Cybersecurity Legislation 2021

6/22/2021

cybersecurity

Overview

The COVID-19 pandemic caused disruption and major shifts in the way government and businesses operated in the past year. Cybersecurity risks increased due to the sudden move to a remote workforce that often had fewer and less robust security measures in place. Cybercriminals found ways to take advantage of these conditions and of people's fears related to the coronavirus.

Recent unprecedented cyberattacks, such as the Solarwinds incident, which breached many company and federal and state government systems, also have kept cybersecurity a priority for many state lawmakers. 

2021 Introductions

At least 45 states and Puerto Rico introduced or considered more than 250 bills or resolutions that deal significantly with cybersecurity. Some of the issues seeing the most legislative activity include measures:

  • Requiring government agencies to implement cybersecurity training, to set up and follow formal security policies, standards and practices, and to plan for and test how to respond to a security incident.
  • Regulating cybersecurity within the insurance industry or addressing cybersecurity insurance.
  • Creating task forces, councils or commissions to study or advise on cybersecurity issues.
  • Supporting programs or incentives for cybersecurity training and education. 

States are also addressing cyber threats through appropriations. Not all cybersecurity appropriations are listed here, although significant funding or funding for specific statewide mandates or state projects may be listed. Other related security issues include election security (see NCSL's Elections database) and cybersecurity threats to the energy infrastructure and other critical infrastructure (see NCSL's Energy Program resources). Other NCSL resources address related topics such as security breach laws and legislation, privacy and other issues. 

 

2021 Cybersecurity Legislation

Alaska

AK H.B. 3
Status: Pending--carryover
Relates to the definition of disaster.

Alabama

AL S.B. 165
Status: Failed--adjourned
Public records, Alabama Public Records Act created, method of request for public records and manner of appeal, established, Office of Public Access Counselor, established, Sections 36-12-40, 36-12-41 repealed.

AL SJR 124
Status: Enacted
Recognizes Cybersecurity Awareness Month in October 2021.

Arizona

AZ S.B. 1159
Status: Pending
Relates to technical correction, relates to electromagnetic pulse preparedness.

Arkansas

AR S.B. 149
Status: Enacted
Amends the Fair Mortgage Lending Act. Provides that a mortgage broker, mortgage banker, or mortgage servicer required to be licensed shall establish, implement, update, and enforce written physical security and cybersecurity policies and procedures reasonably designed to ensure the confidentiality, integrity, and availability of physical and electronic records and information.

California

CA A.B. 128
Status: To Governor
Makes appropriations for the support of state government for the 2021-22 fiscal year, including $2,000,000 to be used to establish and operate the Office of Elections Cybersecurity. Activities performed by the Office of Elections Cybersecurity are intended to be specific to elections and shall be designed so as to minimize overlap and in coordination with statewide cybersecurity efforts performed by the California Cybersecurity Integration Center. Also appropriates up to $925,000 for the California Cybersecurity Integration Center. Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals, safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, economic stability, and national security. Appropriates $10,000,000 to address deferred maintenance projects that represent critical infrastructure deficiencies.

CA  A.B. 327
Status: Pending (cybersecurity provisions below were amended out in current version)
Add the California Privacy Protection Agency as one of the organizations whose representatives comprise the California Cybersecurity Integration Center. Declare that its provisions further the purposes and intent of the California Privacy Rights Act of 2020.

CA A.B. 581
Status: Pending
Requires all state agencies, as generally defined, to review and implement specified National Institute of Standards and Technology (NIST) guidelines for, among other things, reporting, coordinating, publishing, and receiving information about a security vulnerability relating to information systems and the resolution thereof, no later than July 1, 2022.

CA A.B. 809
Status: Pending
Requires state agencies not covered by the policies and procedures issued by the Office of Information Security within the Department of Technology to adopt and implement information security and privacy policies, standards, and procedures based upon standards issued by the National Institute of Standards and Technology and the Federal Information Processing Standards.

CA A.B. 953
Status: Pending
Requires the Department of Fish and Wildlife to separately track and account for all revenues collected under the above filing fee provision and all costs incurred in its role as a responsible agency or trustee agency under the California Environmental Quality Act.

CA A.B. 1352
Status: Pending
Authorizes the Military Department, at the request of a local educational agency, to perform an independent security assessment of the local educational agency, or an individual schoolsite under its jurisdiction, the cost of which to be funded by the local educational agency, as specified.

CA A.B. 1403
Status: Pending
Relates to emergency services. Includes a deenergization event, defined as a planned power outage, as specified, within those conditions constituting a state of emergency and a local emergency.

CA S.B. 52
Status: Pending
Expands the definition of sudden and severe energy shortage to include a deenergization event, defined as a planned power outage, as specified, and would make a deenergization event one of those conditions constituting a state of emergency and a local emergency.

CA S.B. 468
Status: Pending
Includes an electromagnetic pulse attack among those conditions constituting a state of emergency or local emergency.

Colorado

CO H.B.1236
Status: Enacted
Concerns the modification of certain statutory provisions to reflect the current state information technology environment. Provides that the Colorado cybersecurity council may develop a whole-of-state cybersecurity approach for the state and for local governments, including the coordination and setting of strategic statewide cybersecurity goals, roadmaps, and best practices. The council also may review the need to conduct risk assessments of local government systems and providing additional cybersecurity services to local governments.

Connecticut

CT H.B. 5868
Status: Failed
Requires an online listing of all cyberattacks or data breaches in the state, establishes a central location that lists all cyberattacks or data breaches in the state.

CT H.B. 6161
Status: Failed
Creates a tax safe harbor for business entities adopting a recognizable best practice cybersecurity plan.

CT H.B. 6607
Status: To Governor
Incentivizes the adoption of cybersecurity standards for businesses by allowing businesses that adopt certain cybersecurity framework to plead an affirmative defense to any cause of action that alleges that a failure to implement reasonable cybersecurity controls resulted in a data breach concerning personal or restricted information.

CT S.B. 4
Status: Failed
Requires the Public Utilities Regulatory Authority to apply net neutrality principles to broadband Internet access service providers and enforce such principles with civil penalties, directs the authority to conduct studies on cybersecurity and data privacy laws in the state, extends the crime of stalking in the second degree to certain electronic disclosures of personal identifiable information without consent.

CT S.B. 719
Status: Failed
Establishes a task force to study and develop recommendations concerning protection from, and prevention of, cyber attacks.

CT S.B. 720
Status: Failed
Concerns data privacy, net neutrality, cyber security and fairness in data usage in the new age of a digital workforce, protects the economy and online learning from data breaches and limits on broadband usage.

Florida

FL H 971
Status: Failed
Relates to public records, relates to consumer data privacy, provides exemption from public records requirements for information relating to investigations by Department of Legal Affairs and law enforcement agencies of certain data privacy violations, provides for future review and repeal, provides statement of public necessity.

FL H.B. 1137
Status: To Governor
Relates to information technology procurement, requires Department of Management Services (DMS) to establish project management and oversight standards for state agency compliance and perform project oversight on it projects, requires department to issue request for quotes to vendors approved to provide commodities or services, requires Department of Management Services (DMS) to prequalify firms and individuals to provide services on state term contract.

FL H.B. 1297
Status: Enacted
Relates to cybersecurity, requires audit plans of inspector general to include certain information, revises provisions to replace references to it and computer security with references to cybersecurity, provides and revises requirements for Department of Management Services, acting through State Digital Service, creates State Cybersecurity Advisory Council within Department of Management Services, provides purpose of council.

FL H.B. 5001
Status: Failed
Relates to General Appropriations Act, provides moneys for annual period beginning specified date, and ending specified date, and supplemental appropriations for period ending specified date, to pay salaries and other expenses, capital outlay-buildings and other improvements, and for other specified purposes of various agencies of state government.

FL S.B. 1448
Status: Failed
Relates to Information Technology Procurement, requires the Department of Management Services, through the Florida Digital Service, to establish certain project management and oversight standards for state agency compliance, requiring the department to perform project oversight on information technology projects that have total project costs of a certain amount or more.

FL S.B. 1900
Status: Failed
Relates to cybersecurity, requires certain audit plans of an inspector general to include certain information, revises provisions to replace references to information technology security and computer security with references to cybersecurity, provides that certain employees shall be assigned to selected exempt service, creates the Florida Cybersecurity Advisory Council within the Department of Management Services.

FL S.B. 7064
Status: Failed
Relates to public records/investigations by the department of legal affairs; provides an exemption from public records requirements for information relating to investigations by the Department of Legal Affairs and law enforcement agencies of certain data privacy violations; provides for future legislative review and repeal of the exemption; provides a statement of public necessity.

FL S.B. 7074
Status: Enacted
Relates to public records or social media platform activities, provides a public records exemption for information received by the Attorney General pursuant to an investigation by the Attorney General or a law enforcement agency into certain social media platform activities, provides a public records exemption for information received by the Department of Legal Affairs pursuant to an investigation by the department.

Georgia

GA H.B. 134
Status: Enacted
Relates to open and public meetings, so as to exclude meetings relating to cybersecurity contracting and planning from open meeting requirements, relates to inspection of public records, so as to provide an exemption for certain documents relating to cybersecurity plans and systems, provides for related matters, provides for an effective date, repeals conflicting laws.

GA H.B. 156
Status: Enacted
Relates to military, emergency management, and veterans affairs, so as to provide for additional powers and duties related to homeland security and the military, facilitates the sharing of information and reporting of cyber attacks, requires governmental agencies and utilities to report any cyber attacks to the director of emergency management and homeland security, provides for certain reports and records related to cyber attacks to be exempt from public disclosure, relates to workforce development.

GA H.B. 159
Status: Pending--carryover
Relates to military, emergency management, and veterans affairs, so as to establish the State Cybersecurity Review Board, provides for membership and duties of the board, provides for definitions, requires the board, in conjunction with the Georgia Technology Authority, to establish cybersecurity training for employees of all state agencies, provides for adverse employment action if such training is not completed.

GA H.B. 260
Status: Pending--carryover
Relates to selling and other trade practices, so as to provide for legislative findings, provides standards for cybersecurity programs to protect businesses from liability, provides for affirmative defenses for data breaches of private information, provides for related matters, provides for an effective date, repeals conflicting laws.

GA S.B. 52
Status: Pending--carryover
Relates to selling and other trade practices, so as to provide for legislative findings, provides standards for cybersecurity programs to protect businesses from liability, provides for affirmative defenses for data breaches of private information, provides for related matters, provides for an effective date, repeals conflicting laws.

Hawaii

HI H.B. 454
Status: Pending--carryover
Establishes an income tax credit for investment in qualified businesses that develop cybersecurity and artificial intelligence.

HI H.B. 739
Status: Pending--carryover
Requires manufacturers of connected devices to equip the devices with reasonable security features regarding information collected, unauthorized access, or the destruction or use of the devices.

HI H.B. 946
Status: Pending--carryover
(Governor Bill Package) Adopts the national conference of insurance commissioners' insurance data security model law to establish insurance data security standards for state insurance licensees.

HI H.B. 957
Status: Pending--carryover
(Governor Bill Package) Establishes the Hawaii state fusion center as a program under the office of homeland security as described in chapter 128a, Hawaii Revised Statutes, establishes the position of Hawaii state fusion center director.

HI S.B. 1002
Status: Pending--carryover
Requires manufacturers of connected devices to equip the devices with reasonable security features regarding information collected, unauthorized access, or the destruction or use of the devices.

HI S.B. 1100
Status: To Governor
(Governor Bill Package) Enacts the National Association of Insurance Commissioners' Insurance Data Security Model Law to establish insurance data security standards for Hawaii insurance licensees.

HI S.B. 1111
Status: Pending--carryover
(Governor Bill Package) Establishes the state fusion center as a program under the Office of Homeland Security, establishes the position of state state fusion center director who shall be state funded responsible to the Director of Homeland Security and accountable to manage the operations of the center.

Iowa

IA D 1335
Status: Pending--carryover
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the commissioner of insurance, makes penalties applicable, includes effective date provisions.

IA H.B. 719
Status: Enacted
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.

IA H.B. 861
Status: Enacted
Relates to appropriations to the justice system, gambling regulatory fees, and creating a bureau of cyber-crime, establishing a department of corrections survivor benefits fund, and including effective date and retroactive applicability provisions.

IA HSB 198
Status: Pending--carryover
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.

IA S.B. 553
Status: Failed
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.

IA SSB 1190
Status: Pending--carryover
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.

Idaho

ID H.B. 147
Status: Failed
Enacts the Insurance Data Security Act, establishes provisions regarding an information security program, provides for investigation and notice of a cybersecurity event, provides that the director of the department of insurance will have the power to examine and investigate certain matters, provides for confidentiality and sharing of documents, materials, and other information, provides exceptions, provides that the chapter does not create a private cause of action, provides for penalties.

Illinois

IL H.B. 1588
Status: Pending
Amends the Information Security Improvement Act, makes a technical change in a section concerning the short title.

IL H.B. 2869
Status: Pending
Amends the Local Records Act, provides that a unit of local government, acting through its governing board, may authorize the use of technology to execute its duties, or assist in the execution of certain portions of public duties, where those technologies utilize commonly accepted methods of data storage and cybersecurity, and the unit of local government otherwise continues adherence to the Local Records Act.

IL H.B. 3030
Status: Pending
Creates the Cybersecurity Compliance Act, creates an affirmative defense for every covered entity that creates, maintains, and complies with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of either personal information or both personal information and restricted information and that reasonably conforms to an industry-recognized cybersecurity framework, prescribes requirements for the cybersecurity program.

IL H.B. 3040
Status: Pending
Creates the Insurance Data Security Act, requires any person licensed, authorized to operate, or registered as an insurer in accordance with the insurance Laws of this State to conduct a risk assessment of cybersecurity threats, implement appropriate security measures, and no less than annually assess the effectiveness of the safeguards' key controls, systems, and procedures.

IL H.B. 3204
Status: Pending
Amends the Information Security Improvement Act, makes a technical change in a section concerning the short title.

IL H.B. 3523
Status: To Governor
Amends the Emergency Management Agency Act, expands the definition of disaster to include a cyber attack.

IL H.B. 3731
Status: Pending
Amends the Department of Innovation and Technology Act, requires the Department of Innovation and Technology to work to ensure the security of the social media and Internet presence of state elected officials and state agencies and, to the extent possible, reserve the use of State government online accounts, whether social media or email, for use only by state officials, state agencies, and employees thereof, to prevent false personation, provides for the adoption of rules, defines false personation.

IL H.B. 4074
Status: Pending
Creates the Consumers and Climate First Act, provides that it is the policy of the state to transition to 100% clean energy by 2050, amends the Governmental Ethics Act, expands the information required to be provided on a statement of economic interests to include employment by a public utility, amends the Enterprise Zone Act, expands, in provisions relating to High Impact Businesses, the definition of new electric generating facility to include a new utility scale solar power facility.

IL S.B. 350
Status: Pending
Amends the Freedom of Information Act, exempts from disclosure risk and vulnerability assessments, security measures, schedules, certifications, and response policies or plans that are designed to detect, defend against, prevent, or respond to potential cyber attacks upon the state's or an election authority's network systems, or records that the disclosure of which would, in any way, constitute a risk to the proper administration of elections or voter registration.

IL S.B. 825
Status: Enacted
Amends the Election Code, relates to cybersecurity, requires each election authority maintaining a website to begin utilizing a .gov website address and a .gov electronic mail address for each employee.

IL S.B. 2506
Status: Pending
Amends the Local Records Act, provides that a unit of local government, acting through its governing board, may authorize the use of technology to execute its duties, or assist in the execution of certain portions of public duties, where those technologies utilize commonly accepted methods of data storage and cybersecurity, and the unit of local government otherwise continues adherence to the Local Records Act.

IL S.B. 2896
Status: Pending
Creates the Consumers and Climate First Act, provides that it is the policy of the state to transition to 100% clean energy by 2050, amends the Governmental Ethics Act, expands the information required to be provided on a statement of economic interests to include employment by a public utility, amends the Enterprise Zone Act, expands, in provisions relating to High Impact Businesses, the definition of new electric generating facility to include a new utility scale solar power facility.

Indiana

IN H.B. 1169
Status: Enacted
Relates to cybersecurity incidents, requires the office of technology to maintain a repository of cybersecurity incidents, provides that a state agency and a political subdivision shall report any cybersecurity incident to the office without unreasonable delay and not later than two business days after discovery of the cybersecurity incident in a format prescribed by the chief information officer, allows the office of technology to assist a state agency with certain issues concerning information technology.

Kansas

KS H.B. 2292
Status: Pending--carryover
Creates exemptions in the Open Records Act for cyber security assessments, plans and vulnerabilities.

KS H.B. 2390
Status: Enacted
Makes permanent certain exceptions to the disclosure of public records under the Open Records Act.

KS S.B. 250
Status: Pending--carryover
Amends the state Cybersecurity Act, requires security training for all state agencies, provides for certain information to be provided to the Joint Committee on Information Technology.

Louisiana

LA H.B. 128
Status: Enacted
Provides relative to the powers and duties of the Cash Management Review Board with respect to financial security and cybersecurity plans and procedures adopted by state agencies, including the assessment and deployment of such plans and procedures.

LA H.B. 373
Status: Enacted
Establishes an exception to public records requirements for certain information by the Secretary of State.

LA H.B. 417
Status: Failed--adjourned
(Constitutional Amendment) Revises Article VII of the Constitution of Louisiana.

LA H.B. 508
Status: Failed--adjourned
Dedicates funds to the State Cybersecurity and Information Technology Fund.

LA H.B. 607
Status: Enacted
Provides relative to the joint legislative committee on technology and cybersecurity.

LA HCR 108
Status: Adopted
Directs the Department of Economic Development to study and report on cyber-related issues.

LA S.B. 15
Status: Enacted
Provides relative to purchase of telecommunication and video equipment or services by all state agencies.

Massachusetts

MA H.B. 107
Status: Pending
Regulates privacy and technology in education.

MA H.B. 122
Status: Pending
Relates to cyber procurement insurance.

MA H.B. 349
Status: Pending
Relates to the security of personal financial information.

MA H.B. 3132
Status: Pending
Establishes a task force to study the need for increased cyber security within government agencies.

MA H.B. 3133
Status: Pending
Relates to cybersecurity standards in state contracts or procurements.

MA S.B. 55
Status: Pending
Relates to cyber crime prevention in schools.

MA S.B. 2088
Status: Pending
Establishes a Cybersecurity Control and Review Commission.

MA HD 573
Status: Pending
Ensures cyber security in the Commonwealth.

MA HD 582
Status: Pending
Relates to cybersecurity standards in government procurements.

MA HD 2720
Status: Pending
Relates to cyber procurement insurance.

MA SD 399
Status: Pending
Establishes a Cybersecurity Control and Review Commission.

MA SD 2327
Status: Pending
Relates to cyber crime prevention in schools.

Maryland

MD H.B. 38
Status: Failed--adjourned
Relates to the Department of Information Technology.

MD H.B. 148
Status: Failed--adjourned
Relates to the Personal Information Protection Act.

MD H.B. 425
Status: Enacted
Prohibits a person from committing a certain prohibited act with the intent to interrupt or impair the functioning of a health care facility or a public school, prohibits a person from knowingly possessing certain ransomware with the intent to use the ransomware for purposes of introduction into a computer, network or system of another person, alters and establishes certain penalties, authorizes a victim of a certain offense to bring a civil action for damages against a certain person.

MD H.B. 587
Status: Failed--adjourned
Requires each unit of State government to submit a certain report related to information technology and cybersecurity to the Department of Information Technology on or before a certain date each year, establishes the required contents of certain reports, requires the Department to compile and analyze certain information and report to each unit of State government and the General Assembly certain information and recommendations by a certain date of each year.

MD H.B. 717
Status: Failed--adjourned
Provides for the target per pupil foundation amount in fiscal year 2022, requires each county board of education to use not less than 7% of the target per pupil foundation amount to provide certain technology resources to students, authorizes a local school system, at the end of each fiscal year, to hold unused funds in a special fund to be used in a subsequent fiscal year, requires a county board that allocates certain funding to follow certain information technology security standards.

MD H.B. 824
Status: Failed--adjourned
Requires the State Department of Education, the Behavioral Health Administration within the Maryland Department of Health, the Maryland Center for School Safety, and the Department of Information Technology jointly to develop and publish a cyber safety guide and training course on safe Internet, social media, and technology usage for certain students, parents, and school employees to be implemented beginning in the 2022-2023 school year, requires the guide to be posted on certain websites.

MD H.B. 879
Status: Failed--adjourned
Establishes the Cybersecurity Coordination and Operations Office within the Maryland Emergency Management Agency to help improve statewide cybersecurity readiness and response, requires the Director of MEMA to appoint an Executive Director as head of the Office, requires the Office to be provided with sufficient staff to perform the Office's functions.

MD H.B. 1129
Status: Failed--adjourned
Requires the Department of Information Technology, in coordination with the Maryland Cybersecurity Council, to develop criteria for the certification of certain cybersecurity training programs for use by State and local government employees required to complete cybersecurity training each year, certify at least 20 programs, review and update certain certification standards at certain times, and maintain a list of all certified programs on its website.

MD H.B. 1306
Status: Failed--adjourned
Alters the duties of the Maryland Cybersecurity Council to include monitoring and evaluating certain election security measures and high-speed Internet access in the State, requires the Council to make recommendations concerning any legislative changes considered necessary by the Council to address election security and high-speed Internet access.

MD S.B. 49
Status: Enacted
Relates to cybersecurity. Requires the Secretary of Information Technology to advise and oversee a consistent cybersecurity strategy for certain units of state government. Requires the Secretary to advise and consult with the Legislative and Judicial branches of state government regarding a cybersecurity strategy. Requires the Secretary to develop guidance on consistent cybersecurity strategies for certain political subdivisions of the state.

MD S.B. 69
Status: Failed--adjourned
Relates to the emergency management agency.

MD S.B. 112
Status: Failed--adjourned
Relates to the Personal Information Protection Act.

MD S.B. 160
Status: Enacted
Relates to the Cybersecurity Investment Incentive Tax Credit Program.

MD S.B. 231
Status: Failed--adjourned
Relates to cyber safety guide and training course.

MD S.B. 348
Status: Failed
Relates to information technology.

MD S.B. 351
Status: Failed--adjourned
Relates to protection of information.

MD S.B. 623
Status: Enacted
Prohibits a person from committing a certain prohibited act with the intent to interrupt or impair the functioning of a health care facility or a public school, prohibits a person from knowingly possessing certain ransomware with the intent to use the ransomware to restrict access by authorized persons and demanding payment to remove the ransomware, authorizes a victim of a certain offense to bring a civil action for damages against a certain person.

MD S.B. 734
Status: Failed--adjourned
Requires the Department of Information Technology to issue certain standards and guidelines for units of State government for the appropriate use and management of certain Internet of Things devices under certain circumstances, requires the Department to review and revise its standards and guidelines at least once every 5 years to ensure that they are at least as comprehensive as the standards and guidelines adopted by the Director of NIST.

MD S.B. 770
Status: Failed--adjourned
Provides for the target per pupil foundation amount in fiscal year 2022, requires each county board of education to use not less than 7% of the target per pupil foundation amount to provide certain technology resources to students, authorizes a local school system, at the end of each fiscal year, to hold unused funds in a special fund to be used in a subsequent fiscal year, requires a county board that allocates certain funding to follow certain information technology security standards.

MD S.B. 873
Status: Failed--adjourned
Requires the Department of Information Technology, in coordination with the Maryland Cybersecurity Council, to develop criteria for the certification of certain cybersecurity training programs for use by State and local government employees required to complete cybersecurity training each year, certify at least 20 programs, review and update certain certification standards at certain times, and maintain a list of all certified programs on its website.

MD S.B. 902
Status: Failed--adjourned
Establishes the Cyber Workforce Program in the Partnership for Workforce Quality Program, provides for the purpose of the Cyber Program, requires the Secretary of Commerce to direct the Cyber Program, requires the Secretary to establish certain criteria and priorities for assistance under the Cyber Program, requires the Secretary to submit a certain report on the operation and performance of the Cyber Program.

MD S.B. 917
Status: Failed--adjourned
Requires each unit of State government and certain local agencies to submit a certain report related to information technology and cybersecurity to the Department of Information Technology on or before September 1 each year, establishes the required contents of certain reports, requires the Department to compile and analyze certain information and report to each unit of State government and the General Assembly certain information and recommendations by December 31 each year.

MD S.B. 943
Status: Enacted
Relates to University of Maryland Strategic Partnership Act of 2016.

Maine

ME H.B. 17
Status: Enacted
Enacts the Maine Insurance Data Security Act, establishes standards for information security programs based on ongoing risk assessment for protecting consumers' personal information, establishes requirements for the investigation of and notification to the Superintendent of Insurance regarding cybersecurity events.

ME H.B. 672
Status: Enacted
Protects data privacy and security in elections, proposes to protect data privacy and security in elections.

ME LR 114
Status: Pending
Enacts the Maine Insurance Data Security Act.

ME LR 1607
Status: Pending
Protects data privacy and security in elections.

ME  3
Establishes the state of Maine Cybersecurity Advisory Council.


Michigan

MI H.B. 5036
Status: Pending
Provides technology, management, and budget department to create resources concerning digital literacy and cyber safety on public website to House Communications and Technology Committee.

MI S.B. 520
Status: Pending
Provides technology, management, and budget department to create resources concerning digital literacy and cyber safety on public website.

Minnesota

MN H.B. 6  (Special session)
Status: Pending
Relates to commerce, establishes a biennial budget for Department of Commerce, Public Utilities Commission, and energy activities, modifies various provisions governing insurance, modifies provisions governing collections agencies and debt Buyers, modifies and adds consumer protections, establishes and modifies provisions governing energy, renewable energy, and utility regulation, provides for certain salary increases, makes technical changes, establishes penalties, requires reports, appropriates money.

MN S.B. 19 (Special session)
Status: Pending
Relates to commerce, establishes a biennial budget for Department of Commerce, Public Utilities Commission, and energy activities, modifies various provisions governing insurance, modifies provisions governing collections agencies and debt Buyers, modifies and adds consumer protections, establishes and modifies provisions governing energy, renewable energy, and utility regulation, provides for certain salary increases, makes technical changes, establishes penalties, requires reports, appropriates money.

MN H.B. 66
Status: Pending--carryover
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments.

MN H.B. 1031
Status: Failed
Relates to commerce, establishes a biennial budget for Department of Commerce and energy activities, modifies various provisions governing and administered by the Department of Commerce, establishes a prescription drug affordability board and related regulations, modifies various provisions governing insurance.

MN H.B. 1913
Status: Pending--carryover
Relates to insurance, establishes an Insurance Data Security Law.

MN S.B. 972
Status: Pending--carryover
Relates to commerce, establishes a biennial budget for Department of Commerce and energy activities, modifies various provisions governing and administered by the Department of Commerce, establishes a prescription drug affordability board and related regulations, modifies various provisions governing insurance, establishes a student loan borrower bill of rights, modifies and adding consumer protections, modifies provisions governing collections agencies and debt buyers.

MN S.B. 1174
Status: Pending--carryover
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments, proposes coding for new law.

MN S.B. 1606
Status: Failed--carryover
Relates to insurance, establishes an Insurance Data Security Law.

MN S.B. 1846
Status: Pending--carryover
Relates to commerce, modifies various provisions governing or administered by the Department of Commerce, modifies allowance of reinsurance credit, establishes an insurance data security law, makes technical changes.

Missouri

MO H.B. 1204
Status: Failed--adjourned
Establishes the Missouri Cybersecurity Commission.

MO S.B. 49
Status: To Governor
Relates to public safety, modifies provisions relating to licensure as a boat dealer, modifies provisions relating to certain vessel registration and fees, adds restrictions for certain vessel anchorage at docks, provides a penalty, establishes the Missouri Cybersecurity Commission within the Department of Public Safety.

Mississippi

MS H.B. 633
Status: Enacted
Creates the Mississippi Computer Science and Cyber Education Equality Act, authorizes and directs the Mississippi Department of Education to implement a mandatory k 12 computer science curriculum based on the Mississippi College and Career Readiness Standards for computer science, which includes instruction in, but not limited to, computational thinking, cyber related, programming, cyber security, data science, robotics and other computer science and cyber related content.

MS S.B. 2678
Status: Failed
Creates the Mississippi Computer Science and Cyber Education Equality Act, authorizes and directs the Mississippi Department of Education to implement a mandatory K 12 computer science curriculum based on the state college and career readiness standards for computer science which includes instruction in, but not limited to, computational thinking, computer programming, cyber security, data science, robotics and other computer science and cyber related content.

MS  1
Creates a Task Force on State Cybersecurity, directs the Task Force to develop recommendations and proposals to identify vulnerabilities of systems, staffing, training and technologies with state agencies.

Montana

MT H.B. 10
Status: Enacted
Revises laws related to Information Technology Capital Projects, appropriates money for Information Technology Capital Projects for the biennium ending a specified date, provides for matters relating to the appropriations, provides for a transfer of funds from the general fund to the Long-Range Information Technology Program Account, provides for the development and acquisition of new information technology systems for the specified agencies.

MT H.B. 530
Status: Enacted
Requires the Secretary of State to adopt rules defining and governing election security; requires election security assessments by the Secretary of State and county election administrations; establishes that security assessments are confidential information; establishes reporting requirements; directs the Secretary of State to adopt rules prohibiting certain persons from receiving pecuniary benefits with respect to certain ballot activities; provides for penaltieS.

MT H.B. 614
Status: Enacted
Revises the workforce development provisions of the Health and Economic Livelihood Partnership act, establishes allowable uses of workforce development funding, requires contracting for training and education programs, extends rulemaking authority.

MT H.B. 930
Status: Enacted
Requires the Secretary of State to adopt rules defining and governing election security, requires election security assessments by the Secretary of State and county election administrations, establishes that security assessments are confidential information, establishes reporting requirements, directs the Secretary of State to adopt rules prohibiting certain persons from receiving pecuniary benefits with respect to certain ballot activities, provides for penalties.

MT  13
Continues the Montana Information Security Advisory Council.

Nevada

NV BDR 63
Status: Failed--adjourned
Revises provisions relating to cyber security.

New Hampshire

NH H.B. 137
Status: Failed
Exempts certain statewide standards and protocols relative to information technology, networks, telephony, and cyber security developed by the department of information technology from a specified rulemaking.

NH H.B. 425
Status: Enacted
Establishes certain technical committees and a cybersecurity advisory committee in the Department of Information Technology.

NH H.B. 487
Status: Failed
Establishes an information technology supply chain risk authority.

NH LSR 546
Status: Pending
Establishes the position of chief information security officer and deputy chief information security officer in the department of information technology.

NH LSR 643
Status: Failed
Relates to cyber security incident reporting and recommended cyber security standards for political subdivisions.

New Jersey

NJ A.B. 442
Status: Pending
Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks.

NJ A.B. 1378
Status: Pending
Directs New Jersey Cyber security and Communications Integration Cell to develop cyber security prevention best practices and awareness materials for consumers in this state.

NJ A.B. 1396
Status: Pending
Concerns information security standards and guidelines for state and local government.

NJ A.B. 1654
Status: Pending
Requires state, county, and municipal employees and certain state contractors to complete cybersecurity awareness training.

NJ A.B. 2083
Status: Pending
Establishes the crime of cyber interference, defined as tampering or interfering with any software, computer, cell phone, or any other electronic device, with the purpose to harass another.

NJ A.B. 2852
Status: Pending
Directs state Cybersecurity and Communications Integration Cell, Office of Information Technology, and state Big Data Alliance to develop advanced cyberinfrastucture strategic plan.

NJ A.B. 3308
Status: Pending
Clarifies the crime of unlawful access concerning certain password protected communications in electronic storage.

NJ A.B. 3684
Status: Pending
Requires state employees to receive best cybersecurity practices.

NJ A.B. 3834
Status: Pending
Concerns debarment of contractors for conviction of certain computer-related crimes.

NJ A.B. 3984
Status: Pending
Creates affirmative defense for certain breaches of security.

NJ A.B. 4825
Status: Pending
Revises cybersecurity, asset management, and related reporting requirements in Water Quality Accountability Act.

NJ AJR 40
Status: Pending
Urges Secretary of State to assure Legislature and public that State's electoral system is protected from foreign computer hackers.

NJ AJR 66
Status: Pending
Establishes Technology Task Force.

NJ AJR 153
Status: Pending
Designates October of each year as Cyber Security Awareness Month.

NJ S.B. 343
Status: Pending
Directs the state Cybersecurity and Communications Integration Cell, Office of Information Technology, and the state Big Data Alliance to develop an advanced cyberinfrastucture strategic plan.

NJ S.B. 647
Status: To Governor
Revises cybersecurity, asset management, and related reporting requirements in Water Quality Accountability Act.

NJ S.B. 1233
Status: Pending
Requires certain persons and business entities to maintain comprehensive information security program.

NJ S.B. 1619
Status: Pending
Clarifies crime of unlawful access concerning certain password protected communications in electronic storage.

NJ S.B. 2155
Status: Pending
Requires Economic Development Authority to establish program offering low interest loan to certain financial institutions and personal data businesses to protect business's information technology system from customer personal information disclosure.

NJ S.B. 3062
Status: Pending
Creates affirmative defense for certain breaches of security.

NJ S.B. 3897
Status: Pending
Requires each principal department in Executive Branch and each State college to conduct review of department's or college's cybersecurity infrastructure and make recommendations.

New Mexico

NM H.B. 70
Status: Failed--adjourned
Relates to domestic terrorism, defines "denial of service attack", defines "school", "community center", "place of worship" and "public accommodation", creates the crimes of terrorism, cyberterrorism, possessing a terroristic weapon and making a terroristic threat, provides penalties, provides for concurrent jurisdiction of crimes under the antiterrorism act, requires information sharing and reporting.

New York

NY A.B. 749
Status: Pending
Authorizes continuing care retirement communities to adopt a written cybersecurity policy, requires such policies to be self-certified and approved by the superintendent.

NY A.B. 3847
Status: Pending
Establishes the crime of disruption of an online public meeting when a person with intent to cause public inconvenience, annoyance or alarm, without lawful authority, and acting through a computer service, he or she disturbs any lawful assembly or meeting of persons open to the public conducted through a computer service, makes such crime a class B misdemeanor.

NY A.B. 3900
Status: Pending
Establishes a commission to study the European Union's general protection data regulation and the current state of cybersecurity in the state.

NY A.B. 4490
Status: Pending
Enacts the "computer spyware protection act", prohibits the installation, transmission and use of computer software that collects personally identifiable information, authorizes the Attorney General to bring a civil action against any person who violates any provision of this section, seeks damages ranging from one thousand dollars to one million dollars.

NY A.B. 4567
Status: Pending
Establishes the School District Cyber Crime Prevention Services Program to provide school districts with information on strategies, best practices and programs offering training and assistance in the prevention of cyber crimes in school districts or otherwise affecting school districts, provides further that information on eligibility and applications for financial assistance be made available to school districts.

NY A.B. 4581
Status: Pending
Establishes the misdemeanor of interfering in the election process by electronic means.

NY A.B. 4640
Status: Pending
Requires the Department of Education to provide annual notifications to school districts to combat cyber crime.

NY A.B. 4892
Status: Pending
Creates the crime of cyberterrorism and calculating damages caused by computer tampering, cyberterrorism shall be a class B felony.

NY A.B. 6984
Status: Pending
Establishes civilian cyber security reserve Forces within the New York state militia to be capable of being expanded and trained to educate and protect state, county, and local government entities, critical infrastructure, including election systems, businesses and citizens of the state from cyber attacks, makes related provisions.
‚Äč
NY S.B. 118
Status: Pending
Establishes the misdemeanor of interfering in the election process by electronic means.

NY S.B. 348
Status: Pending
Requires the Department of Education to provide annual notifications to school districts to combat cyber crime.

NY S.B. 349
Status: Pending
Establishes the school district cyber crime prevention services program.

NY S.B. 2087
Status: Pending
Amends the Tax Law, relates to a business tax credit for purchase of data breach insurance.

NY S.B. 2652
Status: Pending
Amends the State Technology Law, requires governmental entities to implement multifactor authentication for local and remote network access.

NY S.B. 3213
Status: Pending
Directs that state agencies require that procurement of personal computing goods, services and solutions meet the National Institute of Standards and Technology Cybersecurity Framework.

NY S.B. 5410
Status: Pending
Elevates all computer tampering offenses by one degree in severity.

NY S.B. 6068
Status: Pending
Establishes a commission to study the European Union's general protection data regulation and the current state of cybersecurity in the state.

NY S.B. 6154
Status: Pending
Creates a Cyber Security Enhancement Fund to be used for the purpose of upgrading cyber security in local governments, including but not limited to, villages, towns and cities with a population of one million or less, restricts the use of taxpayer moneys in paying ransoms in response to ransomware attacks.

North Carolina

NC H.B. 813
Status: Pending
Prohibits any state agency, unit of local government, or public authority from paying a ransom in connection with a cybersecurity incident and Clarifies the reporting of cybersecurity incidents to the department of information technology.

NC S.B. 621
Status: Pending
Appropriates additional funds to support a dedicated North Carolina Defense Cyber Office in the NC Military Business Center.

North Dakota

ND D 198
Status: Failed--adjourned
Relates to cybersecurity incident reporting requirements.

ND H.B. 1064
Status: Failed
Relates to the powers and duties of the information technology department.

ND H.B. 1314
Status: Enacted
Relates to cybersecurity incident reporting requirements.

ND H.B. 1417
Status: Enacted
Relates to the Powers and duties of the information technology department.

ND S.B. 2075
Status: Enacted
Relates to third party software access to insurance policy information.

Ohio

OH H.B. 116
Status: Pending
Enacts the Computer Crimes Act.

Oklahoma

OK H.B. 1759
Status: Enacted
Relates to crimes and punishments, relates to the Oklahoma Computer Crimes Act, modifies definition, defines term, expands scope of certain prohibited acts, makes certain acts unlawful, provides construing provision, provides an effective date.

Oregon

OR S.B. 293
Status: To Governor
Directs office of State Chief Information Officer to develop recommendations related to elevating consideration of privacy, confidentiality and data security measures in state government enterprise and shared information technology services, and to submit recommendations in report to certain interim committees of Legislative Assembly by specified date.

Pennsylvania

PA H.B. 40
Status: Pending
Establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the joint cybersecurity oversight committee, imposes duties on the office of information technology, provides for administration of statewide radio network, imposes penalties.

PA S.B. 482
Status: Pending
Establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee, imposes duties on the Office of Information Technology, provides for administration of Statewide Radio Network, imposes penalties.

PA H.B. 1362
Status: Pending
Provides for Cybersecurity Coordination Board.

PA H.B. 1397
Status: Pending
Amends the Public Utility Confidential Security Information Disclosure Protection Act, provides for procedures for submitting, challenging and protecting confidential security information, for applicability to other law and for prohibition.

Rhode Island

RI H.B. 5200
Status: Pending
Adopts the National Association of Insurance Commissioners Cybersecurity Act which establishes the current cybersecurity standard for insurers doing business in this state.

RI H.B. 6042
Status: Pending
Authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity.

RI S.B. 340
Status: Pending
Establishes that manufacturers of devices capable of connecting to the Internet equip the devices with reasonable security features.

RI S.B. 835
Status: Pending
Authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity.

Tennessee

TN H.B. 725
Status: Failed
Establishes the exclusive standards for data security, licensees' investigations of cybersecurity events, and licensees' notification of cybersecurity events to the commissioner and affected consumers; provides that a licensee is a person, as defined, and does not include a purchasing group or risk retention group chartered and licensed in another state or a person acting as an assuming insurer and domiciled in another state or jurisdiction.

TN H.B. 766
Status: Enacted
Establishes the exclusive standards for data security, licensees' investigations of cybersecurity events, and licensees' notification of cybersecurity events to the commissioner and affected consumers; provides that a licensee is a person, as defined, and does not include a purchasing group or risk retention group chartered and licensed in another state or a person acting as an assuming insurer and domiciled in another state or jurisdiction.

TN H.B. 925
Status: Enacted
Requires the state-level safety team to include cybersecurity policies and procedures in the template safety plan that Local Education Agencies must adopt as part of their comprehensive district-wide and building-level school safety plans.

TN S.B. 1211
Status: Enacted
Clarifies that wireless communication includes text messages sent and received on smart devices for purposes of the Anti-Phishing Act.

TN S.B. 1425
Status: Pending--carryover
Requires the state-level safety team to include cybersecurity policies and procedures in the template safety plan that Local Education Agencies must adopt as part of their comprehensive district-wide and building-level school safety plans.

Texas

TX H.B. 2
Status: Enacted
Relates to making supplemental appropriations and reductions in appropriations and giving direction and adjustment authority regarding appropriations.

TX H.B. 244
Status: Failed -adjourned
Relates to the establishment of a grant program for promoting computer science certification and professional development in coding, technology applications, and computer science for public school teachers.

TX H.B. 1118
Status: Enacted
Relates to state agency and local government compliance with cybersecurity training requirements.

TX H.B. 1180
Status: Failed--adjourned
Relates to the creation of the Fiscal Risk Management Commission.

TX H.B. 2065
Status: Failed--adjourned
Relates to the composition of the cybersecurity council.

TX H.B. 2066
Status: Failed--adjourned
Relates to emergency management for cybersecurity events threatening this state.

TX H.B. 2160
Status: Failed--adjourned
Relates to requiring the Department of Information Resources to conduct a study concerning the cybersecurity of small businesses.

TX H.B. 3298
Status: Failed--adjourned
Relates to computer science and technology applications in public schools, including the essential knowledge and skills of the technology applications curriculum, the establishment of a computer science strategic advisory committee, and the establishment of a computer science and technology applications professional development grant program for public school teachers.

TX H.B. 3390
Status: Enacted
Relates to the purchase of cybersecurity insurance coverage by the State Department of Transportation.

TX H.B. 3743
Status: Failed--adjourned
Relates to cybersecurity and privacy regarding distance learning in public schools and prohibiting ransomware payments by certain governmental entities.

TX H.B. 3791
Status: Failed--adjourned
Relates to the Powers and duties of the State Electric Grid Security and Emergency Preparedness Advisory Council.

TX H.B. 3792
Status: Failed--adjourned
Relates to protecting the population of the state, its environment, and its most vulnerable communities, promoting the resilience of the electric grid and certain municipalities.

TX H.B. 3892
Status: Failed--adjourned
Relates to matters concerning governmental entities, including cybersecurity, governmental efficiencies, information resources, and emergency planning.

TX H.B. 4018
Status: Enacted
relates to legislative oversight and funding of improvement and modernization projects for state agency information resource

TX H.B. 4071
Status: Failed--adjourned
Relates to the requirements for the purchase of endpoint devices by a state agency.

TX H.B. 4196
Status: Failed--adjourned
Relates to the development by the Public Utility Commission of the state of physical security and cybersecurity practices for certain utilities.

TX H.B. 4256
Status: Failed--adjourned
Relates to the duties and oversight of the Department of Public Safety's office of inspector general regarding the use of cyber technology and activity.

TX H.B. 4395
Status: Failed--adjourned
Relates to state and local governments requirements to report security incidents to the Department of Information Resources.

TX H.B. 4397
Status: Failed--adjourned
Relates to a cybersecurity monitor for certain electric utilities.

TX S.B. 345
Status: Failed--adjourned
Relates to state agency and local government compliance with cybersecurity training requirements.

TX S.B. 475
Status: Enacted
Relates to state agency and local government information security, including establishment of the state risk and authorization management program and the State volunteer incident response team, authorizes fees.

TX S.B. 851
Status: Enacted
Relates to the composition of the cybersecurity council.

TX S.B. 1367
Status: Enacted
Relates to the regulation of commercial property and casualty insurance and insurance for certain large risks.

TX S.B. 1606
Status: Failed--adjourned
Relates to protecting the population of the state, its environment, and its most vulnerable communities, promoting the resilience of the electric grid and certain municipalities.

TX S.B. 1696
Status: Enacted
Relates to establishing a system for the sharing of information regarding cyber attacks or other cybersecurity incidents occurring in schools in this state.

TX S.B. 1908
Status: Failed--adjourned
Relates to the purchase of cybersecurity insurance coverage by the State Department of Transportation.

TX S.B. 2116
Status: Enacted
Relates to prohibiting contracts or other agreements with certain foreign-owned companies in connection with critical infrastructure in this state.

TX S.B. 2134
Status: Failed--adjourned
Relates to certain standardization in cybersecurity degree programs offered by public institutions of higher education.

TX S.B. 2135
Status: Failed--adjourned
Relates to pathways to assist students in transitioning from high school to postsecondary education in cybersecurity.

TX S.B. 2231
Status: Failed--adjourned
Relates to the resilience of the electric grid and certain municipalities.

Utah

UT H.B. 80
Status: Enacted
Creates affirmative defenses to certain causes of action arising out of a breach of system security.

Virginia

VA H.B. 30
Status: Enacted
Relates to the Budget Bill, provides for all appropriations of the Budget submitted by the Governor, provides a portion of revenues for upcoming biennium.

VA H.B. 322
Status: Failed - adjourned
Relates to Virginia Information Technologies Agency, relates to Cybersecurity Advisory Council created, relates to report, creates the Cybersecurity Advisory Council to assist the Chief Information Officer (CIO) of the Virginia Information Technologies Agency with the development of policies, standards, and guidelines for assessing security risks, determining appropriate security measures, and performing security audits of government electronic information, provides that make recommendations to the CIO.

VA H.B. 524
Status: Failed
Relates to the register of volunteer cybersecurity and information technology professionals, directs the Secretary of Administration to establish a register of cybersecurity and information technology professionals interested in volunteering to assist localities and school divisions, in collaborating on workforce development, and in providing mentorship opportunities.

VA H.B. 852
Status: Enacted
Relates to the Information Technologies Agency, requires the Chief Information Officer of the Information Technologies Agency to develop and annually update a curriculum and materials for training all state employees in information security awareness and in proper procedures for detecting, assessing, reporting, and addressing information security threats.

VA H.B. 957
Status: Failed
Relates to Virginia Cyber Initiative Act, directs the Virginia Information Technologies Agency to work with public and private institutions of higher education, state agencies, and businesses in the Commonwealth to develop a cyber alliance, to be known as the Virginia Cyber Initiative, to reduce cyber risks and encourage economic development in the cybersecurity field.

VA H.B. 1082
Status: Enacted
Amends the Emergency Services and Disaster Law, defines cyber incident for purposes of the Law as an event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, and physical or virtual infrastructure controlled by computers or information systems., makes technical corrections.

VA H.B. 1334
Status: Enacted
Establishes standards for insurance data security, for the investigation of a cybersecurity event, and for the notification to the Commissioner of Insurance and affected consumers of a cybersecurity event, requires insurers to develop, implement, and maintain a comprehensive written information security program based on an assessment of its risk that contains administrative, technical, and physical safeguards.

VA HJR 23
Status: Failed
Relates to study, relates to Department of Elections, relates to use of blockchain technology to protect voter records and election results, relates to report, requests the Department of Elections to conduct a study to determine the kinds of blockchain technology that could be used to secure voter records and election results, determine the costs and benefits of using such technology as compared to traditional registration and election security measures, and make recommendations.

VA HJR 64
Status: Adopted
Requests the Information Technologies Agency to study the Commonwealth's susceptibility, preparedness, and ability to respond to ransomware attacks, provides that in conducting its study, the Agency shall assess the Commonwealth's susceptibility to ransomware attacks at the state and local levels of government.

VA S.B. 378
Status: Enacted
Relates to computer trespass, relates to penalty, expands the crime of computer trespass to provide that the prohibited actions that constitute computer trespass are criminalized if done through intentionally deceptive means and without authority, specifies that a computer hardware or software provider, an interactive computer service, or a telecommunications or cable operator does not have to provide notice of its activities to a computer user that a reasonable computer user should expect may occur.

VA S.B. 641
Status: Failed - adjourned
Relates to civil action, relates to sale of personal data, requires a person that disseminates, obtains, maintains, or collects personal data about a consumer for a fee to implement security practices to protect the confidentiality of a consumer's personal data, obtain express consent of a parent of a minor before selling the personal data of such minor, provide access to consumers to their own personal data that is held by the entity, and refrain from maintaining or selling data.

VA S.B. 1003
Status: Enacted
Relates to computer crimes, provides that any person, who, without the intent to receive any direct or indirect benefit, maliciously sends an electronically transmitted communication containing a false representation intended to cause another person to spend money, and such false representation causes such person to spend money, is guilty of a Class 1 misdemeanor.

Vermont

VT H.B. 274
Status: Pending--carryover
Relates to consumer protection and collection of consumer information.

VT H.B. 304
Status: Pending--carryover
Relates to creating the crime of extortion by introducing ransomware.

VT H.B. 431
Status: Enacted
Relates to miscellaneous energy subjects. Provides that records relating to a regulated utility's cybersecurity program, assessments, and plans, including all reports, summaries, compilations, analyses, notes, or other cybersecurity information are not public records.

VT H.B. 439
Status: Enacted
Makes appropriations in support of government for the fiscal year. Provides that the Secretary shall prepare and submit a strategic plan for information technology and cybersecurity, concurrent with the Governor's annual budget request required under 32 V.S.A. Section 306. Provides funding to the Agency of Digital Services cybersecurity - core infrastructure replacement and router replacements for public safety connections to the municipalities.

Washington

WA H.B. 1068
Status: Enacted
Exempts election security information from public records disclosure.

WA H.B. 1190
Status: Pending - carryover
Fosters economic growth in Washington by supporting emerging businesses in the new space economy.

WA S.B. 5092
Status: Enacted
Makes 2021-2023 fiscal biennium operating appropriations.

WA S.B. 5432
Status: Enacted
Concerns cybersecurity and data sharing in Washington state government.

Wisconsin

WI A.B. 147
Status: Pending
Imposes requirements related to insurance data cybersecurity, grants rule making authority.

WI S.B. 160
Status: Pending
Imposes requirements related to insurance data cybersecurity, grants rule making authority.

West Virginia

WV H.B. 2763
Status: Enacted
Creates cyber incident reporting.

Wyoming

WY S.B. 132
Status: Failed
Relates to the legislature, requires the joint corporations, elections and political subdivisions interim committee to study emergency preparedness and energy distribution in the event of a disruption of federal government operations, requires a report, provides for an effective date.

Puerto Rico

PR S.B. 118
Status: Pending
Amends Law 20 of 2017, the Law of the Department of Security, in order to add functions and powers to the Office of Security Information Management, which are essential to really achieve the implementation of the system interoperability of communications and that it has a proper and accurate operation.

Powered by LexisNexis State NetLexisNexis Terms and Conditions

Additional Resources