Cybersecurity Legislation 2021

4/2/2021

cybersecurity

Overview

The COVID-19 pandemic caused disruption and major shifts in the way government and businesses operated in the past year. Cybersecurity risks increased due to the sudden move to a remote workforce that often had fewer and less robust security measures in place. Cybercriminals found ways to take advantage of these conditions and of people's fears related to the coronavirus.

Recent unprecedented cyberattacks, such as the Solarwinds incident, which breached many company and federal and state government systems, also have kept cybersecurity a priority for many state lawmakers. 

2021 Introductions

At least 42 states and Puerto Rico introduced or considered more than 300 bills or resolutions that deal significantly with cybersecurity. Some of the areas seeing the most legislative activity include measures:

  • Requiring government agencies to implement training or specific types of security policies and practices and improving incidence response and preparedness.
  • Regulating cybersecurity within the insurance industry or addressing cybersecurity insurance.
  • Creating task forces, councils or commissions to study or advise on cybersecurity issues.
  • Supporting programs or incentives for cybersecurity training and education.

State appropriations for cybersecurity are listed here only if they are significant or focused on specific statewide mandates or state projects to be funded. Other related security issues include election security (see NCSL's Elections database) and cybersecurity threats to the energy infrastructure and other critical infrastructure (see NCSL's Energy Program resources). Other NCSL resources address related topics such as security breach laws and legislation, privacy and other issues. 

 

2021 Cybersecurity Legislation

Alaska

AK H.B. 3
Status: Pending
Relates to the definition of disaster.

Alabama

AL S.B. 165
Status: Pending
Public records, Alabama Public Records Act created, method of request for public records and manner of appeal, established, Office of Public Access Counselor, established, Sections 36-12-40, 36-12-41 repealed.

Arizona

AZ S.B. 1159
Status: Pending
Relates to technical correction, relates to electromagnetic pulse preparedness.

California

CA A.B. 327
Status: Pending
Add the California Privacy Protection Agency as one of the organizations whose representatives comprise the California Cybersecurity Integration Center. Declare that its provisions further the purposes and intent of the California Privacy Rights Act of 2020.

CA A.B. 581
Status: Pending
Requires all state agencies, as generally defined, to review and implement specified National Institute of Standards and Technology (NIST) guidelines for, among other things, reporting, coordinating, publishing, and receiving information about a security vulnerability relating to information systems and the resolution thereof, no later than July 1, 2022.

CA A.B. 809
Status: Pending
Requires state agencies not covered by the policies and procedures issued by the Office of Information Security within the Department of Technology to adopt and implement information security and privacy policies, standards, and procedures based upon standards issued by the National Institute of Standards and Technology and the Federal Information Processing Standards.

CA A.B. 953
Status: Pending
Requires the Department of Fish and Wildlife to separately track and account for all revenues collected under the above filing fee provision and all costs incurred in its role as a responsible agency or trustee agency under the California Environmental Quality Act.

CA A.B. 1352
Status: Pending
Authorizes the Military Department, at the request of a local educational agency, to perform an independent security assessment of the local educational agency, or an individual schoolsite under its jurisdiction, the cost of which to be funded by the local educational agency, as specified.

CA S.B. 468
Status: Pending
Includes an electromagnetic pulse attack among those conditions constituting a state of emergency or local emergency.

Colorado

CO H.B. 1236
Status: Pending
Concerns the modification of certain statutory provisions to reflect the current state information technology environment. Provides that the Colorado cybersecurity council may develop a whole-of-state cybersecurity approach for the state and for local governments, including the coordination and setting of strategic statewide cybersecurity goals, roadmaps, and best practices. The council also may review the need to conduct risk assessments of local government systems and providing additional cybersecurity services to local governments.

Connecticut

CT H.B. 5868
Status: Pending
Requires an online listing of all cyberattacks or data breaches in the state, establishes a central location that lists all cyberattacks or data breaches in the state.

CT H.B. 6161
Status: Failed
Creates a tax safe harbor for business entities adopting a recognizable best practice cybersecurity plan.

CT H.B. 6607
Status: Pending
Incentivizes the adoption of cybersecurity standards for businesses by allowing businesses that adopt certain cybersecurity framework to plead an affirmative defense to any cause of action that alleges that a failure to implement reasonable cybersecurity controls resulted in a data breach concerning personal or restricted information.

CT S.B. 4
Status: Failed
Requires the Public Utilities Regulatory Authority to apply net neutrality principles to broadband Internet access service providers and enforce such principles with civil penalties, directs the authority to conduct studies on cybersecurity and data privacy laws in the state, extends the crime of stalking in the second degree to certain electronic disclosures of personal identifiable information without consent.

CT S.B. 719
Status: Failed
Establishes a task force to study and develop recommendations concerning protection from, and prevention of, cyber attacks.

CT S.B. 720
Status: Failed
Concerns data privacy, net neutrality, cyber security and fairness in data usage in the new age of a digital workforce, protects the economy and online learning from data breaches and limits on broadband usage.

Florida

FL H.B. 1297
Status: Pending
Relates to cybersecurity, requires audit plans of inspector general to include certain information, revises provisions to replace references to it and computer security with references to cybersecurity, provides and revises requirements for Department of Management Services, acting through State Digital Service, creates State Cybersecurity Advisory Council within Department of Management Services, provides purpose of council.

FL S.B. 1900
Status: Pending
Relates to cybersecurity, requires certain audit plans of an inspector general to include certain information, revises provisions to replace references to information technology security and computer security with references to cybersecurity, provides that certain employees shall be assigned to selected exempt service, creates the Florida Cybersecurity Advisory Council within the Department of Management Services.

Georgia

GA H.B. 134
Status: To Governor
Relates to open and public meetings, so as to exclude meetings relating to cybersecurity contracting and planning from open meeting requirements, relates to inspection of public records, so as to provide an exemption for certain documents relating to cybersecurity plans and systems, provides for related matters, provides for an effective date, repeals conflicting laws.

GA H.B. 156
Status: Enacted
Relates to military, emergency management, and veterans affairs, so as to provide for additional powers and duties related to homeland security and the military, facilitates the sharing of information and reporting of cyber attacks, requires governmental agencies and utilities to report any cyber attacks to the director of emergency management and homeland security, provides for certain reports and records related to cyber attacks to be exempt from public disclosure, relates to workforce development.

GA H.B. 159
Status: Pending
Relates to military, emergency management, and veterans affairs, so as to establish the State Cybersecurity Review Board, provides for membership and duties of the board, provides for definitions, requires the board, in conjunction with the Georgia Technology Authority, to establish cybersecurity training for employees of all state agencies, provides for adverse employment action if such training is not completed.

GA H.B. 260
Status: Pending
Relates to selling and other trade practices, so as to provide for legislative findings, provides standards for cybersecurity programs to protect businesses from liability, provides for affirmative defenses for data breaches of private information, provides for related matters, provides for an effective date, repeals conflicting laws.

GA S.B. 52
Status: Pending
Relates to selling and other trade practices, so as to provide for legislative findings, provides standards for cybersecurity programs to protect businesses from liability, provides for affirmative defenses for data breaches of private information, provides for related matters, provides for an effective date, repeals conflicting laws.

Hawaii

HI H.B. 454
Status: Pending
Establishes an income tax credit for investment in qualified businesses that develop cybersecurity and artificial intelligence.

HI H.B. 739
Status: Pending
Requires manufacturers of connected devices to equip the devices with reasonable security features regarding information collected, unauthorized access, or the destruction or use of the devices.

HI H.B. 946
Status: Pending
(Governor Bill Package) Adopts the national conference of insurance commissioners' insurance data security model law to establish insurance data security standards for state insurance licensees.

HI H.B. 957
Status: Pending
(Governor Bill Package) Establishes the Hawaii state fusion center as a program under the office of homeland security as described in chapter 128a, Hawaii Revised Statutes, establishes the position of Hawaii state fusion center director.

HI S.B. 1002
Status: Pending
Requires manufacturers of connected devices to equip the devices with reasonable security features regarding information collected, unauthorized access, or the destruction or use of the devices.

HI S.B. 1100
Status: Pending
(Governor Bill Package) Enacts the National Association of Insurance Commissioners' Insurance Data Security Model Law to establish insurance data security standards for Hawaii insurance licensees.

HI S.B. 1111
Status: Pending
(Governor Bill Package) Establishes the state fusion center as a program under the Office of Homeland Security, establishes the position of state state fusion center director who shall be state funded responsible to the Director of Homeland Security and accountable to manage the operations of the center.

Iowa

IA D 1335
Status: Pending
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the commissioner of insurance, makes penalties applicable, includes effective date provisions.

IA H.B. 719
Status: Pending
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.

IA HSB 198
Status: Pending
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.

IA S.B. 553
Status: Pending
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.

IA SSB 1190
Status: Pending
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.

Idaho

ID H.B. 147
Status: Failed
Enacts the Insurance Data Security Act, establishes provisions regarding an information security program, provides for investigation and notice of a cybersecurity event, provides that the director of the department of insurance will have the power to examine and investigate certain matters, provides for confidentiality and sharing of documents, materials, and other information, provides exceptions, provides that the chapter does not create a private cause of action, provides for penalties.

Illinois

IL H.B. 1588
Status: Pending
Amends the Information Security Improvement Act, makes a technical change in a section concerning the short title.

IL H.B. 2869
Status: Pending
Amends the Local Records Act, provides that a unit of local government, acting through its governing board, may authorize the use of technology to execute its duties, or assist in the execution of certain portions of public duties, where those technologies utilize commonly accepted methods of data storage and cybersecurity, and the unit of local government otherwise continues adherence to the Local Records Act.

IL H.B. 3030
Status: Pending
Creates the Cybersecurity Compliance Act, creates an affirmative defense for every covered entity that creates, maintains, and complies with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of either personal information or both personal information and restricted information and that reasonably conforms to an industry-recognized cybersecurity framework, prescribes requirements for the cybersecurity program.

IL H.B. 3040
Status: Pending
Creates the Insurance Data Security Act, requires any person licensed, authorized to operate, or registered as an insurer in accordance with the insurance Laws of this State to conduct a risk assessment of cybersecurity threats, implement appropriate security measures, and no less than annually assess the effectiveness of the safeguards' key controls, systems, and procedures.

IL H.B. 3204
Status: Pending
Amends the Information Security Improvement Act, makes a technical change in a section concerning the short title.

IL H.B. 3523
Status: Pending
Amends the Emergency Management Agency Act, expands the definition of disaster to include a cyber attack.

IL S.B. 350
Status: Pending
Amends the Freedom of Information Act, exempts from disclosure risk and vulnerability assessments, security measures, schedules, certifications, and response policies or plans that are designed to detect, defend against, prevent, or respond to potential cyber attacks upon the state's or an election authority's network systems, or records that the disclosure of which would, in any way, constitute a risk to the proper administration of elections or voter registration.

IL S.B. 2506
Status: Pending
Amends the Local Records Act, provides that a unit of local government, acting through its governing board, may authorize the use of technology to execute its duties, or assist in the execution of certain portions of public duties, where those technologies utilize commonly accepted methods of data storage and cybersecurity, and the unit of local government otherwise continues adherence to the Local Records Act.

Indiana

IN H.B. 1169
Status: Pending
Relates to cybersecurity incidents, requires the office of technology to maintain a repository of cybersecurity incidents, provides that a state agency and a political subdivision shall report any cybersecurity incident to the office without unreasonable delay and not later than two business days after discovery of the cybersecurity incident in a format prescribed by the chief information officer, allows the office of technology to assist a state agency with certain issues concerning information technology.

Kansas

KS H.B. 2292
Status: Pending
Creates exemptions in the Open Records Act for cyber security assessments, plans and vulnerabilities.

KS S.B. 250
Status: Pending
Amends the state Cybersecurity Act, requires security training for all state agencies, provides for certain information to be provided to the Joint Committee on Information Technology.

Louisiana

LA H.B. 128
Status: Pending
Provides relative to the powers and duties of the Cash Management Review Board with respect to financial security and cybersecurity plans and procedures adopted by state agencies, including the assessment and deployment of such plans and procedures.

Massachusetts

MA HD 573
Status: Pending
Ensures cyber security in the Commonwealth.

MA HD 582
Status: Pending
Relates to cybersecurity standards in government procurements.

MA HD 2720
Status: Pending
Relates to cyber procurement insurance.

MA SD 399
Status: Pending
Establishes a Cybersecurity Control and Review Commission.

MA SD 2327
Status: Pending
Relates to cyber crime prevention in schools.

Maryland

MD H.B. 38
Status: Pending
Relates to the Department of Information Technology.

MD H.B. 148
Status: Pending
Relates to the Personal Information Protection Act.

MD H.B. 425
Status: Pending
Prohibits a person from committing a certain prohibited act with the intent to interrupt or impair the functioning of a health care facility or a public school, prohibits a person from knowingly possessing certain ransomware with the intent to use the ransomware for purposes of introduction into a computer, network or system of another person, alters and establishes certain penalties, authorizes a victim of a certain offense to bring a civil action for damages against a certain person.

MD H.B. 587
Status: Pending
Requires each unit of State government to submit a certain report related to information technology and cybersecurity to the Department of Information Technology on or before a certain date each year, establishes the required contents of certain reports, requires the Department to compile and analyze certain information and report to each unit of State government and the General Assembly certain information and recommendations by a certain date of each year.

MD H.B. 717
Status: Pending
Provides for the target per pupil foundation amount in fiscal year 2022, requires each county board of education to use not less than 7% of the target per pupil foundation amount to provide certain technology resources to students, authorizes a local school system, at the end of each fiscal year, to hold unused funds in a special fund to be used in a subsequent fiscal year, requires a county board that allocates certain funding to follow certain information technology security standards.

MD H.B. 824
Status: Pending
Requires the State Department of Education, the Behavioral Health Administration within the Maryland Department of Health, the Maryland Center for School Safety, and the Department of Information Technology jointly to develop and publish a cyber safety guide and training course on safe Internet, social media, and technology usage for certain students, parents, and school employees to be implemented beginning in the 2022-2023 school year, requires the guide to be posted on certain websites.

MD H.B. 879
Status: Pending
Establishes the Cybersecurity Coordination and Operations Office within the Maryland Emergency Management Agency to help improve statewide cybersecurity readiness and response, requires the Director of MEMA to appoint an Executive Director as head of the Office, requires the Office to be provided with sufficient staff to perform the Office's functions.

MD H.B. 1129
Status: Pending
Requires the Department of Information Technology, in coordination with the Maryland Cybersecurity Council, to develop criteria for the certification of certain cybersecurity training programs for use by State and local government employees required to complete cybersecurity training each year, certify at least 20 programs, review and update certain certification standards at certain times, and maintain a list of all certified programs on its website.

MD H.B. 1306
Status: Pending
Alters the duties of the Maryland Cybersecurity Council to include monitoring and evaluating certain election security measures and high-speed Internet access in the State, requires the Council to make recommendations concerning any legislative changes considered necessary by the Council to address election security and high-speed Internet access.

MD S.B. 49
Status: Pending
Relates to cybersecurity.

MD S.B. 69
Status: Pending
Relates to the emergency management agency.

MD S.B. 112
Status: Pending
Relates to the Personal Information Protection Act.

MD S.B. 160
Status: Pending
Relates to the Cybersecurity Investment Incentive Tax Credit Program.

MD S.B. 231
Status: Pending
Relates to cyber safety guide and training course.

MD S.B. 348
Status: Failed
Relates to information technology.

MD S.B. 351
Status: Pending
Relates to protection of information.

MD S.B. 623
Status: Pending
Prohibits a person from committing a certain prohibited act with the intent to interrupt or impair the functioning of a health care facility or a public school, prohibits a person from knowingly possessing certain ransomware with the intent to use the ransomware to restrict access by authorized persons and demanding payment to remove the ransomware, authorizes a victim of a certain offense to bring a civil action for damages against a certain person.

MD S.B. 734
Status: Pending
Requires the Department of Information Technology to issue certain standards and guidelines for units of State government for the appropriate use and management of certain Internet of Things devices under certain circumstances, requires the Department to review and revise its standards and guidelines at least once every 5 years to ensure that they are at least as comprehensive as the standards and guidelines adopted by the Director of NIST.

MD S.B. 770
Status: Pending
Provides for the target per pupil foundation amount in fiscal year 2022, requires each county board of education to use not less than 7% of the target per pupil foundation amount to provide certain technology resources to students, authorizes a local school system, at the end of each fiscal year, to hold unused funds in a special fund to be used in a subsequent fiscal year, requires a county board that allocates certain funding to follow certain information technology security standards.

MD S.B. 873
Status: Pending
Requires the Department of Information Technology, in coordination with the Maryland Cybersecurity Council, to develop criteria for the certification of certain cybersecurity training programs for use by State and local government employees required to complete cybersecurity training each year, certify at least 20 programs, review and update certain certification standards at certain times, and maintain a list of all certified programs on its website.

MD S.B. 902
Status: Pending
Establishes the Cyber Workforce Program in the Partnership for Workforce Quality Program, provides for the purpose of the Cyber Program, requires the Secretary of Commerce to direct the Cyber Program, requires the Secretary to establish certain criteria and priorities for assistance under the Cyber Program, requires the Secretary to submit a certain report on the operation and performance of the Cyber Program.

MD S.B. 917
Status: Pending
Requires each unit of State government and certain local agencies to submit a certain report related to information technology and cybersecurity to the Department of Information Technology on or before September 1 each year, establishes the required contents of certain reports, requires the Department to compile and analyze certain information and report to each unit of State government and the General Assembly certain information and recommendations by December 31 each year.

Maine

ME H.B. 17
Status: Enacted
Enacts the Maine Insurance Data Security Act, establishes standards for information security programs based on ongoing risk assessment for protecting consumers' personal information, establishes requirements for the investigation of and notification to the Superintendent of Insurance regarding cybersecurity events.

ME H.B. 672
Status: Pending
(Concept Draft) Protects data privacy and security in elections, proposes to protect data privacy and security in elections.

ME LR 114
Status: Pending
Enacts the Maine Insurance Data Security Act.

ME LR 1607
Status: Pending
Protects data privacy and security in elections.

ME  3
Establishes the state of Maine Cybersecurity Advisory Council.

Minnesota

MN H.B. 66
Status: Pending
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments.

MN H.B. 1913
Status: Pending
Relates to insurance, establishes an Insurance Data Security Law.

MN S.B. 1174
Status: Pending
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments, proposes coding for new law.

MN S.B. 1606
Status: Pending
Relates to insurance, establishes an Insurance Data Security Law.

Missouri

MO H.B. 1204
Status: Pending
Establishes the Missouri Cybersecurity Commission.

Mississippi

MS H.B. 633
Status: Enacted
Creates the Mississippi Computer Science and Cyber Education Equality Act, authorizes and directs the Mississippi Department of Education to implement a mandatory k 12 computer science curriculum based on the Mississippi College and Career Readiness Standards for computer science, which includes instruction in, but not limited to, computational thinking, cyber related, programming, cyber security, data science, robotics and other computer science and cyber related content.

MS S.B. 2678
Status: Failed
Creates the Mississippi Computer Science and Cyber Education Equality Act, authorizes and directs the Mississippi Department of Education to implement a mandatory K 12 computer science curriculum based on the state college and career readiness standards for computer science which includes instruction in, but not limited to, computational thinking, computer programming, cyber security, data science, robotics and other computer science and cyber related content.

MS  1
Creates a Task Force on State Cybersecurity, directs the Task Force to develop recommendations and proposals to identify vulnerabilities of systems, staffing, training and technologies with state agencies.

Montana

MT H.B. 614
Status: Pending
Revises the workforce development provisions of the Health and Economic Livelihood Partnership act, establishes allowable uses of workforce development funding, requires contracting for training and education programs, extends rulemaking authority.

MT  13
Continues the Montana Information Security Advisory Council.

Nevada

NV BDR 63
Status: Pending
Revises provisions relating to cyber security.

New Hampshire

NH H.B. 137
Status: Pending
Exempts certain statewide standards and protocols relative to information technology, networks, telephony, and cyber security developed by the department of information technology from a specified rulemaking.

NH H.B. 425
Status: Pending
Establishes certain technical committees and a cybersecurity advisory committee in the Department of Information Technology.

NH H.B. 487
Status: Pending
Establishes an information technology supply chain risk authority.

NH LSR 546
Status: Pending
Establishes the position of chief information security officer and deputy chief information security officer in the department of information technology.

NH LSR 643
Status: Failed
Relates to cyber security incident reporting and recommended cyber security standards for political subdivisions.

New Jersey

NJ A.B. 442
Status: Pending
Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks.

NJ A.B. 1378
Status: Pending
Directs New Jersey Cyber security and Communications Integration Cell to develop cyber security prevention best practices and awareness materials for consumers in this state.

NJ A.B. 1396
Status: Pending
Concerns information security standards and guidelines for state and local government.

NJ A.B. 1654
Status: Pending
Requires state, county, and municipal employees and certain state contractors to complete cybersecurity awareness training.

NJ A.B. 2083
Status: Pending
Establishes the crime of cyber interference, defined as tampering or interfering with any software, computer, cell phone, or any other electronic device, with the purpose to harass another.

NJ A.B. 2852
Status: Pending
Directs state Cybersecurity and Communications Integration Cell, Office of Information Technology, and state Big Data Alliance to develop advanced cyberinfrastucture strategic plan.

NJ A.B. 3308
Status: Pending
Clarifies the crime of unlawful access concerning certain password protected communications in electronic storage.

NJ A.B. 3684
Status: Pending
Requires state employees to receive best cybersecurity practices.

NJ A.B. 3834
Status: Pending
Concerns debarment of contractors for conviction of certain computer-related crimes.

NJ A.B. 3984
Status: Pending
Creates affirmative defense for certain breaches of security.

NJ A.B. 4825
Status: Pending
Revises cybersecurity, asset management, and related reporting requirements in Water Quality Accountability Act.

NJ AJR 40
Status: Pending
Urges Secretary of State to assure Legislature and public that State's electoral system is protected from foreign computer hackers.

NJ AJR 66
Status: Pending
Establishes Technology Task Force.

NJ AJR 153
Status: Pending
Designates October of each year as Cyber Security Awareness Month.

NJ S.B. 343
Status: Pending
Directs the state Cybersecurity and Communications Integration Cell, Office of Information Technology, and the state Big Data Alliance to develop an advanced cyberinfrastucture strategic plan.

NJ S.B. 647
Status: Pending
Revises cybersecurity, asset management, and related reporting requirements in Water Quality Accountability Act.

NJ S.B. 1233
Status: Pending
Requires certain persons and business entities to maintain comprehensive information security program.

NJ S.B. 1619
Status: Pending
Clarifies crime of unlawful access concerning certain password protected communications in electronic storage.

NJ S.B. 2155
Status: Pending
Requires Economic Development Authority to establish program offering low interest loan to certain financial institutions and personal data businesses to protect business's information technology system from customer personal information disclosure.

NJ S.B. 3062
Status: Pending
Creates affirmative defense for certain breaches of security.

New Mexico

NM H.B. 70
Status: Failed -
Relates to domestic terrorism, defines "denial of service attack", defines "school", "community center", "place of worship" and "public accommodation", creates the crimes of terrorism, cyberterrorism, possessing a terroristic weapon and making a terroristic threat, provides penalties, provides for concurrent jurisdiction of crimes under the antiterrorism act, requires information sharing and reporting.

New York

NY A.B. 749
Status: Pending
Authorizes continuing care retirement communities to adopt a written cybersecurity policy, requires such policies to be self-certified and approved by the superintendent.

NY A.B. 3900
Status: Pending
Establishes a commission to study the European Union's general protection data regulation and the current state of cybersecurity in the state.

NY A.B. 4490
Status: Pending
Enacts the "computer spyware protection act", prohibits the installation, transmission and use of computer software that collects personally identifiable information, authorizes the Attorney General to bring a civil action against any person who violates any provision of this section, seeks damages ranging from one thousand dollars to one million dollars.

NY A.B. 4567
Status: Pending
Establishes the School District Cyber Crime Prevention Services Program to provide school districts with information on strategies, best practices and programs offering training and assistance in the prevention of cyber crimes in school districts or otherwise affecting school districts, provides further that information on eligibility and applications for financial assistance be made available to school districts.

NY A.B. 4581
Status: Pending
Establishes the misdemeanor of interfering in the election process by electronic means.

NY A.B. 4640
Status: Pending
Requires the Department of Education to provide annual notifications to school districts to combat cyber crime.

NY A.B. 4892
Status: Pending
Creates the crime of cyberterrorism and calculating damages caused by computer tampering, cyberterrorism shall be a class B felony.

NY S.B. 118
Status: Pending
Establishes the misdemeanor of interfering in the election process by electronic means.

NY S.B. 348
Status: Pending
Requires the Department of Education to provide annual notifications to school districts to combat cyber crime.

NY S.B. 349
Status: Pending
Establishes the school district cyber crime prevention services program.

NY S.B. 2087
Status: Pending
Amends the Tax Law, relates to a business tax credit for purchase of data breach insurance.

NY S.B. 2652
Status: Pending
Amends the State Technology Law, requires governmental entities to implement multifactor authentication for local and remote network access.

NY S.B. 3213
Status: Pending
Directs that state agencies require that procurement of personal computing goods, services and solutions meet the National Institute of Standards and Technology Cybersecurity Framework.

NY S.B. 5410
Status: Pending
Elevates all computer tampering offenses by one degree in severity.

North Dakota

ND D 198
Status: Pending
Relates to cybersecurity incident reporting requirements.

ND H.B. 1064
Status: Failed
Relates to the powers and duties of the information technology department.

ND H.B. 1314
Status: Enacted
Relates to cybersecurity incident reporting requirements.

ND H.B. 1417
Status: Enacted
Relates to the Powers and duties of the information technology department.

ND S.B. 2075
Status: Enacted
Relates to third party software access to insurance policy information.

Ohio

OH H.B. 116
Status: Pending
Enacts the Computer Crimes Act.

Oklahoma

OK H.B. 1759
Status: Pending
Relates to crimes and punishments, relates to the Oklahoma Computer Crimes Act, modifies definition, defines term, expands scope of certain prohibited acts, makes certain acts unlawful, provides construing provision, provides an effective date.

Oregon

OR S.B. 293
Status: Pending
Directs office of State Chief Information Officer to develop recommendations related to elevating consideration of privacy, confidentiality and data security measures in state government enterprise and shared information technology services, and to submit recommendations in report to certain interim committees of Legislative Assembly by specified date.

Pennsylvania

PA H.B. 2567 (2019)
Status: Failed -
Establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee, imposes duties on the Office of Information Technology, provides for administration of the Statewide Radio Network and imposes penalties.

PA H.B. 40
Status: Pending
Establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the joint cybersecurity oversight committee, imposes duties on the office of information technology, provides for administration of statewide radio network, imposes penalties.

PA S.B. 482
Status: Pending
Establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee, imposes duties on the Office of Information Technology, provides for administration of Statewide Radio Network, imposes penalties.

Rhode Island

RI H.B. 5200
Status: Pending
Adopts the National Association of Insurance Commissioners Cybersecurity Act which establishes the current cybersecurity standard for insurers doing business in this state.

RI H.B. 6042
Status: Pending
Authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity.

RI S.B. 340
Status: Pending
Establishes that manufacturers of devices capable of connecting to the Internet equip the devices with reasonable security features.

Tennessee

TN H.B. 925
Status: Pending
Requires the state-level safety team to include cybersecurity policies and procedures in the template safety plan that Local Education Agencies must adopt as part of their comprehensive district-wide and building-level school safety plans.

TN S.B. 1211
Status: Pending
Clarifies that wireless communication includes text messages sent and received on smart devices for purposes of the Anti-Phishing Act.

TN S.B. 1425
Status: Pending
Requires the state-level safety team to include cybersecurity policies and procedures in the template safety plan that Local Education Agencies must adopt as part of their comprehensive district-wide and building-level school safety plans.

Texas

TX H.B. 1118
Status: Pending
Relates to state agency and local government compliance with cybersecurity training requirements.

TX H.B. 1180
Status: Pending
Relates to the creation of the Fiscal Risk Management Commission.

TX H.B. 2065
Status: Pending
Relates to the composition of the cybersecurity council.

TX H.B. 2066
Status: Pending
Relates to emergency management for cybersecurity events threatening this state.

TX H.B. 2160
Status: Pending
Relates to requiring the Department of Information Resources to conduct a study concerning the cybersecurity of small businesses.

TX H.B. 3390
Status: Pending
Relates to the purchase of cybersecurity insurance coverage by the State Department of Transportation.

TX H.B. 3743
Status: Pending
Relates to cybersecurity and privacy regarding distance learning in public schools and prohibiting ransomware payments by certain governmental entities.

TX H.B. 3791
Status: Pending
Relates to the Powers and duties of the State Electric Grid Security and Emergency Preparedness Advisory Council.

TX H.B. 3792
Status: Pending
Relates to protecting the population of the state, its environment, and its most vulnerable communities, promoting the resilience of the electric grid and certain municipalities.

TX H.B. 3892
Status: Pending
Relates to matters concerning governmental entities, including cybersecurity, governmental efficiencies, information resources, and emergency planning.

TX H.B. 4196
Status: Pending
Relates to the development by the Public Utility Commission of the state of physical security and cybersecurity practices for certain utilities.

TX H.B. 4256
Status: Pending
Relates to the duties and oversight of the Department of Public Safety's office of inspector general regarding the use of cyber technology and activity.

TX H.B. 4395
Status: Pending
Relates to state and local governments requirements to report security incidents to the Department of Information Resources.

TX H.B. 4397
Status: Pending
Relates to a cybersecurity monitor for certain electric utilities.

TX S.B. 345
Status: Pending
Relates to state agency and local government compliance with cybersecurity training requirements.

TX S.B. 475
Status: Pending
Relates to state agency and local government information security, including establishment of the state risk and authorization management program and the State volunteer incident response team, authorizes fees.

TX S.B. 851
Status: Pending
Relates to the composition of the cybersecurity council.

TX S.B. 1606
Status: Pending
Relates to protecting the population of the state, its environment, and its most vulnerable communities, promoting the resilience of the electric grid and certain municipalities.

TX S.B. 1696
Status: Pending
Relates to establishing a system for the sharing of information regarding cyber attacks or other cybersecurity incidents occurring in schools in this state.

TX S.B. 1908
Status: Pending
Relates to the purchase of cybersecurity insurance coverage by the State Department of Transportation.

TX S.B. 2134
Status: Pending
Relates to certain standardization in cybersecurity degree programs offered by public institutions of higher education.

TX S.B. 2135
Status: Pending
Relates to pathways to assist students in transitioning from high school to postsecondary education in cybersecurity.

Utah

UT H.B. 80
Status: Enacted
Creates affirmative defenses to certain causes of action arising out of a breach of system security.

Virginia

VA H.B. 30
Status: Enacted
Relates to the Budget Bill, provides for all appropriations of the Budget submitted by the Governor, provides a portion of revenues for upcoming biennium.

VA H.B. 322
Status: Failed -
Relates to Virginia Information Technologies Agency, relates to Cybersecurity Advisory Council created, relates to report, creates the Cybersecurity Advisory Council to assist the Chief Information Officer (CIO) of the Virginia Information Technologies Agency with the development of policies, standards, and guidelines for assessing security risks, determining appropriate security measures, and performing security audits of government electronic information, provides that make recommendations to the CIO.

VA H.B. 524
Status: Failed
Relates to the register of volunteer cybersecurity and information technology professionals, directs the Secretary of Administration to establish a register of cybersecurity and information technology professionals interested in volunteering to assist localities and school divisions, in collaborating on workforce development, and in providing mentorship opportunities.

VA H.B. 852
Status: Enacted
Relates to the Information Technologies Agency, requires the Chief Information Officer of the Information Technologies Agency to develop and annually update a curriculum and materials for training all state employees in information security awareness and in proper procedures for detecting, assessing, reporting, and addressing information security threats.

VA H.B. 957
Status: Failed
Relates to Virginia Cyber Initiative Act, directs the Virginia Information Technologies Agency to work with public and private institutions of higher education, state agencies, and businesses in the Commonwealth to develop a cyber alliance, to be known as the Virginia Cyber Initiative, to reduce cyber risks and encourage economic development in the cybersecurity field.

VA H.B. 1082
Status: Enacted
Amends the Emergency Services and Disaster Law, defines cyber incident for purposes of the Law as an event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, and physical or virtual infrastructure controlled by computers or information systems., makes technical corrections.

VA H.B. 1334
Status: Enacted
Establishes standards for insurance data security, for the investigation of a cybersecurity event, and for the notification to the Commissioner of Insurance and affected consumers of a cybersecurity event, requires insurers to develop, implement, and maintain a comprehensive written information security program based on an assessment of its risk that contains administrative, technical, and physical safeguards.

VA HJR 23
Status: Failed
Relates to study, relates to Department of Elections, relates to use of blockchain technology to protect voter records and election results, relates to report, requests the Department of Elections to conduct a study to determine the kinds of blockchain technology that could be used to secure voter records and election results, determine the costs and benefits of using such technology as compared to traditional registration and election security measures, and make recommendations.

VA HJR 64
Status: Adopted
Requests the Information Technologies Agency to study the Commonwealth's susceptibility, preparedness, and ability to respond to ransomware attacks, provides that in conducting its study, the Agency shall assess the Commonwealth's susceptibility to ransomware attacks at the state and local levels of government.

VA S.B. 378
Status: Enacted
Relates to computer trespass, relates to penalty, expands the crime of computer trespass to provide that the prohibited actions that constitute computer trespass are criminalized if done through intentionally deceptive means and without authority, specifies that a computer hardware or software provider, an interactive computer service, or a telecommunications or cable operator does not have to provide notice of its activities to a computer user that a reasonable computer user should expect may occur.

VA S.B. 641
Status: Failed -
Relates to civil action, relates to sale of personal data, requires a person that disseminates, obtains, maintains, or collects personal data about a consumer for a fee to implement security practices to protect the confidentiality of a consumer's personal data, obtain express consent of a parent of a minor before selling the personal data of such minor, provide access to consumers to their own personal data that is held by the entity, and refrain from maintaining or selling data.

VA S.B. 1003
Status: Enacted
Relates to computer crimes, provides that any person, who, without the intent to receive any direct or indirect benefit, maliciously sends an electronically transmitted communication containing a false representation intended to cause another person to spend money, and such false representation causes such person to spend money, is guilty of a Class 1 misdemeanor.

Vermont

VT H.B. 274
Status: Pending
Relates to consumer protection and collection of consumer information.

VT H.B. 304
Status: Pending
Relates to creating the crime of extortion by introducing ransomware.

Washington

WA H.B. 1068
Status: To Governor
Exempts election security information from public records disclosure.

WA H.B. 1190
Status: Pending
Fosters economic growth in Washington by supporting emerging businesses in the new space economy.

WA S.B. 5432
Status: Pending
Concerns cybersecurity and data sharing in Washington state government.

Wisconsin

WI A.B. 147
Status: Pending
Imposes requirements related to insurance data cybersecurity, grants rule making authority.

WI S.B. 160
Status: Pending
Imposes requirements related to insurance data cybersecurity, grants rule making authority.

West Virginia

WV H.B. 2763
Status: Pending
Creates cyber incident reporting.

Wyoming

WY S.B. 132
Status: Failed
Relates to the legislature, requires the joint corporations, elections and political subdivisions interim committee to study emergency preparedness and energy distribution in the event of a disruption of federal government operations, requires a report, provides for an effective date.

Puerto Rico

PR S.B. 118
Status: Pending
Amends Law 20 of 2017, the Law of the Department of Security, in order to add functions and powers to the Office of Security Information Management, which are essential to really achieve the implementation of the system interoperability of communications and that it has a proper and accurate operation.

Powered by LexisNexis State NetLexisNexis Terms and Conditions

Additional Resources