After the first nine months of sales to the public, the Commission shall engage an independent firm experienced in security procedures, including, but not limited to, computer security and systems security, to conduct a comprehensive study and evaluation of all aspects of security in the operation of the Lottery. This study shall include, but not be limited to, personnel security, Lottery Game Retailer security, Lottery Contractors security, security of manufacturing operations of Lottery Contractors, security against ticket counterfeiting and alterations and other means of fraudulently winning, security of drawings, computer security, data communications security, data base security, security controls and physical security, security in distribution, security involving validation and payment procedures, security involving unclaimed prizes, security aspects applicable to each particular Lottery Game, security against locating winners in Lottery Games having preprinted winners, and any other aspects of security applicable to the Lottery and its operations. The portion of the report containing the overall evaluation of the Lottery in terms of each aspect of security shall be presented to the Commission, the Governor, the Controller, the Treasurer, the Attorney General, and the Legislature. The portion of the report containing specific recommendations shall be exempt from public disclosure and shall be presented only to the Commission, the Attorney General, the Controller and the Governor. Upon request, all materials and data used in the production of the report shall be made available to the Commission, the Attorney General, the Controller, and the Governor. Similar audits of security shall be conducted every two years after the completion of the first audit.
Ca. Gov. Code § 8880.46