide
victims and suspects through physical descriptions, like their
tattoos, and to link local crimes to suspects or to crimes in other
communities. For example, an officer in Salinas posted a testimonial
in CalGang noting that he used CalGang to identify a murder
suspect using a name, physical description, and believed gang
affiliation. Witnesses then verified the suspect in a photo lineup,
leading to his arrest for murder. Upon conviction, the courts
sentenced the man with gang enhancements—years added to a
prison term when an individual commits a crime to promote or
assist a gang. The officer praised CalGang and encouraged other
CalGang users to provide as much information as possible in
their CalGang entries because even a minor gang contact could
help solve a murder.
However, because of its potential to enhance public safety, CalGang
needs an oversight structure that better ensures that the data entered
into it are reliable and that its users adhere to the requirements that
protect individuals’ rights. To this end, we believe the Legislature
should adopt state law that specifies that CalGang, or any equivalent
statewide shared gang database, must operate under defined
requirements.
We believe these requirements should encompass the
federal regulations and key safeguards from the state guidelines,
including supervisory and periodic record reviews. Further, we
believe state law should assign Justice the responsibility for overseeing
CalGang and for ensuring user agencies meet all the relevant
requirements. Establishing Justice as a centralized oversight entity
We believe state law should be
adopted that assigns Justice the
responsibility for overseeing
CalGang and for ensuring
user agencies meet all the
relevant requirements.
53
California State Auditor Report 2015-130
August 2016
responsible for establishing best practices and holding user agencies
accountable for implementing these practices will help ensure
CalGang’s accuracy and safeguard individuals’ privacy protections.
Moreover, we believe state law should create a technical advisory
committee to provide Justice information about CalGang’s use and
user agencies’ needs. Figure 6 on the following page illustrates what, in
our view, would be a stronger oversight structure for CalGang.
The Legislature also has an opportunity to set standards for
transparency and public participation where none currently
exist. Generally, CalGang’s current operations are outside of
public view. As previously discussed, we found that the CalGang
users self‑administer the committee’s audits and that they do not
meaningfully report the results to the board, the committee, or the
public. Further, CalGang’s governance does not meet in public, and
neither the board nor the committee invites public participation by
posting meeting dates, agendas, or reports about CalGang.
Increased transparency in CalGang’s governance and operations
could strengthen the public’s confidence in the system. For example,
although the proposed technical advisory committee would likely
need to close parts of its meetings to protect criminal intelligence
information, we believe other parts of its meetings should be open
and should comply with open‑meeting requirements. Further,
requiring Justice either to conduct or to hire an external entity to
conduct periodic audits would shed light on aspects of CalGang’s
privacy safeguards that do not operate effectively and should help
lead to necessary corrective actions. In addition, we recommend
that the Legislature require Justice to develop annual reports that
include CalGang statistics and summary‑level audit results. Justice
should make these reports available for public comment and, in
subsequent annual reports, summarize public concerns and the
actions Justice has taken to address them.
Finally, establishing CalGang as a public program would create
opportunities for public participation through the legislative and
regulatory processes. As the Legislature drafts the bill that will
provide for CalGang’s new oversight structure and framework,
law enforcement officials and the public will have opportunities to
express their concerns and needs. Using the regulatory process
to establish requirements for user agencies will provide the public
and law enforcement agencies an opportunity to comment on and
help guide how the requirements are developed.
Increased transparency in CalGang’s
governance and operations could
strengthen the public’s confidence
in the system.
54
California State Auditor Report 2015-130
August 2016
Figure 6
A Model for More Transparent and Accountable Oversight for a Shared Gang Database
THE LEGISLATURE
Key Legislative Actions
Establish requirements for CalGang, or any equivalent statewide
shared gang database, in state law as detailed below.
Require the database to comply with federal regulations and
important safeguards from the state guidelines.*
Public process
Non-public process
Oversee
Collaborate
Key Requirements to be Specified in Law
JUSTICE
Engage in a regulatory process to define important
requirements like gang member criteria.
Conduct or hire an external entity to conduct
periodic audits.
Standardize training and ensure it is periodically
provided to all end users.
Publish an annual report with key statistics and
summary audit results. Invite, assess, and act on
public comments.
USERS
Implement supervisory review procedures.
Implement periodic record reviews and
report the results to Justice.
Key Requirements to be Specified in Law
TECHNICAL
ADVISORY COMMITTEE
Advise Justice of best practices, database use,
and database needs.
Periodically review policies and procedures to
provide suggestions to Justice for their
improvement.
Obtain public input when appropriate.
Key Requirements to be Specified in Law
Make the California Department of
Justice (Justice) responsible for the database
Create a technical
advisory committee
LAW
Voluntarily
participate
Source:
Based on the California State Auditor’s recommendations to the Legislature.
*
State guidelines refers to Justice’s
Model Standards and Procedures for Maintaining Cri