Cybersecurity Legislation 2019

10/25/2019

State legislatures continue to advance policy proposals to address cyber threats directed at governments and private businesses. As threats continue to evolve and expand and as the pace of new technologies accelerates, legislatures are making cybersecurity measures a higher priority.

2019 Introductions: At least 43 states and Puerto Rico introduced or considered close to 300 bills or resolutions that deal significantly with cybersecurity. Thirty-one states enacted cybersecurity-related legislation in 2019 (the status of enacted bills are highlighted in bold). Some of the key areas of legislative activity include: 

  • Requiring government agencies or businesses to implement training or specific types of security policies and practices
  • Creating task forces or commissions
  • restructuring government for improved security
  • studying the use of blockchain for cybersecurity
  • providing for the security of utilities and critical infrastructure
  • exempting cybersecurity operations information from public records laws
  • addressing the security of connected devices
  • regulating cybersecurity within the insurance industry
  • Providing funding for improved security measures (note: this page does not list all cybersecurity appropriations bills; rather, it focuses on those that include specific mandates or projects to be funded)
  • addressing cybersecurity threats to elections (see NCSL's Elections data base for other types of elections security-related legislation).

See additional resources for information on related topics such as security breach legislation, privacy and other issues. 

NOTE: Please check individual legislative websites for the most current status, summaries and versions of bill text.

 

2019 Cybersecurity Legislation

 

Alabama

AL H 101
Status: Failed-adjourned
Relates to insurance; requires insurers and other entities licensed by the Department of Insurance to develop, implement, and maintain an information security program; provides for reporting to the Commissioner of Insurance, including the reporting of cybersecurity events; provides that information provided to the commissioner pursuant to this act would be confidential and privileged under certain conditions; provides for civil penalties under certain conditions.

AL S 54
Status: Enacted, Chap. 98
Relates to insurance; requires insurers and other entities licensed by the Department of Insurance to develop, implement, and maintain an information security program; provides for reporting to the Commissioner of Insurance, including the reporting of cybersecurity events; provides that information provided to the commissioner pursuant to this act would be confidential and privileged under certain conditions; provides for civil penalties under certain conditions.

AL S 109
Status: Failed

Relates to elections; provides that tampering with, hacking, or otherwise manipulating an electronic voting machine or misusing a voting machine is a Class B felony; makes certain enumerated actions relating to voter fraud, whereby a voter takes an unlawful action when voting by absentee ballot, a Class A misdemeanor.

Arkansas


AR H 1128
Status: Enacted, Act 149
Amends the law concerning the authority of the Governor to order the militia into service, authorizes the use of the militia to address cybersecurity threats and cybersecurity vulnerabilities.

AR H 1500
Status: Enacted, Act 599
Provides for the security of the plans of emergency service agencies, prevents, investigates, or responds to incidents of terrorism and mass destruction, provides for the security of investigative files and documents, amends the Homeland Security Information Act.

AR S 632
Status: Enacted, Act 1085
Enacts the Cyber Initiative Act, authorizes the Economic Development Commission to support a cyber alliance in order to reduce cyber risks and encourage economic development.
 

Arizona


AZ H 2177
Status: Enacted, Chap. 45
Revises provisions relating to the Regulatory Sandbox Program, revises certain definitions, relates to temporary testing of an innovation without otherwise being licensed, revises provisions relating to the application process and requirements, provides for financial products and services, requires the employment of cybersecurity measures to avoid breaches.

AZ H 2489
Status: Failed - Adjourned
Relates to election procedures oversight committee.

AZ S 1470
Status: Failed - Adjourned
Relates to automatic voter registration, relates to database, relates to agencies.
 

California

CA A 74
Status: Enacted, Chap. 23
Makes appropriations for the support of state government for the upcoming fiscal year, including appropriating funds to establish and operate the office of elections cybersecurity. Provides that activities performed by the office shall be designed so as to minimize overlap and in coordination with statewide cybersecurity efforts performed by the California Cybersecurity Integration Center. 

CA A 190
Status: Pending
Makes appropriations for the support of state government for the 2019-20 fiscal year, including appropriating funds to establish and operate the office of elections cybersecurity. Provides that activities performed by the office shall be designed so as to minimize overlap and in coordination with statewide cybersecurity efforts performed by the California Cybersecurity Integration Center. 

CA A 814
Status: Enacted, Chap. 16
Clarifies that, for purposes of the prohibition against unlawfully accessing a computer system, a computer system includes devices or systems that are located within, connected to, or integrated with, a motor vehicle.

CA A 1043
Status: Enacted, Chap. 46
Authorizes the expenditure of campaign funds to pay for, or reimburse the state for, the installation and monitoring of hardware, software, and services related to the cybersecurity of the electronic devices of a candidate, elected officer, or campaign worker. Requires a candidate or elected officer to report any expenditure of campaign funds for these purposes to the Fair Political Practices Commission in the candidate or officer's campaign statements.

CA A 1044
Status: Enacted, Chap. 106
Authorizes the Secretary of State to require an applicant to take a training course regarding data security as a condition for the receipt of voter registration information if that course is made available to the applicant at no cost to the applicant. Clarifies that required reports by elections officers may include information about the identity of, and contact information for, the elections official who is responsible for conducting elections in the jurisdiction.

CA A 1242
Status: Pending
Requires each state agency to submit a summary of actual and project costs, information security costs, and to comply with the policies and procedures issued by the Office of Information Security. Defines state agency for these purposes to mean every state office, officer, department, division, bureau, board, and commission, except for the California State University.

CA A 1376
Status: Pending
Requires the Department of Veterans Affairs to collaborate with specified state agencies to establish a veterans' preference to be applied to employment opportunities within the field of cybersecurity that require a security clearance.

CA A 1469
Status: Pending
Requires the Bureau of Household Goods and Services, in consultation with stake holders, to conduct a review of its accepted trade standards for good and workmanlike repair to determine whether additional regulations need to be Status: Adopted concerning privacy and security implications of connected devices.

CA A 1566
Status: Pending
Establishes the California Cyber Range Pilot Project, under the administration of the California Cybersecurity Institute, to test the overall feasibility of the pilot project through a yearlong, multiphased effort. Requires the pilot project to produce a scalable model for a permanent California Cyber Range Program.

CA S 73
Status: Pending
Makes appropriations for the support of state government for the upcoming fiscal year, including appropriating funds to establish and operate the office of elections cybersecurity. Provides that activities performed by the office shall be designed so as to minimize overlap and in coordination with statewide cybersecurity efforts performed by the California Cybersecurity Integration Center. 

CA S 239
Status: Pending
Requires the prosecution for a felony violation of crimes relating to computer services and systems, as specified, to be commenced within three years after discovery of the commission of the offense, or within three years after the completion of the offense, whichever date is later.

CA SR 54
Status: Adopted
Proclaims the month of October 2019, and every October thereafter, to be National Cybersecurity Awareness Month in the state.

 

Connecticut


CT H 5417
Status: Failed - Adjourned
Establishes a task force to study the use of blockchain technology to manage elector information.

CT H 5989
Status: Failed
Offers protection to certain business data holders in the event of a data breach.

CT H 7321
Status: Failed - Adjourned
Requires the Secretary of the State to appoint an individual to serve in the office of the Secretary of the State in a cyber security role, limits, in certain situations, the type of information provided when voter registration records are provided, requires that each voting tabulator has a certain number of memory cards programmed for use with such tabulator, provides for security analysis of such memory cards by the University of State.

CT H 7424
Status: Enacted, Chap. 117
Concerns the state budget for the upcoming biennium, makes appropriations therefor, implements provisions of the budget. Enacts the "Insurance Data Security Law."

CT S 709
Status: Failed - Adjourned
Creates a division of cyber security within the Department of Emergency Services and Public Protection.

CT S 811
Status: Failed - Adjourned
Increases penalties for computer crimes against financial institutions and their customers.

CT S 903
Status: Failed - Adjourned
Revises the standards governing insurance data and information security, notices following cybersecurity events, and investigations of cybersecurity events.
 

Delaware


DE H 174
Status: Enacted, Chap. 176
Enacts the Insurance Data Security Act. Establishes standards for data security for Title 18 licensees and standards for the investigation of and notification to the Commissioner of a cybersecurity event affecting Title 18 licensees.

DE S 153
Status: Enacted, Chap. 185
Relates to information technology ("IT") recommendations of the Government Efficiency and Accountability Review ("GEAR") Board established by Governor Carney's Executive Order Four; modernizes Chapter 90C of Title 29 of the Delaware Code and authorizes the establishment of a shared it services model for state agencies. Sets forth state information security requirements.

Florida


FL H 327
Status: Enacted, Chap. 2019-37
Relates to public meetings, exempts from public meetings requirements certain exempt information concerning information technology systems held by specified utilities, provides for future legislative review and repeal of the exemption, provides a statement of public necessity.

FL H 735
Status: Failed
Relates to blockchain technology, establishes the Blockchain Working Group in the Department of Management Services, provides for membership and duties of the Working Group, requires the Working Group to submit a report to the Governor and the Legislature and make presentations, requires the Department to provide support staff and other assistance.

FL H 1393
Status: Enacted, Chap. 140
Establishes a Florida Blockchain Task Force to study the ways in which state, county, and municipal governments can benefit from a transition to a blockchain-based system for recordkeeping, security, and service delivery. Provides that the Task Force will develop and submit recommendations concerning the potential for blockchain-based systems to promote government efficiencies, better services for citizens, economic development, and safer cyber-secure interaction between government and the public.

FL H 2249
Status: Failed
Relates to the appropriations project titled Volusia County Schools Cyber Security Program, provides an appropriation.

FL H 2383
Status: Failed
Relates to the Appropriations Project titled Saint Petersburg College - Public Safety and Cybersecurity, provides an appropriation.

FL H 3147
Status: Failed
Relates to the Appropriations Project titled University of West State Cybersecurity Support, provides an appropriation.

FL H 5001
Status: Enacted, Chap. 115
Makes appropriations, including funds to county supervisors of elections for cybersecurity initiatives. 

FL H 5301
Status: Enacted, Chap. 32
Relates to information technology reorganization. Requires a state chief information security officer, who must have experience and expertise in security and risk management for communications and information technology resources, be designated..Creates the Florida Cybersecurity Task Force.

FL H 7047
Status: Enacted, 2019-32
Relates to a review under the Open Government Sunset Review Act, provides a public records exemption for information received by the Department of Legal Affairs pursuant to a notification of a security breach or during the course of an investigation of such breach, removes the scheduled repeal of the exemption.

FL PCB 6047
Status: Failed-adjourned
Relates to a review under the Open Government Sunset Review Act; amending s. 501.171, F.S., which provides a public records exemption for information received by the Department of Legal Affairs pursuant to a notification of a security breach or during the course of an investigation of such breach; removing the scheduled repeal of the exemption.

FL PCB 6089
Status: Failed - adjourned
Relates to information technology reorganization, transfers all powers, duties, functions, records, offices, personnel, associated administrative support positions, property, Status: Pending issues and existing contracts, administrative authority, certain administrative rules, trust funds and unexpended balances of appropriations, allocations, and other funds of the Agency for State Technology to the Department of Management Services by a type two transfer.

FL S 450
Status: Failed
Relates to public meetings, provides an exemption from public meeting requirements for portions of a meeting at which certain exempt records related to the security of the technology, processes, or practices of certain utilities and the security of existing or proposed information technology systems or industrial control systems of certain utilities are discussed or may otherwise be revealed, provides for future legislative review and repeal of the exemption.

FL S 1024
Status: Enacted, Chap. 52
Establishes the State Blockchain Task Force to explore and develop a master plan for fostering the expansion of the blockchain industry in the state, to recommend policies and state investments to help make this state a leader in blockchain technology, and to issue a report, requires the study to include if and how state, county, and municipal governments can benefit from a transition to a blockchain based system for recordkeeping, data security, financial transactions, and service delivery.

FL S 1570
Status: Failed
Relates to information technology reorganization.

FL S 2500
Status: Enacted, Chap. 115
Makes appropriations, including funds to county supervisors of elections for cybersecurity initiatives. 

FL S 7008
Status: Failed
Relates to a review under the Open Government Sunset Review Act, which provides a public records exemption for information received by the Department of Legal Affairs pursuant to a notification of a security breach or during the course of an investigation of such breach, removes the scheduled repeal of the exemption.

FL SPB 7008
Status: Failed-adjourned
Provides a public records exemption for information received by the Department of Legal Affairs pursuant to a notification of a security breach or during the course of an investigation of such breach.

Georgia

GA H 30
Status: Enacted, Chap. 3
Appropriates funds to the Georgia Cyber Innovation and Training Center to enhance cybersecurity technology for private and public industries through unique education, training, research, and practical applications.

GA H 31
Status: Enacted, Chap. 3
Appropriates funds for cybersecurity training and cybersedurity initiatives in schools.

GA H 641
Status: Pending - Carryover
Relates to general provisions regarding the Georgia Bureau of Investigation, so as to grant the Georgia Bureau of Investigation Powers and duties to identify and investigate violations of Article 6 of Chapter 9 of Title 16 of the Official Code of Georgia Annotated, the Georgia Computer Systems Protection Act, and other computer crimes, provides for subpoena power by the bureau for such investigations, provides for related matters, repeals conflicting laws.

GA S 21
Status: Pending - Carryover
Relates to competencies and core curriculum, requires each local board of education to prescribe mandatory instruction concerning cybersecurity in every year in every grade from kindergarten through grade 12, provides for a definition, requires the State Board of Education to prescribe a minimum course of study in cybersecurity, provides for duties of the State School Superintendent.

GA SR 228
Status: Adopted
Recognizes 2019 as Cybersecurity Career Awareness Year in Georgia.

GA E.O. 182
Reconstitutes the Government Systems Cybersecurity Review Board. All Executive Branch agencies shall ensure that employees complete at least one form of cybersecurity training within ninety (90) days of this Executive Order. An employee's failure to comply with this Order shall result in formal disciplinary action, up to and including termination.

 

Hawaii

HI H 1553
Status: Pending--Carryover
Establishes the Hawaii State Fusion Center to, among other things, Integrate information technology, cybersecurity, and cybercrime prevention, and cyber and analytic capabilities, and improve situational awareness related to critical infrastructure or key resources protection of lifelines.

Iowa


IA D 1175
Status: Pending - Carryover
Relates to Secretary of State, elections technical bill.

IA H 39
Status: Pending - Carryover
Relates to student data collection by the Department of Education, school districts, and accredited nonpublic schools.

IA H 692
Status: Enacted
Relates to the conduct of state and local elections, providing penalties, and including effective date elections provisions, provides for penalties for using voter registration information, including resale or redistribution of the voter registration list without written permission of the state registrar, for purposes other than those permitted.

IA HSB 49
Status: Pending - Carryover
Relates to the administration of elections, provides penalties, includes effective date provisions.

IA S 204
Status: Pending - Carryover
Provides for an affirmative defense to certain claims relating to personal information security breach protection.

IA S 575
Status: Pending - Carryover
Relates to the conduct of state and local elections, provides penalties, includes effective date provisions.

IA SSB 1078
Status: Pending - Carryover
Relates to the administration of elections.

IA SSB 1241
Status: Pending - Carryover
Relates to the conduct of state and local elections, provides penalties.
 

Illinois


IL H 2829
Status: Pending
Creates the Financial Institution Cybersecurity Act, provides that persons and entities operating under the authority of the Secretary of Financial and Professional Regulation under the Banking Act, the Insurance Code, the Savings Bank Act, the Credit Union Act, the Corporate Fiduciary Act, and the Residential Mortgage License Act must maintain a cybersecurity program to protect the confidentiality of their information system.

IL H 3017
Status: Pending
Creates the Veterans Cyber Academy Pilot Program Act, provides that the Department of Veterans' Affairs shall establish and implement a pilot program to provide veterans residing in the state with access to cyber security training, certification, apprenticeships, and additional resources to enter the cyber security field of work, provides that the pilot program shall run from January 1, 2021 to December 31, 2023, provides specified requirements to the department in implementing the pilot program.

IL H 3391
Status: Pending
Creates the Security of Connected Devices Act, requires manufacturers of connected devices to equip the device with security features that are designed to protect the device and any information the device contains from unauthorized access, destruction, use, modification, or disclosure.

IL HJR 1
Status: Pending
Extends the sunset date of the operation of the Cybersecurity Task Force, reconstitutes the focus and membership of the Task Force.

IL HJR 2
Status: Pending
Creates the Return Illinois To Prosperity Commission to review and evaluate the creation of a State Bank, provides that the mission of a State Bank would include supporting economic development by increasing access to capital for agriculture, businesses, and industry and providing stability to the local financial sector.

IL S 240
Status: Pending
Creates the Consumer Credit Reporting Agency Registration and Cybersecurity Program Act, provides for requirements for consumer credit reporting agency registration, contains provisions regarding grounds for revocation and suspension of a registration, provides that by a certain date, a consumer credit reporting agency must have a cybersecurity program documented in writing and designed to protect the confidentiality, integrity and availability of its information systems.

IL S 1622
Status: Pending
Amends the Election Code, provides that no voting machine used or purchased by an election authority may be made, manufactured, or assembled outside the United States or constructed with parts made, manufactured, or assembled outside the United States, including, but not limited to, any hardware or software, provides that, in provisions concerning voting machines, precinct tabulation optical scan technology voting systems, and direct recording electronic voting systems,.

IL S 1719
Status: Pending
Creates the Keep Internet Devices Safe Act, provides that a digital device is an internet connected device that contains a microphone, provides that no private entity may turn on or enable a digital device's microphone unless the registered owner or person configuring the device is provided certain notices in a consumer agreement, provides that a manufacturer of a digital device that does not cause to be turned on or otherwise use a digital device's microphone is not subject to the restrictions on its use.

IL S 1863
Status: Pending
Amends the Freedom of Information Act, exempts from disclosure risk and vulnerability assessments, security measures, schedules, certifications, and response policies or plans that are designed to detect, defend against, prevent, or respond to potential cyber attacks upon the State's or an election authority's network systems, or records that the disclosure of which would, in any way, constitute a risk to the proper administration of elections or voter registration.
 

Indiana

IN S 4
Status: Enacted, Public Law 15
Provides that a permit for the discharge from a wastewater treatment plant may not be issued unless the application contains a cybersecurity plan. Excludes the cybersecurity plan from public access.

IN S 558
Status: Enacted, Public Law 157
Relates to election security, requires the Secretary of State to refer suspected criminal violations of election law for investigation by the appropriate prosecuting attorney, establishes an administrative enforcement mechanism for enforcement of election laws other than campaign finance laws, requires the statewide voter registration file to employ two factor authentication to restrict access.

IN S 560
Status: Enacted, Public Law 278
Relates to various election law matters, removes provisions relating to candidates for President of the United States filing ballot placement requests with the secretary of state, provides that the election division annual training conference for county election officials must include information on cybersecurity and physical security practices for the statewide voter registration system, voting systems, and polling places.

IN S 570
Status: Enacted, Public Law 71
Relates to election cyber security, includes a definition of VSTOP voting system technical oversight program in the election code, requires the secretary of state to establish proficiency standards for individuals who are authorized to access the statewide voter registration file, requires such individuals to meet the proficiency standards in order to access the file, requires the county election board to deliver voting systems and electronic poll books to precincts and vote centers.

 

Kansas


KS H 2209
Status: Enacted, Chap. 54
Concerns insurance, relates to life insurance unfair or deceptive acts or practices, third party administrator license and renewal application fees, purchase of cybersecurity insurance, association health plans, and healthcare benefit coverage, establishes the Unclaimed Life Insurance Benefits Act.
 

Kentucky


KY HR 171
Status: Adopted
Urges the Kentucky Cabinet for Economic Development to work with state and federal officials and study the issue of blockchain technology.

KY S 14
Status: Failed - Adjourned
Provides definitions relating to personal information, provides certain personal information that shall be protected from disclosure by a public agency or third party contractor through redaction or other means, provides a list of covered persons, provides guidelines for contracts between a public agency and a third party contractor.

KY S 195
Status: Failed - Adjourned
Requires a manufacturer of a connected device offered for sale in Kentucky to equip the device with reasonable security features appropriate to the nature and function of the device and to the information it may collect, contain, or transmit, and designed to protect the device from unauthorized access, destruction, use, modification, or disclosure, defines authentication, connected device, manufacturer, and unauthorized access, destruction, use, modification, of disclosure.
 

Louisiana


LA H 74
Status: Enacted, Chap. 292
Creates the crime of trespass against state computers, provides for elements of the crime, provides for criminal penalties.

LA H 325
Status: Failed - Adjourned
Prohibits the registrar of voters, clerk of court, and Department of State from disclosing specified computer system information.

LA H 442
Status: Failed - Adjourned
Establishes the State Cyber security and Information Technology Infrastructure Fund, dedicates revenues into the fund.

LA H 448
Status: Failed - Adjourned
Establishes the State Cyber security and Information Technology Infrastructure Fund, dedicates revenues into the fund.

LA H 511
Status: Failed - Adjourned
Creates the Louisiana Cybersecurity Talent Initiative Fund for the purpose of funding degree and certificate programs in cybersecurity Fields and the Cybersecurity Education Management Council to advise relative to the fund.

LA HCR 67
Status: Adopted
Requests Louisiana Economic Development to study cybersecurity issues faced by businesses in compliance with the Cybersecurity Framework Standards promulgated by the National Institute of Standards and Technology.

LA S 46
Status: Enacted, Chap. 292
Authorizes entities to monitor, share, and receive certain information relative to cyber threats, authorizes certain defensive measures, relates to certain security and information controls, provides for confidentiality of certain information.

LA SCR 123
Status: Adopted
Creates a task force to develop and plan a tabletop exercise that tests and strengthens the infrastructure required to combat cyber threats.
 

Massachusetts


MA H 223
Status: Pending
Relates to the security of personal financial information.

MA H 287
Status: Pending
Protects the privacy and security of biometric information.

MA H 2690
Status: Pending
Establishes a task force to study the need for increased cyber security within government agencies.

MA H 2692
Status: Pending
Relates to cybersecurity standards in state contracts or procurements.

MA H 2728
Status: Pending
Provides that state agencies procuring information technology goods or services give preference to vendors that carry cybersecurity insurance.

MA HD 3239
Status: Pending
Updates chapter 93H data security protections to include biometric information.

MA S 315
Status: Pending
Relates to cyber security education in schools.

MA S 1822
Status: Pending
Relates to cybersecurity insurance preference in state contracts.

MA S 1887
Status: Pending
Establishes a Cybersecurity Control and Review Commission.

MA S 2056
Status: Pending
Relates to the cybersecurity of the internet connected devices and autonomous vehicles.
 

Maryland


MD H 211
Status: Failed - Adjourned
Prohibits a person from committing a certain prohibited act with the intent to interrupt or impair the functioning of a health care facility, prohibits a person from knowingly possessing certain ransomware with the intent to use that ransomware for a certain purpose, alters and establishes certain penalties, authorizes a victim of a certain offense to bring a civil action for damages against a certain person, provides for the recovery of attorney's fees and court costs in an action brought under the Act.

MD H 397
Status: Enacted, Chap. 301
Requires the Emergency Number Systems Board to establish certain minimum standards, alters the purposes of the 9-1-1 Trust Fund beginning on a certain date, authorizes the use of money collected from a certain 9-1-1 fee to pay certain costs, alters the amount of and method for calculating the 9-1-1 fee and a certain additional charge.

MD H 711
Status: Failed
Requires an online platform to make reasonable efforts to detect anonymous foreign political communications disseminated through the online platform and prevent the dissemination of anonymous foreign political communications through the online platform, requires an online platform to report certain information to the State Board of Elections within 48 hours after the online platform becomes aware that an anonymous foreign political communication has been disseminated through the online platform.

MD H 716
Status: Failed - Adjourned
Requires certain units of State government to comply with certain standards and guidelines to ensure that the security of all information systems and applications is managed through a certain framework, requires certain units of State government to undertake activities comprising collection, processing, and sharing of personally identifiable information in good faith and in accordance with a certain provision of the Act.

MD H 1315
Status: Enacted, Chap. 455
Alters the locations of the Cyber Warrior Diversity Program in the state, specifies the amounts and uses of grants provided under the Program, alters the date by which governing entities must notify the State Higher Education Commission regarding enrollment.

MD S 151
Status: Failed - Adjourned
Prohibits a person from committing a certain prohibited act with the intent to interrupt or impair the functioning of a health care facility, prohibits a person from knowingly possessing certain ransomware with the intent to use that ransomware for a certain purpose, alters and establishes certain penalties, authorizes a victim of a certain offense to bring a civil action for damages against a certain person, provides for the recovery of attorney's fees and court costs in an action brought under the Act.

MD S 339
Status: Enacted, Chap. 302
Requires a certain custodian of records to deny inspection of the part of a 9-1-1 communications record that depicts certain information, subject to a certain exception, requires the Emergency Number Systems Board to establish certain minimum standards, alters the purposes of the 9-1-1 Trust Fund beginning on a certain date, authorizes the use of money collected from a certain 9-1-1 fee to pay certain costs, alters the amount of and method for calculating the 9-1-1 fee and a certain additional charge.

MD S 384
Status: Failed - Adjourned
Requires the State Board of Elections to adopt regulations that describe best practices for storage and security of voter registration information by certain persons, requires a person who has received a list of registered voters to disclose a breach in the secure storage of the voter registration information to the State Administrator of Elections as soon as possible after becoming aware of the breach.

MD S 432
Status: Enacted, Chap. 454
Alters the locations of the Cyber Warrior Diversity Program in the State, specifies the amounts and uses of certain grants provided under the Program, alters the date by which certain governing entities must notify the state Higher Education Commission regarding certain enrollment, requires the Commission to allocate certain funds to certain entities on a certain basis.

MD S 581
Status: Enacted, Chap. 211
Extends certain benefits under the More Jobs for Marylanders Program to businesses that locate or expand in opportunity zones in the state, alters the calculation the Governor shall use in determining the amount to include in the budget Reserve Fund, alters the information required to be contained in a certain report on the Tax Credit, provides for the heritage structure rehabilitation tax credit, provides for workforce housing projects.

MD S 726
Status: Failed - Adjourned
Alters a certain definition under the State income tax credit for the purchase of cybersecurity technology or services to repeal a prohibition on a qualified buyer having 50 or more employees, applies the Act to all tax credit certificates issued after June 30, 2019.

Michigan

MI H 4348
Status: Pending
Provides executive recommendations for omnibus bill, including funding for improvement of the state's cybersecurity framework.

MI S 205
Status: Pending
Provides executive recommendations for omnibus bill, including funding for cybersecurity.

Minnesota


MN H 14
Status: Pending - Carryover
Relates to elections, transfers and appropriates money for purposes of the Help America Vote Act, improves the administration and security of elections as authorized by federal law, including but not limited to modernizing, securing, and updating the statewide voter registration system and for cybersecurity upgrades as authorized by federal law, improving accessibility, preparing training materials, and training local election officials.

MN H 17
Status: Pending - Carryover
Appropriates money from the Help America Vote Act account for certain authorized purposes, provides for the purposes of modernizing, securing, and updating the statewide voter registration system and for cybersecurity upgrades as authorized by federal law.

MN H 102
Status: Pending - Carryover
Relates to public safety, expands crime of unauthorized computer access to include accessing a computer without penetrating security system.

MN H 1833
Status: Pending - Carryover
Modifies and establishes various provisions governing energy policy and finance, strengthens requirements for clean energy and energy conservation in the state, appropriates money, requires reports.

MN H 1949
Status: Pending - Carryover
Relates to state government, requires consideration of cloud computing service options in state agency information technology projects, requires technology infrastructure inventories and security risk assessments, requires completion of the consolidation of information technology services and a strategic workplan, requires a consolidation surcharge for certain agencies, mandates reports, defines terms.

MN H 2087
Status: Pending - Carryover
Relates to the operation of state government, appropriates money for the legislature, the governor's office, state auditor, attorney general, secretary of state, certain agencies, boards, and councils, changes provisions for administrative law judge salaries, revolving loan fund, cemeteries, and MERF.

MN H 2524
Status: Pending - Carryover
Relates to the secretary of state, creates a technology and cybersecurity account, provides for technology and cybersecurity maintenance.

MN H 2681
Status: Pending - Carryover
Relates to utilities, provides access rights to energy usage data maintained by utilities.

MN H 2721
Status: Pending - Carryover
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments.

MN H 2743
Status: Pending - Carryover
Relates to courts, increases certain court related fees, establishes a cyber security fee.

MN S 241
Status: Failed
Relates to state government, requires the use of reports produced by the statewide voter registration system, appropriates money from the Help America Vote Act account for certain authorized purposes, including cybersecurity upgrades.

MN S 1264
Status: Pending - Carryover
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments.

MN S 2097
Status: Pending - Carryover
Relates to state government, requires consideration of cloud computing service options in state agency information technology projects, requires technology infrastructure inventories and security risk assessments, requires completion of the consolidation of information technology services and a strategic workplan, requires a consolidation surcharge for certain agencies, mandates reports.

MN S 2726
Status: Pending - Carryover
Relates to the operation of state government, appropriates money for the Legislature, the Governor's office, State Auditor, Attorney General, Secretary of State, certain agencies, boards, and councils, changes provisions for administrative law judge salaries, revolving loan fund, cemeteries, and MERF.

MN H 3 a
Status: Failed - Adjourned
Relates to public safety, modifies certain provisions relating to public safety, courts, corrections, sexual offenders, predatory offenders, vehicle operations, and firefighters, provides for a task force and working group, requires reports, provides for criminal penalties, appropriates money for courts, public safety, sentencing guidelines, corrections, human rights, Peace Officer Standards and Training Board, Private Detective Board, Guardian ad Litem Board, and Uniform Laws Commission.

MN H 8 a
Status: Failed - Adjourned
Relates to the operation of state government, appropriates money for the legislature, the governor's office, state auditor, attorney general, secretary of state, and certain agencies, boards, councils, and retirement funds, changes provisions in state government operations, makes state payment terminology changes, adds provisions for presidential nomination primary, changes provisions for information technology, military and veterans affairs policy, gambling control board, and racing commission.

MN S 10a
Status: Enacted, Chap. 10
Appropriates money for government, including funds for enhancements to cybersecurity across state government and for elections cybersecurity upgrades.

Missouri


MO H 917
Status: Failed - Adjourned
Modifies provisions relating to elections.
 

Mississippi


MS H 613
Status: Failed
Exempts certain information technology records from the Mississippi Public Records Act, conforms to the provisions of this Act.

MS H 911
Status: Failed
Establishes the insurance data security law, provides the purpose and intent of the act, defines certain terms used in the act, requires insurance licensees in this state to develop, implement and maintain an information security program, requires certain investigation of a cyber security event, requires certain notification of a cyber security event, provides for certain confidentiality, provides exceptions to the act, provides for penalties for violations of the act.

MS S 2046
Status: Enacted
Exempts from the Public Records Act certain information technology related information that, if disclosed, could allow unauthorized access to the State's IT assets.

MS S 2768
Status: Failed
Authorizes and directs the Mississippi Department of Education to implement a mandatory k-12 computer science curriculum based on the Mississippi College and Career Readiness Standards for computer science which includes instruction in, but not limited to, computational thinking, cyber related, programming, cyber security, data science, robotics, and other computer science and cyber related content.

MS S 2831
Status: Enacted
Establishes the Insurance Data Security Law, provides the purpose and intent of the Act, defines certain terms used in the Act, requires insurance licensees in this state to develop, implement and maintain an information security program, requires certain investigation of a cybersecurity event, requires certain notification of a cybersecurity event, provides for certain confidentiality, provides exceptions to the Act, provides for penalties for violations of the Act.
 

Montana


MT D 1858
Status: Failed
Revises cybersecurity laws, relates to information technology.

MT H.B. 2
Status: Enacted, Chap. 483
Appropriates money to various state agencies for the upcoming biennium, including funding for next generation antivirus software; cybersecurity staff; cybersecurity student programs; web application firewall; e-mail security gateway; security information and event management; analytics-driven security and continuous monitoring for threats; governance, risk, and compliance software; enterprise risk assessment; digital forensics lab; source code repository; security orchestration, automation and response; and outsourced professional services. Also provides that the State Information Technology Services Division shall report to the legislative finance committee quarterly on the Montana Cybersecurity Enhancement Project.


MT H 305
Status: Enacted, Chap. 184
Revises the definition of state duty for special work by Montana National Guard personnel, provides state duty for special work is limited to existing provisions in preparation for declarations of emergencies and disasters and cyber security operations.

 

North Carolina


NC H 217
Status: Enacted, Chap. 200
Makes miscellaneous and technical changes to the statutes relating to the Department of Information Technology, amends various statutes relating to state agency cybersecurity, amends various statutes relating to the Emergency Telephone Service and the 911 Board.

NC H 904
Status: Pending
Amends the identity theft protection act.

NC H 911
Status: Pending
Directs the Department of Information Technology to study and assess the threat of foreign technologies in state owned computer systems.

NC S 542
Status: Pending
Pertains to the cyber security regional training center.

NC S 666
Status: Pending
Appropriates funds for improved cyber security education and robotics education in school districts.
 

North Dakota


ND H 1048
Status: Enacted, Chap. 469
Relates to the use of distributed ledger technologies, requires the Department of Information Technologies to research and develop the use of distributed ledger enabled platform technologies, such as blockchains, for computer controlled programs, data transfer and storage, and program regulation to protect against falsification, improve internal data security, and identify external hacking threats.

ND HCR 3004
Status: Adopted
Provides for a study of the potential benefits of blockchain technology in state government administration and affairs, including the cost-effectiveness and increased security of utilizing a blockchain technology electronic voting system.


ND S 2015
Status: Enacted, Chap. 40
Provides an appropriation for defraying the expenses of the various divisions under the supervision of the director of the office of management and budget.

ND S 2110
Status: Enacted, Chap. 468
Expands the powers and duties of the Information Technology Department to oversee cybersecurity strategy for all executive branch state agencies, including institutions under the control of the State Board of Higher Education, counties, cities, school districts, or other political subdivisions.

ND S 2209
Status: Enacted, Chap. 375
Relates to protection for records related to critical infrastructure and security planning, mitigation, or threats.

ND S 2340
Status: Enacted, Chap. 370
Revises provisions relating to the protection and confidentiality of records regarding emergency planning and response.

 

Nebraska


NE L 351
Status: Pending
Provides for school district levy and bonding authority for cybersecurity and violence prevention.

Nevada

S.B. 21
Status: Failed
Relates to cybersecurity; enacts the Insurance Data Security Law; requires certain licensees with licenses or other authorizations related to the provision and administration of insurance to develop, implement and maintain an information security program that meets certain requirements; establishes requirements for the selection and oversight of third-party service providers by such licensees.

S.B. 123
Status: Enacted, Chap. 546
Enacts provisions governing the security and integrity of elections, including requiring an annual training class on cybersecurity for those who administer elections. Provides that any records of the Secretary of State or county or city clerk relating to the security of an election information system, including records relating to the prevention of a threat or attack on the security of an election information system, are confidential and not public records and may be disclosed only under certain limited circumstances.

 

New Hampshire


NH H 25
Status: Enacted, Chap. 146
Makes appropriations for capital improvements for the biennium and extends certain lapse dates for previous appropriations.

NH H 329
Status: Enacted, Chap. 54
Permits a school board to review and adopt a data security plan at a non-public meeting.

NH LSR 570
Status: Pending
Relates to review and adoption of school data security plans.

NH LSR 781
Status: Failed
Establishes the insurance data security law.

NH LSR 923
Status: Pending
Relates to the insurance data security law.

NH S 194
Status: Enacted, Chap. 309
Establishes the Insurance Data Security Law, updates and establishes standards for protection of consumers' non public information, requirements for investigation of a breach and notification to the Commissioner and consumers in the event of cyber security breaches relating to consumers' nonpublic information.
 

New Jersey


NJ A 730
Status: Pending
Clarifies crime of unlawful access concerning certain password protected communications in electronic storage.

NJ A 1766
Status: Pending
Requires certain persons and business entities to maintain comprehensive information security program.

NJ A 2355
Status: Pending
Concerns debarment of contractors for conviction of certain computer related crimes.

NJ A 3542
Status: Pending
Requires state, county, and municipal employees and certain state contractors to complete cybersecurity awareness training.

NJ A 3546
Status: Pending
Directs Rutgers Discovery Informatics Institute, the Office of Information Technology, and Big Data Alliance to develop an advanced cyber infrastructure strategic plan, appropriates funds.

NJ A 3613
Status: Pending
Revises provisions relating to the State Blockchain Initiative Task Force, requires the Task Force to study whether state, county, and municipal governments can benefit from a transition to a blockchain-based system for recordkeeping and service delivery.

NJ A 3659
Status: Pending
Requires Economic Development Authority to establish program offering low-interest loan to certain financial institutions and personal data businesses to protect business's information technology system from customer personal information disclosure.

NJ A 3922
Status: Pending
Requires state employees to review best cybersecurity practices.

NJ A 3983
Status: Pending
Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks.

NJ A 4247
Status: Pending
Concerns information security standards and guidelines for State and local government.

NJ A 4854
Status: Pending
Directs New Jersey Cybersecurity and Communications Integration Cell to develop cybersecurity prevention and awareness materials for businesses and to establish electronic mail fraud Internet website.

NJ A 4976
Status: Pending
Directs New Jersey Cyber security and Communications Integration Cell to develop cyber security prevention best practices and awareness materials for consumers in this state.

NJ A 5035
Status: Pending
Requires state election officials to coordinate with relevant federal officials regarding election security.

NJ A 5467
Status: Pending
Creates affirmative defense for certain breaches of security.

NJ AJR 54
Status: Pending
Designates October of each year as Cyber Security Awareness Month.

NJ AJR 86
Status: Pending
Urges Secretary of State to assure Legislature and public that State's electoral system is protected from foreign computer hackers.

NJ AR 194
Status: Pending
Urges Congress to appropriate additional federal funds to upgrade voting equipment and systems to address vulnerabilities to cyber attacks.

NJ S 998
Status: Pending
Requires Economic Development Authority (EDA) to establish program offering low-interest loan to certain financial institutions and personal data businesses to protect business's information technology system from customer personal information disclosure.

NJ S 1249
Status: Pending
Clarifies crime of unlawful access concerning certain password protected communications in electronic storage.

NJ S 2297
Status: Enacted, Chap. 213
Revises provisions relating to the State Blockchain Initiative Task Force, relates to a study as to whether state, county, and municipal governments can benefit from a transition to a blockchain system for recordkeeping and service delivery, modifies membership of the Task Force.

NJ S 2692
Status: Pending
Requires certain persons and business entities to maintain a comprehensive information security program.

NJ S 3153
Status: Pending
Requires certain businesses to notify data subjects of collection of personally identifiable information and establishes certain security standards.

NJ S 3344
Status: Pending
Requires state election officials to coordinate with relevant federal officials regarding election security.

NJ S 3436
Status: Pending
Directs State Cybersecurity and Communications Integration Cell to develop cybersecurity prevention and awareness materials for businesses and to establish electronic mail fraud internet website.

NJ S 3488
Status: Pending
Directs State Cybersecurity and Communications Integration Cell to develop cybersecurity best practices and awareness materials for consumers in this State.

NJ S 3673
Status: Pending
Directs State Cybersecurity and Communications Integration Cell, Office of Information Technology, and State Big Data Alliance to develop an advanced cyberinfrastucture strategic plan.

NJ S 3738
Status: Pending
Requires State employees to receive best cybersecurity practices.

NJ S 3836
Status: Pending
Creates affirmative defense for certain breaches of security.

NJ SJR 22
Status: Pending
Urges Secretary of State to assure Legislature and public that State's electoral system is protected from foreign computer hackers.

NJ SR 113
Status: Pending
Urges Congress to appropriate additional federal funds for election security and voting equipment purposes.

NJ SJR 134
Status: Pending
Designates October of each year as Cyber Security Awareness Month.

 

New Mexico


NM H 7
Status: Enacted, Chap. 60
Relates to higher education, creates centers of excellence at higher education institutions to promote development in the cybersecurity, sustainable agriculture, and renewable energy industries, and bioscience.
 

Nevada


NV A 33
Status: Failed
Revises provisions relating to the governance and oversight of information services for state agencies.

NV S 21
Status: Failed
Relates to cybersecurity, enacts the Insurance Data Security Law, requires certain licensees with licenses or other authorizations related to the provision and administration of insurance to develop, implement and maintain an information security program that meets certain requirements, establishes requirements for the selection and oversight of third-party service providers by such licensees.

NV S 69
Status: Enacted, Chap. 392
Revises provisions relating to emergencies and cybersecurity.

NV S 123
Status: Enacted, Chap. 546
Revises provisions relating to elections.

NV S 237
Status: Failed
Revises provisions relating to the security of elections.

NV S 302
Status: Enacted, Chap. 412
Revises provisions relating to personal information collected by governmental agencies.
 

New York


NY A 291
Status: Pending
Directs the commissioner of the division of homeland security and emergency services to work with other experts who maintain experience and knowledge in the area of cyber security to develop a cyber security action plan for New York state.

NY A 465
Status: Pending
Enacts the Personal Information Protection Act, establishes a personal information bill of rights requiring parties having custody of residents personal identifying information to ensure the security thereof, provides for the approval of programs to secure personal identifying information by the office of information security, requires the notification of the division of state police and the subjects of information upon the breach of such information, directs the office of technology services to/.

NY A 914
Status: Pending
Amends the Penal Law, relates to creating the crime of cyberterrorism and calculating damages caused by computer tampering, provides that cyberterrorism shall be a class B felony.

NY A 1185
Status: Pending
Amends the Insurance Law, authorizes continuing care retirement communities to adopt a written cybersecurity policy, requires such policies to be self certified and approved by the superintendent.

NY A 1351
Status: Pending
Directs the state board of elections to study and evaluate the use of blockchain technology to protect voter records and election results.

NY A 1729
Status: Pending
Establishes a commission to study the European Union's general protection data regulation and the current state of cyber security in the state.

NY A 2124
Status: Pending
Creates specific computer crimes as well as increasing penalties for crimes committed with the aid of a computer, provides for civil relief in cases of pornography on the internet, and penal sanctions in such cases.

NY A 2229
Status: Pending
Requires manufacturers of connected devices to equip such devices with reasonable security features.

NY A 4884
Status: Pending
Relates to creating the Modernized Voter Registration Act of New York, modernizes voter registration, promotes access to voting for individuals with disabilities, protects the ability of individuals to exercise the right to vote in elections for local and state office, makes an appropriation therefor.

NY A 6514
Status: Pending
Establishes the offenses of phishing in the third degree, phishing in the second degree and phishing in the first degree, relates to the time in which prosecution of such offenses must be commenced.

NY A 7682
Status: Pending
Relates to critical utility infrastructure security and responsibility, relates to the protection of critical infrastructure in the state, provides that an electric or gas corporation or municipality shall not share, disclose or otherwise provide access to a customer's electrical or gas consumption data.

NY A 7913
Status: Pending
Removes the economic harm requirement from the felony commercial bribery statutes, expands the crime of larceny to include theft of personal identifying information, computer data, computer programs, and services, to adapt to modern technological realities, provides state jurisdiction and county venue over cases involving larceny of personal identifying information, computer data, and computer programs, where the victim is located in the state or the county.

NY S 229
Status: Pending
Amends the Penal Law, relates to computer tampering.

NY S 394
Status: Pending
Amends the Penal Law, elevates all computer tampering offenses by one degree in severity.

NY S 2475
Status: Pending
Relates to computer related crimes.

NY S 3172
Status: Pending
Establishes the offenses of phishing in the third degree, phishing in the second degree and phishing in the first degree, relates to the time in which prosecution of such offenses must be commenced.

NY S 3625
Status: Pending
Amends the Insurance Law, promotes competitive property and casualty insurance markets for business to business insurance transactions.

NY S 3973
Status: Pending
Requires manufacturers of connected devices to equip such devices with reasonable security features.

NY S 4012
Status: Pending
Relates to the use of voice recognition features on certain products.

NY S 4273
Status: Pending
Amends the Penal Law, relates to creating the crime of cyberterrorism and calculating damages caused by computer tampering, cyberterrorism shall be a class B felony.

NY S 4444
Status: Pending
Establishes the computer security act, addressing the widespread problem of spyware, makes it illegal for third parties to knowingly and deceptively cause computer software to be copied onto personal computers that changes the computer users settings without permission, prevents users from resetting computers to the original preferences or removing third party software, secretly collects information about internet searches, disables the computers security software or causes related disruptive activities.

NY S 4744
Status: Pending
Establishes a commission to study the European Unions general protection data regulation and the current state of cyber security in the state.

NY S 5222
Status: Pending
Removes the specified amount economic harm requirement from the felony commercial bribery statutes, expands the crime of larceny to include theft of personal identifying information, computer data, computer programs, and services, to adapt to modern technological realities, provides state jurisdiction and county venue over cases involving larceny of personal identifying information, computer data, and computer programs, where the victim is located in the state or the county.

NY S 5575B
Status: Enacted
Requires businesses have in place reasonable data security for private information, with a more flexible standard for small businesses, without creating new requirements for entities subject to existing or future regulations by any federal or other New York State government entity. Deems failure to provide required reasonable data security to be a violation of section 349 of the General Business Law, permitting the attorney general to bring suit but not any private plaintiff.

NY S 6036
Status: Pending
Directs the state board of elections to study and evaluate the use of blockchain technology to protect voter records and election results.

NY S 6195
Status: Pending
Relates to critical utility infrastructure security and responsibility, relates to the protection of critical infrastructure in the state, provides that an electric or gas corporation or municipality shall not share, disclose or otherwise provide access to a customer's electrical or gas consumption data.

 

Ohio


OH S 52
Status: Enacted
Creates the Civilian Cyber Security Reserve Forces, requires the Secretary of State as a member of the Homeland Security Advisory Council, requires the Secretary to appoint a Chief Information Security Officer, requires the Boards of Elections to audit election results, makes an appropriation.

OH H 166
Status: Enacted, Chap. 10
Provides funding for cybersecurity initiatives, including for the establishment of a cyber range. The cyber range shall: (1) provide cyber training and education to K-12 students, higher education students, Ohio National Guardsmen, federal employees, and state and local government employees, and (2) provide for emergency preparedness exercises and training. 

 

Oklahoma


OK H 2146
Status: Pending - Carryover
Creates a credit against income tax for qualified software or cybersecurity employees.

OK H 2759
Status: Enacted, Chap. 483
Relates to revenue and taxation, provides for certain qualified employers to make application to the Tax Commission, provides for income tax credit, specifies tax credit amount, imposes limitation on taxable years for which tax credit may be claimed, prohibits reduction of tax liability to less than zero, authorizes qualified employers to participate in designated economic incentives.

OK S 261
Status: Enacted, Chap. 163
Relates to election security, relates to the security of election materials, coercion, and election emergencies, authorizes post election audits for certain purposes, provides procedures, specifies the duties of the Secretary of State Election Board and the Secretary of County Election Board, specifies requirements relating to office space and arrangements for county election boards, prohibits providing false or misleading information to prevent registration or voting.

OK S 584
Status: Enacted, Chap. 331
Relates to public finance, relates to security risk assessments, establishes requirements for information security audit conducted by certain firm under certain basis, requires Information Services Division to assist in repairing vulnerabilities, provides an exception for certain agencies subject to certain mandatory cybersecurity standards, requires submission of information security audit findings, modifies requirement for submission of findings within certain time.

OK S 746
Status: Pending - Carryover
Relates to income tax credits, establishes tax credits for certain software or cybersecurity employees, provides a specified amount for the credit, imposes a maximum number of taxable years for which the credit may be claimed, prohibits the use of the credit to reduce tax liability below a certain amount, provides for certain qualified employers to make application to the State Tax Commission.
 

Oregon


OR H 2395
Status: Enacted, Chap. 193
Requires person that manufactures, sells or offers to sell connected device to equip connected device with reasonable security features that protect information that connected device collects, contains, stores or transmits from access, destruction, modification, use or disclosure that consumer does not authorize.

OR H 3109
Status: Failed
Directs Oregon Business Development Department to study tax incentives for cyber security businesses and to report its findings to interim legislative committees related to economic development.

OR H 3233
Status: Failed
Establishes program to improve cyber security of systems used to administer elections by encouraging independent technical experts, in cooperation with state election officials, local government election officials and election service providers, to identify and report election cyber security vulnerabilities.

OR S 818
Status: Failed
Establishes program to improve cybersecurity of systems used to administer elections by encouraging independent technical experts, in cooperation with state election officials, local government election officials and election service providers, to identify and report election cybersecurity vulnerabilities.

OR SCR 4
Status: Failed
Declares policy of the state concerning cybersecurity risks and need for proactive cybersecurity risk management.
 

Pennsylvania


PA H 140
Status: Pending
Provides appropriations from the General Fund for the expenses of the Executive, Legislative and Judicial Departments of the Commonwealth, the public debt and the public schools for the fiscal year July 1, 2019, to June 30, 2020, and for the payment of Bills incurred and remaining unpaid at the close of the fiscal year ending June 30, 2019, provides appropriations from special funds and accounts to the Executive and Judicial Departments.

PA H 225
Status: Pending
Amends the act, known as The Administrative Code of 1929, in organization of departmental administrative boards and commissions and of advisory boards and commissions, provides for Cyber security Innovation Commission.

PA S 487
Status: Pending
Amends the act of December 22, 2005, known as the Breach of Personal Information Notification Act, provides for title of act, for definitions and for notification of breach, prohibits employees of the Commonwealth from using nonsecured Internet connections, provides for Commonwealth policy and for entities subject to the Health Insurance Portability and Accountability Act of 1996.

PA S 810
Status: Pending
Relates to boards and offices; provides for information technology; establishes the Office of Information Technology and the Information Technology Fund; provides for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee; imposes duties on the Office of Information Technology; imposes penalties.

Rhode Island


RI H 5480
Status: Failed--adjourned
Establishes that manufacturers of devices capable of connecting to the Internet equip the devices with reasonable security features.

RI H 5987
Status: Failed--adjourned
Criminalizes accessing the user account of another person without consent for the purpose of viewing or using information maintained on any electronic database, website, or account, with each instance constituting a separate offense.

RI S 537
Status: Failed--adjourned
Establishes that manufacturers of devices capable of connecting to the Internet equip the devices with reasonable security features.

 

South Carolina


SC H 4293
Status: Pending - Carryover
Establishes the state Election Security Council, provides for the council's composition, duties, powers, and responsibilities, provides that after the effective date of this act, all voting systems used in the state shall utilize a paper based system using paper ballots tabulated by optical scanners as the ballot of record, requires the General Assembly to appropriate the funds necessary to purchase the voting systems required by this section.

SC S 374
Status: Pending - Carryover
Establishes the state Election Security Council, provides for the council's composition, duties, powers, and responsibilities, provides that after the effective date of this act all voting systems used in the state shall utilize a paper-based system using paper ballots tabulated by optical scanners as the ballot of record, requires the general assembly to appropriate the funds necessary to purchase the voting systems required by this section.
 

Texas


TX H 1
Status Enacted, Chap. 1353
Provides for appropriations for cybersecurity.

TX H 350
Status: Failed - Adjourned
Relates to the composition of the cybersecurity council.

TX H 351
Status: Failed - Adjourned
Relates to emergency management for cyber attacks against this state.

TX H 904
Status: Failed - Adjourned
Relates to requiring The University of Texas at San Antonio to conduct a study regarding cyber attacks against financial institutions in this state.

TX H 1421
Status: Enacted, Chap. 1069
Relates to cybersecurity of voter registration lists and other election-related documents, systems, and technology, provides that the secretary of state shall adopt rules defining classes of protected election data and establishing best practices for identifying and reducing risk to the electronic use, storage, and transmission of election data and the security of election systems.

TX H 2401
Status: Failed - Adjourned
Relates to the requirement that state agency employees complete cyber security awareness training.

TX H 2591
Status: Failed - Adjourned
Relates to a cybersecurity monitor for certain electric utilities.

TX H 2689
Status: Failed - Adjourned
Relates to the designation of a cybersecurity coordinator by each school district.

TX H 2984
Status: Enacted, Chap. 1149
Revises provisions relating to the essential knowledge and skills of the technology applications curriculum, establishes the Computer Science Strategic Advisory Committee to increase computer science instruction and participation in public schools.

TX H 3377
Status: Failed - Adjourned
Relates to a cyber security monitor for certain electric utilities.

TX H 3834
Status: Enacted, Chap. 1308
Revises provisions relating to the requirement that certain state and local government employees and state contractors complete a cybersecurity training program certified by the State Cybersecurity Coordinator.

TX H 4214
Status: Failed - Adjourned
Relates to matters concerning governmental entities, including cyber security, governmental efficiencies, information resources, and emergency planning.

TX H 4539
Status: Failed - Adjourned
Relates to elections.

TX H 4597
Status: Failed - Adjourned
Relates to cybersecurity of state agencies.

TX HR 2180
Status: Adopted
Appropriates funds for the purpose of providing security vulnerability and penetration testing services and information security assessments to state agencies and institutions of higher education.

TX S 1
Status Failed-adjourned.
Provides for appropriations for cybersecurity.

TX S 9
Status: Failed - Adjourned
Relates to election integrity, increases criminal penalties, creates a criminal offense, creates civil penalties.

TX S 64
Status: Enacted
Establishes strategies to incentivize cybersecurity degree programs, provides for the coordination of cybersecurity coursework development, revises provisions relating to information sharing, requires the State Cybersecurity Coordinator to develop best practices for cybersecurity, provides for cybersecurity coordination programs for utilities.

TX S 820
Status: Enacted, Chap. 605
Requires a school district to develop and maintain a cybersecurity framework.

TX S 936
Status: Enacted, Chap. 610
Revises provisions relating to the Cybersecurity Monitor Program for electric utilities, requires the Public Utilities Commission to contract with an entity to act as the Commission's Cybersecurity Monitor, authorizes an electric utility, municipally owned utility, or electric cooperative to participate or discontinue participation in the Cybersecurity Monitor Program.

TX S 1779
Status: Failed - Adjourned
Relates to security for state agency information and information technologies.

TX S 1785
Status: Failed - Adjourned
Relates to the composition of the cybersecurity council.

TX S 1985
Status: Failed - Adjourned
Relates to the regulation of certain health organizations certified by the State Medical Board, provides an administrative penalty.

 

Virginia

VA H 1700
Status: Enacted, Chap. 854
Amends the Budget Bill. provides funding for cybersecurity programs.

VA H 2178
Status: Enacted, Chap. 426
Relates to the voter registration system, relates to security plans and procedures, relates to remedy security risks, directs the State Board of Elections to promulgate regulations and standards necessary to ensure the security and integrity of the voter registration system and the supporting technologies utilized by the counties and cities to maintain and record registrant information, requires local electoral boards to develop and update annually written plans.

VA H 2332
Status: Enacted, Chap. 399
Requires the State Corporation Commission to convene a stakeholder group on consumer data protection issues.

VA H 2519
Status: Failed
Relates to Virginia Information Technologies Agency, relates to a cybersecurity task force, establishes a cybersecurity task force to assist the Chief Information Officer (CIO) of the Virginia Information Technologies Agency in developing policies, standards, and guidelines applicable to the Commonwealth's executive, legislative, and judicial branches and independent agencies for assessing security risks, determining the appropriate security measures and performing security audits.

VA H 2534
Status: Failed
Relates to Virginia Information Technologies Agency, relates to required information security training program for state employees, requires the Chief Information Officer of the Virginia Information Technologies Agency to develop and annually update a curriculum and materials for training all state employees in information security awareness and in proper procedures for detecting, assessing, reporting, and addressing information security threats by November 1, 2019.

VA H 2787
Status: Failed
Relates to state voter registration system, relates to security plans and procedures, relates to remedying security risks.

VA H 2793
Status: Failed
Relates to cybersecurity, relates to care and disposal of customer records, relates to security for connected devices, requires any business to take all reasonable steps to dispose of, or arrange for the disposal of, customer records within its custody or control containing personal information when the records are no longer to be retained by the business by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or undecipherable.

VA HJR 628
Status: Failed
Relates to Virginia Freedom of Information Advisory Council, relates to threat of phishing attacks, relates to reporting, directs the Virginia Freedom of Information Advisory Council (FOIA Council) to study the threat of phishing attacks on citizens and public employees whose contact and private information is legally obtained as a result of a Freedom of Information Act (FOIA) request, provides that the study further directs the FOIA Council to examine the current FOIA provisions.

VA S 966
Status: Enacted, Chap. 296
Relates to electric utility regulation, provides for grid modernization and energy efficiency programs, provides for rate review proceedings and transitional rate periods, provides for energy storage facilities, relates to electric distribution grid transformation projects, and wind and solar generation facilities, relates to coal combustion by product management, relates to undergrounding electrical transmission lines, relates to fuel factor.

VA S 1233
Status: Enacted, Chap. 302
Relates to the administration of government, prohibits public bodies from using products and services provided by Kaspersky Lab, requires the State Information Technologies Agency to review statewide procedures for implementing such a prohibition and to prepare a report with recommendations for the Governor and General Assembly.

VA H 5001a
Status: Enacted, Chap. 1
Revises the budget bill; makes appropriations to various state agencies and programs, including cybersecurity programs.

VA H 5002a
Status: Enacted, Chap. 2
Revises the budget bill; makes appropriations to various state agencies and programs, including cybersecurity programs.

Vermont


VT H 135
Status: Enacted, Chap. 49
Relates to the authority of the Agency of Digital Services.

VT H 157
Status: Pending - Carryover
Relates to adopting minimum security standards for connected devices.

VT S 110
Status: Pending - Carryover

Requires a report concerning the three branches of state government and the management of personally identifiable information. Relates to security of student information.

Washington


WA H 1109
Status: Enacted, Chap. 415
Makes operating appropriations for the upcoming biennium, including appropriations for the office of cybersecurity.

WA H 1126
Status: Enacted, Chap. 205
Enables electric utilities to prepare for the distributed energy future, proposes monitoring, control, and metering upgrades that are supported by a business case identifying how those upgrades will be leveraged to provide net benefits for customers, provides for cybersecurity and data privacy practices to the changing distribution system and the internet of things, including an assessment of the costs associated with ensuring customer privacy.

WA H 1251
Status: Pending - Carryover
Concerns security breaches of election systems or election data including by foreign entities.

WA H 1840
Status: Pending - Carryover
Concerns the removal of payment credentials and other sensitive data from state data networks.

WA H 2111
Status: Pending - Carryover
Concerns enhancing cybersecurity by eliminating the return of ballots by fax and email.

WA S 5153
Status: Pending - Carryover
Makes 2019-2021 biennium operating appropriations, including for the office of cyber security.

 

West Virginia


WV H 2452
Status: Enacted, Act 123
Creates the West Virginia cybersecurity office, relates to cybersecurity of state government, removes the requirements of the Chief Technology Officer to oversee security of government information, creates the Cybersecurity Office, provides that the Chief Information Security Officer to oversee the Cybersecurity Office, authorizes the Chief Information Security Officer to create a cybersecurity framework, to assist and provide guidance to agencies in cyber risk strategy.

WV S 314
Status: Failed - Adjourned
Relates to cybersecurity of state government.
 

Puerto Rico


PR H 92
Status: Pending - Carryover
Creates the Investigative Cyber Crimes Unit under the Department of Justice which will be in charge of investigating and prosecuting serious and less serious crimes and/or misdemeanors related to the right to privacy, ownership, identity and security in commercial transactions, when committed using electronic means, such as the Internet and the computer.

PR HR 246
Status: Adopted
Orders the House Committee on Public Security to investigate the feasibility of establishing a forensic laboratory in cyber crimes, similar to that of the Immigration and Customs Enforcement, which provides primary services to state agencies.

PR HR 367
Status: Pending - Carryover
Orders the House Committee on Public Safety to assess the feasibility of establishing a forensic laboratory in cyber crimes, similar to that of the Immigration and Customs Enforcement, which provides services exclusively to state agencies.

PR HR 257
Status: Pending - Carryover
Orders the House Committees on Finance and Public Security to investigate the information systems of the Department of the Treasury, its maintenance and the reasons for a cyber virus that caused on Monday, January 6 of 2017 the Department of the Treasury to raise about $20 million, determines if the information from taxpayers and the government hosted on the servers of the Department of the Treasury was affected as a result of this cyber virus.

PR HR 475
Status: Pending - Carryover
Orders the House Committee on Public Safety to research the practices and policies of cyber security and of the executive departments and agencies of the Government, with urgency in the Department of the Treasury, the State Department and Department of Public Safety.

PR SR 158
Status: Adopted
Orders the Senate Committee on Finance of the Senate to study cyber attacks on the electronic systems of the Department of the Treasury and the Municipal Revenues Collection Center; studies the effect of this incident in the fulfilment of the functions of these agencies regarding any information, either from the Government or its taxpayers, that was affected; studies preventive measures to be established to avoid that this continues happening.

 

​​​​​​