Cybersecurity Legislation 2018

2/8/2019

The word security on a circuit boardCybersecurity continues to be a concern for government and the private sector. It has enormous implications for government security, economic prosperity and public safety.

States are addressing cybersecurity through various initiatives, such as providing more funding for improved security measures, requiring government agencies or businesses to implement specific types of security practices, increasing penalties for computer crimes, addressing threats to critical infrastructure and more.

2018 Introductions: At least 35 states, D.C. and Puerto Rico introduced/considered more than 265 bills or resolutions related to cybersecurity. Some of the key areas of legislative activity include: 

  • Improving government security practices.
  • Providing funding for cybersecurity programs and initiatives.
  • Restricting public disclosure of sensitive government cybersecurity information.
  • Promoting workforce, training, economic development.

At least 22 states have enacted 52 bills so far in 2018 (as indicated by bill status in bold below).

NOTE: Please check individual legislative websites for the most current status, summaries and versions of bill text.

2018 Cybersecurity Legislation

Arizona

AZ EO 3
Creates the State Cybersecurity Team; relates to securing information online and protecting citizens; relates to the continuous advisement to the Governor on cybersecurity issues; advises on federal resources available to combat cybersecurity threats; establishes a team with specific members appointed by the Governor.

California

CA A 1678
Status: Enacted, Chap. 2018-96
Requires the Secretary of State to adopt regulations describing best practices for storage and security of voter registration information received by an applicant. Requires a person or entity who has received voter registration information pursuant to an application to disclose a breach in the security of the storage of the information to the Secretary of State. Makes it a misdemeanor to distribute misleading or false information to a voter.

CA A 1859
Status: Enacted, Chap. 2018-532
Requires a consumer credit reporting agency that owns, licenses, or maintains personal information about a state resident, or an entity that has a contract with a consumer credit reporting agency and maintains personal information on behalf of a reporting agency that poses a significant risk to a breach in the system, to take certain measures to protect that data. Provides for civil action to recover damages, civil penalties, and attorney's fees.

CA A 1906
Status: Enacted, Chap. 2018-860
Requires a manufacturer that sells or offers to sell a connected device in California to equip the connected device with a reasonable security feature or features appropriate to the nature and function of the device that is designed to protect the device from unauthorized remote access or use. Provide that equipping a connected device with a means for authentication outside a local area network is deemed a reasonable security feature if it meets certain requirements.

CA A 2225
Status: Enacted, Chap. 2018-535
Requires the Secretary of State, in consultation with the Department of Technology, to approve and adopt appropriate uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media. Requires that cloud computing to be defined by the Department of Technology based on industry-recognized standards. Imposes certain requirements on a cloud computing storage service used by agencies.

CA A 2678
Status: Failed-adjourned
Requires a computerized data security breach notification provided to an affected person, if the breach exposed or may have exposed specified personal information, to include, among other things, notice that the affected person may elect to place a security freeze on his or her credit report. Provides that if the person or business was the source of the breach, an explanation of how a security freeze differs from the identity theft prevention and mitigation services is required.

CA A 2748
Status: Failed--adjourned.
Requires the Office of Information Security in the Department of Technology, the Office of Emergency Services, and the State Military Department to establish a pilot program to conduct, or require to be conducted, an independent security assessment of election infrastructure in counties that voluntarily choose to participate in the pilot program. Requires the transmission of the complete results of security assessments to the elections official of the relevant county.

CA A 2812
Status: Failed--adjourned.
Creates the Office of Local Cloud Migration and Digital Innovation in the Department of Technology. Requires the Office to promote the use of technologies including cloud based computing and data storage that will assist local agencies in their efforts to further transparency, efficiency, disaster preparedness and response, and general accessibility to the public. Requires the Office to partner with private industry and the nonprofit community to maximize the assistance provided to local agencies.

CA A 2813
Status: Enacted. Chap. 2018-768
Establishes in statute the California Cybersecurity Integration Center within the Office of Emergency Services to reduce the likelihood and severity of cyber incidents that could damage California's economy, its critical infrastructure, or public and private sector computer networks in the state.

CA A 3075
Status: Enacted. Chap. 2018-241
Creates within the Secretary of State the Office of Elections Cybersecurity to coordinate efforts between the Secretary of State and local elections officials to reduce the likelihood and severity of cyber incidents that could interfere with the security or integrity of elections in the state.

CA A 3193
Status: Status: Failed--adjourned.
Revises an implementation requirement to provide that all state agencies must implement and comply with the policies and procedures issued by the State Chief Information Officer.

CA S 327
Status: Enacted. Chap. 2018-886
Requires a manufacturer of a connected device to equip such device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.

CA S 532
Status: Enacted. Chap. 2018-557
Relates to the California Emergency Services Act. Provides for adding cyberterrorism within those conditions constituting a state of emergency and a local emergency.

Colorado

CO E.O. 2
Declares a disaster emergency due to the Department of Transportation cybersecurity incident in the state, authorizes deployment of the National Guard and use of the Emergency Management Assistance Compact.

CO E.O. 29
Activates the National Guard for the purpose of ensuring election security.

CO H 1200
Status: Enacted. Chap. 379
Concerns cybercrime, criminalizes using a computer to engage in prostitution of a minor, criminalizing skimming payment cards, and making changes to the penalty structure for cybercrime, changes the name of the crime computer crime to cybercrime, makes soliciting, arranging, or offering to arrange a situation in which a minor may engage in prostitution, by means of using a computer, computer network, computer system, or any part thereof, a cybercrime.

CO S 86
Status: Enacted. Chap. 319
Concerns the use of cyber coding cryptology for the transmission and storage of state records, requires the Chief Information Security Officer, the Director of OIT, the Department of State, and the Department of Regulatory Agencies to take certain actions to protect state records containing trusted sensitive and confidential information from criminal, unauthorized, or inadvertent manipulation or theft, makes an appropriation.

Connecticut

CT S 441
Status: Failed--adjourned.
Concerns an inventory of the state's cybersecurity job training pipeline, requires the Department of Economic and Community Development, in collaboration with state Innovations, Incorporated, the Department of Education, the Board of Regents for Higher Education and The University of Connecticut, to conduct an inventory of the educational resources available in the state to prepare students for careers in the cybersecurity field.

Florida

H.B. 755
Status: Enacted, Chap. 60
Relates to public records; provides an exemption from public records requirements for information obtained by persons or agencies from the First Responder Network Authority and information relating to the Nationwide Public Safety Broadband Network.

FL H 1127
Status: Enacted, Chap. 65
Relates to public records; provides an exemption from public records requirements for certain records held by the Citizens Property Insurance Corporation which identify detection, investigation, or response practices for suspected or confirmed information technology security incidents; provides retroactive application.

FL H 2125
Status: Failed - Adjourned
Relates to the Appropriations Project titled University of West Florida - Cybersecurity Support, provides an appropriation.

FL H 3355
Status: Failed - Adjourned
Relates to the Appropriations Project titled Computer Mentors Group Youth Cyber Security and effective date.

FL H 4045
Status: Failed - Adjourned
Relates to the appropriations project titled Miami Dade College, Cybersecurity Training Center, provides an appropriation.

FL H 5001
Status: Enacted. Chap. 9
Makes appropriations, provides moneys for the annual period beginning July 1, 2018, and ending June 30, 2019, and supplemental appropriations for the period ending June 30, 2018, to pay salaries, and other expenses, capital outlay for buildings, and other improvements, and for other specified purposes of the various agencies of state government.

FL S 1880
Status: Failed
Relates to public records, provides an exemption from public records requirements for certain records held by the Citizens Property Insurance Corporation which identify detection, investigation, or response practices for suspected or confirmed information technology security incidents.

FL S 608
Status: Failed
Relates to public records, establishes the Identity Theft and Fraud Protection Act, requires an agency to review information susceptible to use for purposes of identity theft or fraud before making postings to a publicly available website, prohibits an agency from posting an image or a copy of a public record containing information susceptible to use for purposes of identity theft or fraud to a publicly available website.

Georgia

GA S 315
Status: Vetoed
Relates to computer crimes, states that any person who intentionally accesses a computer or computer network with knowledge that such access is without authority shall be guilty of the crime of unauthorized computer access.

GA SR 318
Status: Failed - Adjourned
Creates the Senate Cyber Challenge Study Committee.

GA SR 454
Status: Failed - Adjourned
Creates the Senate Cyber Challenge Study Committee.

GA SR 929
Status: Failed - Adjourned
Creates the Joint Study Committee on Cyber Security Legislation.

Hawaii

HI H 598
Status: Failed--adjourned.
Authorizes the University of Hawaii to participate in and contribute funding for activities related to the development of a Hawaii cyber ecosystem and other related aspects of cyber security.

HI S 955
Status: Failed--adjourned.
Relates to homeland security, adds the fusion center as a program under the existing Office of Homeland Security, establishes the position of director of the fusion center who shall be responsible to the director of homeland security and accountable to manage the day-to-day operations of the fusion center.

HI H 1089
Status: Failed--adjourned.
Provides that the state of Hawaii, as a strategic location in the pacific, have all information necessary to guard against those who would do harm to the country and to the state, provides that the Hawaii State Fusion Center be fully staffed and supported, adds the fusion center as a program under the existing Office of Homeland Security, establishes the position of director of the fusion center who shall be responsible to the Director of Homeland Security and accountable to manage the day-to-day.

HI H 2078
Status: Failed--adjourned.
Authorizes and provides funding for the Technology Development Corporation to participate in and contribute funding for the development of a statewide cyber ecosystem and related aspects of cybersecurity.

HI H 2091
Status: Failed--adjourned.
Establishes the Hawaii State Fusion Center (Center) as a program under the Office of Homeland Security and establishes the position of Hawaii State Fusion Center Director who shall be state-funded, responsible to the Director of Homeland Security, and accountable to manage the operations of the Center.

HI SCR 46
Status: Failed--adjourned.
Requests the Office of Elections to conduct a security audit of Hawaii's voting system.

Iowa

IA H 366
Status: Failed--adjourned.
Provides for state employee cyber security briefings for certain travel outside the country.

IA H 558
Status: Failed--adjourned.
Concerns the Office of the Chief Information Officer relating to designation of certain information technology staff, background checks, and the technology advisory council.

IA H 2252
Status: Enacted. Chap. 1149
Changes the requirements for membership on the board of examiners for voting systems, allowing one member to have been trained in cybersecurity rather than requiring training in computer programming and operations.

IA HSB 76
Status: Failed--adjourned.
Relates to public utilities and other infrastructure, includes the confidentiality of certain information relating to such infrastructure, the authority of utilities to make temporary rate changes, and presiding officers at public information meetings held for electric transmission line franchise petitions.

IA HSB 119
Status: Failed--adjourned.
Concerns the Office of the Chief Information Officer relating to designation of certain information technology staff, background checks, and the technology advisory council.

IA HSB 185
Status: Failed--adjourned.
Provides for the confidentiality of certain cyber security and critical infrastructure information developed and maintained by a government body.

IA SSB 1045
Status: Failed--adjourned.
Relates to public utilities and other infrastructure, relates to the confidentiality of certain information relating to such infrastructure, the authority of utilities to make temporary rate changes, and presiding officers at public information meetings held for electric transmission line franchise petitions.

IA SSB 1105
Status: Failed--adjourned.
Concerns the office of the chief information officer, relates to designation of certain information technology staff, background checks, and the technology advisory council.

Idaho

ID H 606
Status: Enacted. Chap. 142
Amends the Open Meeting Law, revises the definition of public agency, provides that the Cybersecurity Task Force or a committee awarding the state medal of achievement shall not constitute a public agency.

ID H 607
Status: Enacted. Chap. 258
Revises provisions relating to information technology services, provides for the Office of Information Technology Services, provides for the receipt of payment for services to units of state government, provides for advance payments and interaccount transactions, provides for the State Technology Authority, provides for responsibility of the integrated property records system.

Illinois

IL S 3068
Status: Pending
Appropriates funding from the General Revenue Fund to the State Board of Elections for grants to county clerks and boards of election commissioners for the funding of election cybersecurity infrastructure for the fiscal year beginning July 1.

IL H 3158
Status: Failed - Adjourned
Amends the Public Utilities Act, requires public water utilities operating in this State to file annually to the commerce Commission a report analyzing the risk and vulnerability of the State's water supply to cyber attack, specifies the information to be provided in the report, requires the reports to be submitted to the Commission by a specified date of each year, and for the Commission to post the reports on its publicly accessible website, allows the Commission to adopt rules to implement.

IL H 3342
Status: Enacted, Chap. 587
Makes changes in state programs that are necessary to implement the state budget; relates to cyber security.

IL H 3737
Status: Failed - Adjourned
Creates the Government Cybersecurity Review Act, creates the Division of Cybersecurity Inspection within the Department of Innovation and Technology, provides that the Division shall review all websites operated by certain State agencies to determine whether cybersecurity flaws and data breach risks exist, provides that, if the Division finds that a flaw or data breach risk exists, the Division may issue an order to the State agency to cease operation of the website until certain requirements are met.

IL H 4861
Status: Failed - Adjourned
Appropriates funding from the General Revenue Fund to the State Board of Elections for grants to county clerks and boards of election commissioners for the funding of election cyber security infrastructure for the fiscal year beginning July 1, 2018.

IL H 5090
Status: Failed - Adjourned
Appropriates funds from the Technology Management Revolving Fund to the Office of the Executive Inspector General for the purpose of assessing state agency cyber security practices.

IL H 5093
Status: Enacted, Public Act 1169
Creates the Information Security Improvement Act, creates the Office of the Statewide Chief Information Security Officer within the Department of Innovation and Technology, provides for the duties and powers of the Office, creates the position of Statewide Chief Information Security Officer to serve as the head of the Office.

IL H 5547
Status: Enacted, Chap. 914
Amends the State Auditing Act, provides that on a biennial basis, the Auditor General shall conduct a performance audit of state agencies and their cybersecurity programs and practices, with a particular focus on agencies holding large volumes of personal information, provides for the subjects to be assessed by the audit, provides for the issuance of an audit report.

IL HJR 27
Status: Failed - Adjourned
Creates the Cybersecurity Task Force to study the status, progress, and future of cybersecurity.

IL HJR 59
Status: Adopted
Creates the International Cybersecurity Task Force within the Commerce Commission to review the Joint Analysis Report from the U.S. Department of Homeland Security and the Federal Bureau of Investigation dated December 29, 2016 and entitled Grizzly Steppe - Russian Malicious Cyber Activity and develop strategies to either implement or reject the report recommendations, makes changes to who is to appoint to Co-Chair of the Task Force and to the membership of the committees.

IL S 1410
Status: Failed - Adjourned
Amends the Police Training Act, provides that the curriculum for probationary police officers offered by all certified schools shall include courses on cyber crimes and crimes committed with personal technology devices, provides that the Law Enforcement Training Standards Board may conduct or approve a training program in personal technology devices for law enforcement officers of local government agencies, provides that the program shall train law enforcement officers to identify and investigate issues.

IL S 2651
Status: Enacted, Chap. 623
Amends the Election Code; requires each election authority to submit information on the voting equipment used within their jurisdiction; provides for cybersecurity efforts; provides for mail in ballots.

IL S 3068
Status: Failed - Adjourned
Appropriates funding from the General Revenue Fund to the State Board of Elections for grants to county clerks and boards of election commissioners for the funding of election cybersecurity infrastructure for the fiscal year beginning July 1, 2018.

IL S 3202
Status: Failed - Adjourned
Amends the Criminal Code of 2012, creates the offense of cyber extortion, provides that a person commits cyber extortion when he or she, with the intent to unlawfully extort money, property, or anything of value from another person, knowingly creates, places, or introduces without authorization into a computer, computer system, or computer network computer software that is designed to encrypt, lock, or otherwise restrict access or use in any way by an authorized user of the computer.

IL S 3203
Status: Failed - Adjourned
Amends the Criminal Code of 2012, creates the offense of cyber terrorism, provides that a person commits the offense when he or she with the intent to intimidate or coerce a civilian population, influence the policy of a unit of government by intimidation or coercion, or affect the conduct of a unit of government, commits any of the offenses defined in the computer crimes provisions of the Code.

IL S 3204
Status: Failed - Adjourned
Creates the Consumer Credit Reporting Agency Registration and Cybersecurity Program Act, provides for requirements for consumer credit reporting agency registration, contains provisions regarding grounds for revocation and suspension of a registration, provides that by January 1, 2019, a consumer credit reporting agency must have a cybersecurity program documented in writing and designed to protect the confidentiality, integrity and availability of its information systems.

Indiana

IN H 1112
Status: Failed--adjourned
Relates to cybersecurity; establishes the cyber civilian corps and the cyber civilian corps advisory board; requires the cyber civilian corps to provide rapid response assistance, upon request to an Indiana governmental, educational, nonprofit, or business organization, to a cybersecurity incident; places the cyber civilian corps program under the supervision of the Indiana management and performance hub.

IN S 362
Status: Enacted. Chap. 126
Relates to the regulation of new water and wastewater systems, provides that a water or wastewater utility that begins providing service to the public, after a specified date, is subject to the jurisdiction of the State Utility Regulatory Commission, provides for rates and charges, and other matters, for a specified period, beginning on the day on which the water or wastewater utility begins providing service to the public.

Kansas

KS H 2331
Status: Failed--adjourned.
Concerns information systems and communications, creates the representative Jim Morrison cybersecurity act, relates to digital information security for the executive branch agencies, establishes the information security office, establishes the cybersecurity state fund and cybersecurity state grant fund in the state treasury, creates the information technology enterprise, relates to consolidation and transfer of certain executive branch information technology staff, resources, functions and powers.

KS H 2359
Status: Failed--adjourned.
Makes and concerns appropriations for the fiscal years ending June 30, 2018, June 30, 2019, and June 30, 2020, for state agencies, authorizes certain transfers, capital improvement projects and fees, imposing certain restrictions and limitations, and directing or authorizing certain receipts, disbursements, procedures and acts incidental to the foregoing.

KS H 2365
Status: Failed--adjourned.
Makes appropriations for FY 2018 through FY 2024 for state agencies, authorizes and directs payment of certain claims against the state, authorizes certain transfers, capital improvement projects and fees, imposes certain restrictions and limitations, directs or authorizes certain receipts, disbursements, procedures and acts incidental to the foregoing.

KS H 2560
Status: Failed
Enacts the Kansas Cybersecurity Act.

KS H 2675
Status: Failed--adjourned.
Relates to interstate voter registration crosscheck program, relates to fee, relates to cybersecurity fund.

KS S 204
Status: Failed--adjourned.
Enacts the Kansas cybersecurity act.

KS S 342
Status: Failed--adjourned.
Enacts the Kansas cybersecurity act.

KS S 56
Status: Enacted, Chap. 97
Establishes the Cybersecurity Act, establishes the State Information Security Office, revises the membership of the Information Technology Executive Council.

Kentucky

KY H 200
Status: Enacted. Chap. 169
Relates to the State/Executive Branch Budget: Detail Part I, Operating Budget, appropriates money to General Government.

KY H 244
Status: Enacted. Chap. 78
Establishes the Division of Enterprise Portfolios within the newly established Office of IT Architecture and Governance, establishes the Offices of Project Management, IT Services and Delivery, IT Architecture and Governance, the Chief Information Security Officer, KY Business One Stop, abolishes the Offices of Enterprise Technology, Infrastructure Services, Application Development, Chief Information Officer, and Information Technology Service Management.

Louisiana

LA H 601
Status: Enacted, Chap. 712
Revises provisions relating to election officials; prohibits the disclosure of specified information by the Registrar of Voters, Clerk of Court, and Department of State relating to the security and integrity of the state voter registration computer system, the election management system, and voting equipment.

Massachusetts

MA H 1985
Status: Failed - Adjourned
Protects the privacy and security of biometric information.

MA H 2668
Status: Failed - Adjourned
Relates to legislation to provide procurement preference to vendors that carry cybersecurity insurance.

MA H 2813
Status: Failed - Adjourned
Relates to the security of personal financial information.

MA H 2814
Status: Failed - Adjourned
Relates to amending certain statutes pertaining to data security breaches and calling for an investigation by a special commission on cybersecurity to assess the various threats across the Commonwealth.

MA H 3365
Status: Failed - Adjourned
Establishes a task force to study the need for increased cyber security within government agencies.

MA H 4702
Status: Failed - Adjourned
Provides funding for the Massachusetts Cybersecurity Innovation Fund.

MA H 4714
Status: Failed - Adjourned
Provides funding for the Massachusetts Cybersecurity Innovation Fund.

MA S 149
Status: Failed - Adjourned
Relates to the security of personal financial information.

MA S 2060
Status: Failed - Adjourned
Relates to forming a special senate committee to review and make recommendations for the state to improve its cyber security readiness, enhance technological responses to homeland security and public safety threats, and further protect financial, medical and other sensitive information.

MA S 2076
Status: Failed - Adjourned
Makes appropriations for the Fiscal Year 2018 for the maintenance of the departments, boards, commissions, institutions, and certain activities of the Commonwealth, for interest, sinking fund, and serial bond requirements, and for certain permanent improvements.

MA S 2091
Status: Failed - Adjourned
Submits the majority report on the Governor's Reorganization Plan Number 2 of 2017, an act to reorganize the information technology function of the Commonwealth and to improve data security, safeguard privacy, and promote better service delivery.

MA S 2622
Status: Failed - Adjourned
Provides funding for the Massachusetts Cybersecurity Innovation Fund.

MA S 2656
Status: Failed - Adjourned
Submits a report of the Special Senate Committee on Cyber Security Readiness with its finding and recommendations.

Maryland

MD H 364
Status: Failed - Adjourned
Allows a subtraction modification under the State income tax for certain capital gain income realized on the disposition of an investment in a certain cybersecurity company, authorizes certain Buyers of certain technology to claim a credit against the State income tax equal to 50% of certain costs incurred to purchase certain technology, requires the Secretary of Commerce to approve certain applications for the credits.

MD H 456
Status: Failed
Adds certain offenses involving computers to the list of offenses on which a charge of murder in the first degree can be based, prohibits the creation of or unauthorized introduction into a computer, computer system, or computer network software designed to inhibit access or use by an authorized user of a computer, computer system, or computer network for the purpose of extorting money, property, or anything of value from another, establishes a certain penalty, applies the Act prospectively.

MD H 767
Status: Failed-adjourned
Requires the State Board of Elections to conduct an annual audit of certain voter registration infrastructure to identify any security vulnerabilities; requires the State Board to mitigate any security vulnerabilities identified in the audit; requires the State Board to upgrade or replace certain voter registration infrastructure at certain times; prohibits a voting machine from being used in an election if more than 10 years have elapsed after the date the voting machine was manufactured.

MD H 1331
Status: Enacted, Chap. 524
Requires the State Administrator of Elections to submit a report to the Department of Information 11 Technology within a specified period of time after becoming aware of a security violation involving an election system, requires certain information to appropriate persons and the State Administrator be forwarded within a certain period of time after receiving a report submitted by the State Board, authorizes the Secretary of Information Technology to require that certain information remain confidential.

MD H 1819
Status: Enacted, Chap. 566
Establishes the Cyber Warrior Diversity Program at Baltimore City Community College, Bowie State University, Coppin State University, Morgan State University, and the University of Maryland Eastern Shore, requires certain institutions of higher education to jointly hold a National Cyber Warrior Diversity Conference.

MD H 695
Status: Enacted. Chap. 304
Authorizes a public body to meet in a closed session to discuss cybersecurity, if the public body determines that public discussion would constitute certain risks.

MD H 874
Status: Enacted. Chap. 281
Requires the Executive Director of the Department of Legislative Services to ensure that the responsibilities of the Department are carried out, alters those offices that comprise the Department, alters certain duties of the Department to review certain reporting requirements, establishes the Office of Operations and Support Services to supervise certain support services to the General Assembly, provides that the Office of Policy Analysis is not required to prepare an analysis of certain enabling acts.

MD H 1331
Status: Enacted, Chap. 524
Requires the State Administrator of Elections to submit a report to the Department of Information 11 Technology within a specified period of time after becoming aware of a security violation involving an election system; requires certain information to appropriate persons and the State Administrator be forwarded within a certain period of time after receiving a report submitted by the State Board; authorizes the Secretary of Information Technology to require that certain information remain confidential.

MD S 204
Status: Enacted, Chap. 415
Establishes the Cybersecurity Public Service Scholarship Program, specifies the purpose of the Program, requires the Office of Student Financial Assistance in the Maryland Higher Education Commission to administer the Program, specifies certain eligibility requirements for an applicant to the Program, authorizes a certain scholarship award to be used at any eligible institution to pay for certain education expenses, requires a scholarship recipient to maintain a certain grade point average.

MD S 228
Status: Enacted, Chap. 578
Alters the definition of investment to include certain types of debt, authorizes buyers of certain technology to claim a credit against state income tax for purchase costs, authorizes qualified buyers to apply for the credit, requires a qualified buyer to attach a certain certificate to their income tax return, provides for the revocation and recapture of a credit under certain circumstances, makes a cybersecurity incentive tax credit subject to certain evaluations.

MD S 281
Status: Enacted. Chap. 151
Alters the membership of the State Cybersecurity Council to include the State Administrator of Elections.

MD S 310
Status: Failed - Adjourned
Allows a subtraction modification under the State income tax for certain capital gain income realized on the disposition of an investment in a certain cybersecurity company, authorizes certain Buyers of certain technology to claim a credit against the State income tax equal to 50% of certain costs incurred to purchase certain technology, requires the Secretary of Commerce to approve certain applications for the credits, applies the Act to taxable years beginning after December 31, 2017.

MD S 376
Status: Failed
Adds certain offenses involving computers to the list of offenses on which a charge of murder in the first degree can be based, prohibits the creation of or unauthorized introduction into a computer, computer system, or computer network software designed to inhibit access or use by an authorized user of a computer, computer system, or computer network for the purpose of extorting money, property, or anything of value from another, establishes a certain penalty, applies the Act prospectively.

MD S 882
Status: Failed - Adjourned
Requires a unit to require a certain bidder or offeror to submit a certain certification or application before the unit is authorized to award a procurement contract for a certain Internet-connected device, requires a certain bidder or offeror to certify certain information regarding a certain security vulnerability of a certain Internet-connected device, authorizes a certain bidder or offeror to submit a certain application for a waiver from certain certification requirements.

MD S 892
Status: Failed - Adjourned
Requires the Executive Director of the Department of Legislative Services to ensure that the responsibilities of the offices of the Department are carried out, alters the offices that comprise the Department, alters certain duties of the Department to review certain reporting requirements, establishes the Office of Operations and Support Services in the Department, provides that the Office of Policy Analysis is not required to prepare an analysis of certain enabling acts under certain circumstances.

Michigan

MI H 4368
Status: Failed - Adjourned
Provides for omnibus budget bill.

MI H 4369
Status: Failed - Adjourned
Provides for omnibus appropriations for school aid, higher education and community colleges.

MI H 4697
Status: Failed - Adjourned
Expands definition of disaster to include a cybersecurity incident.

MI H 4973
Status: Enacted. Chap. 68
Exempts public body records, documents, or information disclosable under freedom of information act.

MI H 5128
Status: Failed - Adjourned
Allows for recovery of certain prosecution costs in crimes using computers or internet.

MI H 5257
Status: Enacted, Chap. 95
Provides penalties for unauthorized possession or use of ransomware.

MI H 5258
Status: Enacted, Chap. 96
Provides sentencing guidelines for ransomware offenses.

MI H 6491
Status: Enacted, Chap. 690
Enacts the Insurance Data Security Model law; establishes the exclusive standards, for this state, applicable to licensees for data security, the investigation of a cybersecurity event, and notification to the director. 

MI S 149
Status: Enacted, Chap. 586
Relates for the school aid appropriations budget, provides the sum of the final audited count from the supplemental count day of pupils in grades K to 12 actually enrolled and in regular daily attendance in the community district for the immediately preceding school year plus the final audited count from the supplemental count day of pupils in grades K to 12 actually enrolled and in regular daily attendance in the education achievement system for the immediately preceding school year.

MI S 217
Status: Failed - Adjourned
Provides omnibus appropriations or school aid, higher education and community colleges.

MI S 218
Status: Failed - Adjourned
Provides omnibus executive recommendation bill.

MI S 632
Status: Failed - Adjourned
Adds section to the Management and Budget Act to create a Cybersecurity Council and outlines council membership and duties.

MI S 941
Status: Enacted, Chap. 227
Enacts appropriations in School Aid Fund for the Marshall Plan for Talent.

Minnesota

MN H 691
Status: Failed--adjourned.
Relates to state government, requires monthly reports related to the employee gainsharing system, appropriates money for the legislature, governor's office, state auditor, attorney general, secretary of state, certain agencies, boards, councils, retirement funds, military affairs, and veterans affairs, cancels and reduces of certain appropriations, requires a base budget report, establishing districting principles, establishes the Legislative Budget Office.

MN H 1080
Status: Failed--adjourned.
Relates to state government, changes provisions governing state government operations and military veterans policy, appropriates money.

MN H 1896
Status: Failed--adjourned.
Relates to state government, establishes a Legislative Commission on Cyber Security, provides legislative appointments.

MN H 2298
Status: Failed--adjourned.
Relates to state government, establishes a Legislative Commission to Review Consolidation of the State's Information Technology, requires a report.

MN H 2868
Status: Failed--adjourned.
Relates to state government, requires state agencies to dedicate a portion of their information technology expenditures to cyber security enhancements.

MN H 2958
Status: Failed--adjourned.
Relates to education finance; increases districts' safe schools levy authority; authorizes school districts to use safe schools levy proceeds to enhance cybersecurity.

MN H 3126
Status: Failed--adjourned.
Relates to state government, creates technology and cyber security fund.

MN H 3365
Status: Failed--adjourned.
Relates to education finance; increases the safe schools levy; authorizes the safe schools levy to be spent on cyber security activities; links the portion of the levy available for intermediate school districts to the school district per pupil allowance.

MN H 3639
Status: Failed--adjourned.
Relates to higher education; appropriates money to the Board of Trustees of the Minnesota State Colleges and Universities to fund cyber security programs at Metropolitan State University.

MN H 3447
Status: Failed--adjourned.
Relates to state government, requires certain information and telecommunications technology projects to be developed and completed by contract, establishes regulation relating to information technology and cyber security, revises evaluation procedures, requires a field test prior to a full release or deployment of an information and telecommunications project.

MN H 3638
Status: Failed--adjourned.
Relates to higher education, provides for the financing of higher education programs, modifies certain higher education policy provisions, clarifies changes to loan forgiveness and research grant programs, modifies the regent candidate selection process.

MN H 3644
Status: Failed--adjourned.
Relates to capital investment, appropriates money for a cybersecurity operations center at Metro State University, authorizes the sale and issuance of state bonds.

MN H 3791
Status: Failed--adjourned.
Relates to elections, permits eligible individuals who are at least 17 years of age to preregister to vote, provides for automatic voter registration of applicants for a driver's license, instruction permit, or state identification card, requires the secretary of state to provide election security training, appropriates money for the purposes of providing grants for the purchase or lease of electronic rosters, appropriates money for necessary upgrades to the statewide voter registration system.

MN H 4016
Status: Failed--adjourned.
Relates to state government, appropriates money for certain agencies and reduces appropriations for certain agencies, approves transfers of money from certain accounts, requires enhanced cyber security, establishes principles for districting, establishes the Legislative Budget Office Oversight Commission, establishes provisions for the Legislative Budget Office.

MN H 4099
Status: Failed
Relates to state government, makes policy and technical changes to various agriculture-related provisions including provisions related to agriculture finance, establishes a rural energy feasibility loan program, requires approval of certain proposed rules, authorizes the sale of certain bonds, modifies environmental, natural resource, and game and fish provisions, modifies Water Law, modifies Clean Water Legacy Act, modifies solid waste provisions, requires fencing for abandoned mines.

MN H 4328
Status: Failed--adjourned.
Relates to education, provides for the financing of early childhood through higher education, includes general education, relates to student and school safety, relates to education excellence, teachers, special education, facilities, technology, and libraries, concerns nutrition.

MN H 4385
Status: Vetoed
Relates to taxation, makes changes to conform with certain federal tax law changes, adopts federal adjusted gross income as the starting point for calculating individual income tax, makes policy and technical changes to various tax related provisions relating to the individual income tax, corporate franchise tax, estate tax, sales and use tax, gross revenues tax, gross receipts tax, property tax, partnership tax, tobacco tax, minerals tax, and other miscellaneous tax provisions.

MN H 4420
Status: Failed--adjourned.
Relates to state government, makes supplemental appropriations for certain state agencies, changes allocation of rent collected on lease of certain state building spaces, changes provisions governing human burials, remains, and cemeteries.

MN S 798
Status: Failed--adjourned
Relates to state government; changes provisions governing state government operations and military veterans policy; appropriates money.

MN S 1251
Status: Failed--adjourned.
Relates to state government, establishes a Legislative Commission on Cyber Security, provides legislative appointments.

MN S 1709
Status: Failed--adjourned.
Relates to state government, establishes a Legislative Commission to Review Consolidation of the State's Information Technology, requires a report.

MN S 2507
Status: Failed--Adjourned.
Relates to education finance; increases districts' safe schools levy authority; authorizes school districts to use safe schools levy proceeds to enhance cybersecurity.

MN S 3020
Status: Failed--Adjourned.
Relates to education finance; increases the safe schools levy; authorizes the safe schools levy to be spent on cyber security activities; links the portion of the levy available for intermediate school districts to the school district per pupil allowance.

MN S 3374
Status: Failed--adjourned.
Relates to elections, permits eligible individuals who are at least 17 years of age to preregister to vote, provides for automatic voter registration of applicants for a driver's license, instruction permit, or state identification card, requires the secretary of state to provide election security training, appropriates money for the purposes of providing grants for the purchase or lease of electronic rosters, appropriates money for necessary upgrades to the statewide voter registration system.

MN S 3648
Status: Failed--adjourned.
Relates to capital investment, appropriates money for a cybersecurity operations center at Metro State University, authorizes the sale and issuance of state bonds.

MN S 3656
Status: Vetoed
Appropriates money for agriculture, rural development, housing, state government, public safety, transportation, environment, natural resources, energy, jobs, economic development, higher education, education, health, and human services, establishes the Legislative Budget Office Oversight Commission.

MN S 3764
Status: Failed--adjourned.
Relates to state government, specifies conditions of legislative ratification of proposed collective bargaining agreements, requires proposed changes to state employee group insurance to be submitted separately to the Legislative Coordinating Commission, requires certain information about collective bargaining agreements and compensation plans be submitted to the Legislative Coordinating Commission.

MN S 3930
Status: Failed--adjourned.
Relates to higher education, appropriates money to the Board of Trustees of the Minnesota State Colleges and Universities to fund cyber security programs at Metropolitan State University.

MN S 4002
Status: Failed--adjourned.
Relates to state government, makes supplemental appropriations for certain state agencies, changes allocation of rent collected on lease of certain state building spaces, changes provisions governing human burials, remains, and cemeteries.

Missouri

MO H 1355
Status: Enacted.
Establishes a joint committee of the general assembly, which shall be known as the "Joint Committee on Disaster Preparedness and Awareness"; requires the committee to make a continuous study and investigation into issues relating to disaster preparedness and awareness including, natural and man-made disasters, state and local preparedness for floods, state and local preparedness for tornadoes, blizzards, and other severe storms, food and energy resiliency and cyber-security.

MO H 1998
Status: Failed--adjourned.
Creates guidelines for reviewing the comprehensive state energy plan.

MO H 2265
Status: Failed--adjourned.
Modifies provisions for public utilities.

Mississippi

MS H 1147
Status: Failed
Exempts certain information technology records from the State Public Records Act, conforms to the provisions of this act, relates to public records, for the purposes of amendment.

MS S 2698
Status: Failed
Exempts from the public records act certain information technology related information that, if disclosed, could allow unauthorized access to the state's it assets.

Nebraska

NE L 247
Status: Failed
Provides for school district levy and bonding authority for cybersecurity.

NE L 757
Status: Enacted
Revises provisions of the Credit Report Protection Act and the Financial Data Protection and Consumer Notification of Data Security Breach Act, requires substantially similar types of a security product that provides the same level of protection to a consumer's credit report as that provided under the Credit Report Protection Act, prohibits an agency using a similar type of security product from charging a fee to a consumer, requires maintenance of reasonable security procedures and practices.

New Hampshire

NH H 1335
Status: Enacted. Chap. 63
Prohibits state agencies from using software developed by Kaspersky Labs.

New Jersey

NJ A 1766
Status: Pending
Requires certain persons and business entities to maintain comprehensive information security program.

NJ A 3542
Status: Pending
Requires state, county, and municipal employees and certain state contractors to complete cybersecurity awareness training.

NJ A 3546
Status: Pending
Directs Rutgers Discovery Informatics Institute, the Office of Information Technology, and Big Data Alliance to develop an advanced cyber infrastructure strategic plan; appropriates funds.

NJ A 3922
Status: Pending
Requires state employees to review best cybersecurity practices.

NJ A 3983
Status: Pending
Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks.

NJ AJR 54
Status: Pending
Designates October of each year as Cyber Security Awareness Month.

NJ AJR 86
Status: Pending
Urges Secretary of State to assure Legislature and public that State's electoral system is protected from foreign computer hackers.

NJ S 998
Status: Pending
Requires Economic Development Authority (EDA) to establish program offering low-interest loan to certain financial institutions and personal data businesses to protect business's information technology system from customer personal information disclosure.

NJ S 2692
Status: Pending
Requires certain persons and business entities to maintain a comprehensive information security program.

NJ SJR 22
Status: Pending
Urges the Secretary of State to assure the Legislature and the public that the state's electoral system is protected from foreign computer hackers.

New Mexico

NM S 244
Status: Failed-adjourned
Urges the Secretary of State to assure the Legislature and the public that the state's electoral system is protected from foreign computer hackers.

New York

NY A 2765
Status: Failed - Adjourned
Amends the Penal Law, relates to creating the crime of cyber terrorism and calculating damages caused by computer tampering, provides that cyber terrorism shall be a class B felony.

NY A 3311
Status: Failed - Adjourned
Relates to cyber terrorism in the first and second degree.

NY A 3448
Status: Failed - Adjourned
Requires the formation of a cyber security advisory board and the implementation of a cyber security initiative.

NY A 3451
Status: Failed - Adjourned
Requires a comprehensive review of all cyber security services to be performed every five years.

NY A 4422
Status: Failed - Adjourned
Amends the Banking Law, requires lending institutions to supply customers with PINs to be used in conjunction with any chip-embedded credit card.

NY A 5496
Status: Failed - Adjourned
Relates to cyber crimes and identity theft, increases penalties for certain acts involving use of personal information, fraud, tampering, theft and use of a computer to commit crimes.

NY A 7480
Status: Failed - Adjourned
Enacts the New York Grid Modernization Act to address the aging infrastructure, establishes the grid modernization program, defines terms, creates the smart grid advisory council, makes related changes.

NY A 7781
Status: Failed - Adjourned
Amends the Tax Law, relates to a business tax credit for the purchase of data breach insurance.

NY A 7916
Status: Failed - Adjourned
Establishes the ethical standards for state agency contractors act.

NY A 7997
Status: Failed - Adjourned
Amends the General Business Law, relates to the protection of personal information by businesses.

NY A 8501
Status: Failed - Adjourned
Directs the Division of Homeland Security and Emergency Services to work with other experts who maintain experience and knowledge in the area of cyber security to develop a cyber security action plan for the state, provides for the establishment of cyber security defense units, cyber incident response teams, and cyber education and attack prevention, provides reporting requirements, reimbursement for costs of service, and timing of the cyber security action plan.

NY A 8641
Status: Failed - Adjourned
Establishes the computer security act, addressing the widespread problem of spyware, makes it illegal for third parties to knowingly and deceptively cause computer software to be copied on to personal computers that changes the computer users settings without permission, prevents users from resetting computers to the original preferences or removing third party software, secretly collects information about internet searches, disables the computer's security software or causes related disruptive activities.

NY A 8674
Status: Failed - Adjourned
Amends the Tax Law, relates to offering a tax credit to employers who pay for their employees to acquire an associate of applied science in computer security from a SUNY or CUNY school.

NY A 9013
Status: Failed - Adjourned
Establishes a commission to study cyber security in the state.

NY A 9780
Status: Failed - Adjourned
Enacts the Personal Information Protection Act, establishes a personal information bill of rights requiring parties having custody of residents' personal identifying information to ensure the security thereof, provides for the approval of programs to secure personal identifying information by the office of information security, requires the notification of the division of state police and the subjects of information upon the breach of such information.

NY A 9843
Status: Failed - Adjourned
Amends the penal law, relates to establishing the offenses of phishing in the third degree, phishing in the second degree and phishing in the first degree, amends the criminal procedure law, relates to the time in which a prosecution of such offenses must be commenced.

NY A 10486
Status: Vetoed by Governor.
Amends the Insurance Law; clarifies that continuing care retirement communities are not subject to department of financial services cybersecurity regulation.

NY S 924
Status: Failed - adjourned
Requires the formation of a cyber security advisory board and the implementation of a cyber security initiative.

NY S 926
Status: Failed - adjourned
Requires a comprehensive review of all cyber security services to be performed every five years., requires a detailed assessment of each and every cyber security need of the State, including but not limited to, its state agencies and its public authorities.

NY S 953
Status: Failed - adjourned
Relates to cyber terrorism in the first and second degree.

NY S 1563
Status: Failed - adjourned
Relates to offenses involving theft of identity and computer tampering.

NY S 2004
Status: Failed - adjourned
Makes appropriations for the support of government, relates to the Capital Projects Budget.

NY S 2406
Status: Failed - adjourned
Relates to cyber crimes and identity theft, repeals certain provisions of the penal law relating to scheme to defraud, includes property that is personal identifying information in in the crime of grand larceny, provides for computer tampering, and denial of service attack on a computer, computer service, program or network, defines the crime of scheming to defraud, provides for the crime of identity theft.

NY S 3654
Status: Failed - adjourned
Relates to offenses involving thefts of identity.

NY S 4615
Status: Failed - adjourneding
Amends the Tax Law, relates to a business tax credit for purchase of data breach insurance, states, a taxpayer that is a business or owner of a business shall be allowed a credit against the tax imposed by this article equal to twenty-five percent of the premium paid during the taxable year for qualified data breach insurance.

NY S 4719
Status: Failed - adjourned
Amends the Insurance Law, promotes competitive property and casualty insurance markets for business to business insurance transactions.

NY S 5946
Status: Failed - adjourned
Directs the commissioner of the division of homeland security and emergency services to work with other experts who maintain experience and knowledge in the area of cyber security to develop a cyber security action plan for New York state, relates to cyber education and attack prevention.

NY S 6933
Status: Failed - adjourned
Amends the Stop Hacks and Improve Electronic Data Security, or SHIELDS, Act; relates to notification of a security breach; expands the definition of private information to include certain account numbers, biometric information, user names and email addresses, and unsecured protected health information; provides for reasonable security requirements.

NY S 7555
Status: Failed - adjourned
Enacts the "personal information protection act", establishes a personal information bill of rights requiring parties having custody of resident's personal identifying information to ensure the security thereof, provides for the approval of programs to secure personal identifying information by the office of information security.

NY S 7599
Status: Failed - adjourned
Relates to offering cyber security instruction in certain computer courses.

NY S 7726
Status: Failed - adjourned
Establishes a commission to study the European Union's general protection data regulation and the current state of cyber security in the state.

NY S 7940
Status: Failed - adjourned
Amends the Insurance Law; clarifies that continuing care retirement communities are not subject to the Department of Financial Service's cybersecurity regulations; authorizes such organizations to self certify a cybersecurity policy.

NY S 8138
Status: Failed - adjourned
Establishes the offenses of phishing in the third degree, phishing in the second degree and phishing in the first degree, relates to the time in which prosecution of such offenses must be commenced.

Ohio

OH H 466
Status: Failed - adjourned
Establishes a Director of Elections Cybersecurity and an Elections Cybersecurity Council to advise the Secretary of State on securing Ohio's elections and preventing future threat

OH H 747
Status: Failed - adjourned
Creates the civilian cyber security reserve forces; makes an appropriation.

OH S 220
Status: Enacted, Chap. 104
Enacts certain provisions of the Revised Code relating to safe harbor, provides a legal safe harbor to covered entities that implement a specified cybersecurity program.

OH S 273
Status: Enacted, Chap. 134
Clarifies the definition of an insurance rating agency; requires each licensee to develop, implement, and maintain a comprehensive written information security program based on the licensee's risk assessment; relates to a domestic surplus lines insurer.

OH S 327
Status: Failed - adjourned
Creates the civilian cyber security reserve forces; makes an appropriation.

Pennsylvania

PA H 32
Status: Failed - adjourned
Amends the act of April 9, 1929 (P.L.177, No.175), known as The Administrative Code of 1929, in organization of departmental administrative boards and commissions and of advisory boards and commissions, provides for Cybersecurity Innovation and Excellence Commission.

PA H 1704
Status: Failed - adjourned
Amends Title 71 of the Pennsylvania Consolidated Statutes, providing for information technology, establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures, provides for the Legislative Cybersecurity Oversight Committee, imposes penalties.

PA S 308
Status: Failed - adjourned
Amends the Breach of Personal Information Notification Act, provides for title of act, for definitions and for notification of breach, prohibits employees of the state from using non secured Internet connections, provides for a policy and for entities subject to the Health Insurance Portability and Accountability Act of 1996.

PA S 427
Status: Failed - adjourned
Amends Vehicles of the Pennsylvania Consolidated Statutes, in operation of vehicles, provides for highly automated vehicles and platooning testing.

PA S 914
Status: Failed - adjourned
Amends Title 71 of the Pennsylvania Consolidated Statutes, provides for information technology, establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the Legislative Cybersecurity Oversight Committee, imposes penalties.

Rhode Island

RI H 5543
Status: Failed - adjourned
Prohibits unauthorized access to confidential information from a computer, computer program, computer system, or computer network with the intent to either view, obtain, copy, or download any confidential information, establishes that violations would be a felony.

RI H 5954
Status: Failed - adjourned
Would require all state, municipal and quasi-public departments to protect information contained in their computer systems by complying with the criteria set forth in a publication (800-171) put out by the US Department of Commerce's National Institute of Standards and Technology (NIST). It gives the departments 18 months after passage of the act to comply. Also in furtherance of this end, the act would exempt all discussion and activity from the open meetings law. This act would take effect upon passage.

RI H 7817
Status: Failed - adjourned
Would require all state, municipal, and quasi-public departments to protect information contained in their computer systems by complying with the criteria set forth in a publication (800-171) by the US Department of Commerce's National Institute of Standards and Technology (NIST). The departments would have eighteen (18) months after passage of the act to comply. Further, the act would exempt all discussion and activity from the open meetings law. This act would take effect upon passage.

South Carolina

SC H 3427
Status: Failed - adjourned
Enacts the Computer Science Education Initiative, provides that public high schools and charter high schools shall offer certain computer science coursework, requires the state Board of Education to adopt and ensure implementation of grade-appropriate standards for computer science and computational thinking for public school students in kindergarten through twelfth grade, Provides for the office of the governor to establish criteria and processes for science, technology, engineering and math regions.

SC H 4655
Status: Enacted, Act 171
Enacts the State Insurance Data Security Act; requires a licensee to develop, implement and maintain a comprehensive information security program based on the licensee's risk assessment and to establish certain requirements for the security program; provides minimum requirements for a licensee's Board of Directors, if applicable; requires a licensee to monitor the security program and make adjustments if necessary; provides that the licensee must establish an incident response plan; relates to reports.

SC H 4950
Status: Enacted
Makes appropriations. Requires all state agencies to adopt and implement cyber security policies, guidelines and standards developed by the Department of Administration. The department may conduct audits on state agencies except public institutions of higher learning, technical colleges, political subdivisions, and quasi-governmental bodies as necessary to monitor compliance with established cyber security policies, guidelines and standards. 

SC S 856
Status: Failed
Enacts the State Insurance Data Security Act; requires a licensee to develop, implement and maintain a comprehensive information security program based on the licensee's risk assessment and to establish certain requirements for the security program; provides minimum requirements for a licensee's Board of Directors, if applicable; requires a licensee to monitor the security program and make adjustments if necessary; provides that the licensee must establish an incident response plan; relates to reports.

Tennessee

TN H 1519
Status: Failed – Adjourned
Relates to Election Laws; requires the coordinator of elections to engage a cybersecurity firm to perform a study of the voter data system in this state and produce a report that details the risk to voter data posed by hacking.

TN S 1681
Status: Failed – Adjourned
Relates to Election Laws; requires the coordinator of elections to engage a cybersecurity firm to perform a study of the voter data system in this state and produce a report that details the risk to voter data posed by hacking.

Utah

UT H 174
Status: Enacted. Chap. 125
Changes the composition of the Utah Digital Health Service Commission; increases the number of members on the commission; creates an additional category for representation; increase the number of members required for a quorum; adds information security to the duties and responsibilities.

UT S 242
Status: Enacted. Chap. 444
Amends provisions relating to cybercrime.

Virginia

VA H 258
Status: Failed - Adjourned
Relates to computer trespass, relates to penalty, expands the crime of computer trespass to provide that the prohibited actions that constitute computer trespass are criminalized if done through intentionally deceptive means and without authority, specifies that a computer user is not required to be given notice of the activities of a computer hardware or software provider, an interactive computer service, or a telecommunications or cable operator that are required or authorized by law.

VA H 279
Status: Failed - Adjourned
Relates to RICO Act, relates to computer crimes, relates to penalty, adds certain felony offenses contained in the Virginia Computer Crimes Act as qualifying offenses under the Virginia Racketeer Influenced and Corrupt Organization (RICO) Act, provides that such crimes include computer fraud, transmission of unsolicited commercial electronic mail, computer trespass, computer invasion of privacy, using a computer to gather identifying information, and theft of computer services.

VA H 685
Status: Failed
Relates to Cybersecurity Student Loan Repayment Grant Program established, relates to report, establishes the Cybersecurity Student Loan Repayment Grant Program, to be administered by the State Council of Higher Education for Virginia, whereby renewable grants of matching state and employer funds are provided on a competitive basis to an individual who either graduated within the past year from a public institution of higher education or nonprofit private institution of higher education.

VA H 727 
StatusEnacted. Chap. 52
Relates to Freedom of Information Act, relates to exclusion of records relating to public safety, clarifies the exclusion from mandatory disclosure of information relating to a safety program plan pursuant to Federal Transit Administration regulations, makes a nonsubstantive correction.

VA H 1221 
Status: Enacted. Chap. 775
Relates to Virginia Information Technologies Agency, relates to additional duties of the Chief Information Officer, relates to cybersecurity review, requires the CIO of the Information Technologies Agency to conduct an annual comprehensive review of cybersecurity policies of every executive branch agency, with a particular focus on breaches in information technology that occurred in the reviewable year and any steps taken by agencies to strengthen cybersecurity measures.

VA H 1317
Status: Failed - Adjourned
Relates to administrative subpoena for electronic communication service or remote computing service records, relates to certain offenses, adds various computer crimes to the list of crimes for which attorneys for the Commonwealth have the authority to issue administrative subpoenas to obtain records and other information from electronic communication service and remote computing service providers if relevant to a legitimate law-enforcement investigation.

VA H 5002 a
Status: Enacted. Chap. 2
Relates to Budget Bill, appropriations of the Budget submitted by the Governor of Virginia in accordance with the provisions of Section 2.2-1509, Code of Virginia, and to provide a portion of revenues for the two years ending respectively on the thirtieth day of June, 2019, and the thirtieth day of June, 2020.

VA S 533
Status: Failed - Adjourned
Relates to computer trespass, relates to penalty, expands the crime of computer trespass to provide that the prohibited actions that constitute computer trespass are criminalized if done through intentionally deceptive means and without authority and specifies that a computer hardware or software provider, an interactive computer service, or a telecommunications or cable operator does not have to provide notice of its activities to a computer user that a reasonable computer user should expect may occur.

VA S 657
Status: Enacted. Chap. 741
Relates to the Freedom of Information Act, relates to exclusion of records relating to public safety, excludes from mandatory disclosure under the Freedom of Information Act information held by the State Commercial Space Flight Authority, provides for information that is categorized as classified, or sensitive but unclassified, including national security, defense, and foreign policy information.

VA S 776
Status: Failed
Relates to administrative subpoena for electronic communication service or remote computing service records, relates to certain offenses, adds various computer crimes to the list of crimes for which attorneys for the Commonwealth have the authority to issue administrative subpoenas to obtain records and other information from electronic communication service and remote computing service providers if relevant to a legitimate law-enforcement investigation.

VA S 966
Status: Enacted. Chap. 296
Relates to electric utility regulation, provides for grid modernization and energy efficiency programs, provides for rate review proceedings and transitional rate periods, provides for energy storage facilities, relates to electric distribution grid transformation projects, and wind and solar generation facilities, relates to coal combustion by product management, relates to undergrounding electrical transmission lines, relates to fuel factor.

Vermont

VT H 474
Status: Failed--adjourned.
Relates to cybercrime.

VT H.B. 764
Status: Enacted. Chap. 171
Relates to data brokers and consumer protection.

VT H 16a
Status: Enacted. Chap. 11
Makes appropriations for the support of government, cybersecurity, financial education, and vital records; provides for the Workforce Education and Training Fund; provides for the One Time Clean Energy Development Fund; provides for Medicaid programs; provides for education funding; provides funding for social services programs; provides for certain taxation

Washington

WA H 1233
Status: Failed - Adjourned
Enables electric utilities to prepare for the distributed energy future, ensures that procurement decisions are based on current cost and performance data for distributed energy resources, states that a utility should procure the distributed energy resource needs identified in any distributed energy resources plan through a process that is price-based and technology neutral.

WA H 1418
Status: Failed - Adjourned
Establishes a blue ribbon panel on cybersecurity.

WA H 1419
Status: Failed - Adjourned
Grants the governor authority to proclaim a state of emergency in the event of a substantial cybersecurity incident.

WA H 1421
Status: Failed - Adjourned
Concerns the removal of payment credentials and other sensitive data from state data networks, excludes account information required for making outgoing payments, distributions, and transfers.

WA H 1472
Status: Failed - Adjourned
Criminalizes damaging, destroying, tampering, or removing ballot return boxes or contents.

WA H 1479
Status: Failed - Adjourned
Concerns encryption of data on state information technology systems.

WA H 1697
Status: Failed - Adjourned
Addresses the cybersecurity and information technology professional shortage by requiring a study of incentive methods for attracting high-demand talent in information technology and cybersecurity to state agencies.

WA H 1830
Status: Failed - Adjourned
Creates the cybersecurity conditional loan program.

WA H 1929
Status: Failed - Adjourned
Concerns independent security testing of state agencies' information technology systems and infrastructure by the military department.

WA H 2086
Status: Failed - Adjourned
Establishes a task force to address state interagency coordination in cybersecurity.

WA H 2172
Status: Failed - Adjourned
Concerns independent security testing of state agencies' information technology systems and infrastructure by the military department.

WA H 2299
Status: Failed - Adjourned
Makes supplemental operating appropriations, relates to the general fund.

WA H 2388
Status: Failed - Adjourned
Concerns the security of voting systems in elections.

WA H 2406
Status: Enacted. Chap. 218
Concerns election security practices around auditing and equipment, adds options to the auditing process for local elections administrators, concerns maximizing the security benefits of having locally run, decentralized counting systems.

WA H 2678
Status: Failed - Adjourned
Modifies cybercrime provisions.

WA H 2999
Status: Failed – Adjourned
Concerns security breaches of election systems or election data. Requires the secretary of state to submit a report to the governor, lieutenant governor, state chief information security officer, attorney general, a designated county auditor representative or other designated local election official, and the chairs and ranking members of the appropriate legislative committees from the senate and house of representatives that includes information on any instances of security breaches identified under subsection (1) of this section, and options to increase the security of the election systems and election data, and prevent future security breaches.

WA S 5048
Status: Failed - Adjourned
Makes fiscal biennium operating appropriations, provides for the appropriation and authorization to be incurred for salaries, wages, and other expenses of the agencies and offices of the state and for other specified purposes for the fiscal biennium.

WA S 5455
Status: Failed - Adjourned
Concerns statewide cybersecurity performance.

WA S 6032
Status: Enacted. Chap. 299
Makes supplemental operating appropriations, relates to the general fund.

WA S 6202
Status: Failed - Adjourned
Concerns election security practices around auditing and equipment.

West Virginia

WV H 4342
Status: Failed - Adjourned
Relates to commercial insurance rates.

WV S 495
Status: Enacted. Chap. 128
Relates to commercial insurance rates, designates cybersecurity insurance coverage as exempt from the requirements of filing rates with the insurance commissioner.

Wyoming

WY H 1
Status: Enacted. Chap. 134
Makes appropriations for the fiscal biennium commencing July 1, 2018 and ending June 30, 2020, provides definitions, provides for appropriations and transfers of funds for the period of the budget and for the remainder of the current biennium as specified, provides for carryover of certain funds beyond the biennium as specified, provides for employee positions as specified.

District of Columbia

DC B 782
Status: Failed – Adjourned
(Permanent Law) Creates a program under which volunteers may provide services to District government agencies and offices to respond to cybersecurity incidents, to provide for protection from liability for personal injury and property damage, and to create the District of Columbia Cyber Civilian Collective and prescribe its powers and duties.

DC B 783
Status: Failed – Adjourned
(Permanent Law) Amends Chapter 46 of Title 47 to establish a $1,000 tax credit to create incentives for certified business enterprises and certified small business enterprises to purchase qualified data breach insurance, to require the Council to reauthorize the use of this tax incentive annually, and to require the Chief Financial Officer to establish rules and regulations to implement this act.

DC B 805
Status: Failed – Adjourned
Establishes a pilot program within the Office of the Chief Technology Officer for veterans to acquire skills, knowledge, and experience necessary to enter the cybersecurity field.

Puerto Rico

PR H 246
Status: Adopted

PR HR 257
Status: Pending
Orders the House Committees on Finance and Public Security to investigate the information systems of the Department of the Treasury, its maintenance and the reasons for a cyber virus that caused on Monday, January 6 of 2017 the Department of the Treasury to raise about $20 million, determines if the information from taxpayers and the government hosted on the servers of the Department of the Treasury was affected as a result of this cyber virus.

PR HR 367
Status: Pending
Orders the House Committee on Public Safety to assess the feasibility of establishing a forensic laboratory in cyber crimes, similar to that of the Immigration and Customs Enforcement, which provides services exclusively to state agencies.

PR HR 475
Status: Pending
Orders the House Committee on Public Safety to research the practices and policies of cyber security and of the executive departments and agencies of the Government, with urgency in the Department of the Treasury, the State Department and Department of Public Safety.

PR SR 158
Status: Pending
Orders the Senate Committee on Finance of the Senate to study cyber attacks on the electronic systems of the Department of the Treasury and the Municipal Revenues Collection Center, studies the effect of this incident in the fulfilment of the functions of these agencies regarding any information, either from the Government or its taxpayers, that was affected, studies preventive measures to be established to avoid that this continues happening.

StateNet logoLexis Nexis Terms and Conditions

Additional Resources