2024 California Rules of Court
Rule 2.523. Identity verification, identity management, and user access
(a) Identity verification required
Except for remote access provided to a party's designee under rule 2.518, before allowing a person who is eligible under the rules in article 3 to have remote access to electronic records, a court must verify the identity of the person seeking access.
(b) Responsibilities of the court
A court that allows persons eligible under the rules in article 3 to have remote access to electronic records must have an identity verification method that verifies the identity of, and provides a unique credential to, each person who is permitted remote access to the electronic records. The court may authorize remote access by a person only if that person's identity has been verified, the person accesses records using the credential provided to that individual, and the person complies with the terms and conditions of access, as prescribed by the court.
(c) Responsibilities of persons accessing records
A person eligible to be given remote access to electronic records under the rules in article 3 may be given such access only if that person:
(1) Provides the court with all information it directs in order to identify the person to be a user;
(2) Consents to all conditions for remote access required under article 3 and by the court; and
(3) Is authorized by the court to have remote access to electronic records.
(d) Responsibilities of the legal organizations or qualified legal services projects
(1) If a person is accessing electronic records on behalf of a legal organization or qualified legal services project, the organization or project must approve granting access to that person, verify the person's identity, and provide the court with all the information it directs in order to authorize that person to have access to electronic records.
(2) If a person accessing electronic records on behalf of a legal organization or qualified legal services project leaves his or her position or for any other reason is no longer entitled to access, the organization or project must immediately notify the court so that it can terminate the person's access.
(e) Vendor contracts, statewide master agreements, and identity and access management systems
A court may enter into a contract with a vendor to provide identity verification, identity management, or user access services. Alternatively, courts may use a statewide identity verification, identity management, or access management system, if available, or a statewide master agreement for such systems, if available.
Rule 2.523 adopted effective January 1, 2019.
Advisory Committee Comment
Subdivisions (a) and (d). A court may verify user identities under (a) by obtaining a representation from a legal organization or qualified legal services project that the legal organization or qualified legal services project has verified the user identities under (d). No additional verification steps are required on the part of the court.