Alabama |
AL H 101 |
Failed-adjourned |
Relates to insurance; requires insurers and other entities licensed by the Department of Insurance to develop, implement, and maintain an information security program; provides for reporting to the Commissioner of Insurance, including the reporting of cybersecurity events; provides that information provided to the commissioner pursuant to this act would be confidential and privileged under certain conditions; provides for civil penalties under certain conditions. |
Alabama |
AL S 54 |
Enacted, Chap. 98 |
Relates to insurance; requires insurers and other entities licensed by the Department of Insurance to develop, implement, and maintain an information security program; provides for reporting to the Commissioner of Insurance, including the reporting of cybersecurity events; provides that information provided to the commissioner pursuant to this act would be confidential and privileged under certain conditions; provides for civil penalties under certain conditions. |
Alabama |
AL S 109 |
Failed |
Relates to elections; provides that tampering with, hacking, or otherwise manipulating an electronic voting machine or misusing a voting machine is a Class B felony; makes certain enumerated actions relating to voter fraud, whereby a voter takes an unlawful action when voting by absentee ballot, a Class A misdemeanor. |
Arkansas |
AR H 1128 |
Enacted, Act 149 |
Amends the law concerning the authority of the Governor to order the militia into service, authorizes the use of the militia to address cybersecurity threats and cybersecurity vulnerabilities. |
Arkansas |
AR H 1500 |
Enacted, Act 599 |
Provides for the security of the plans of emergency service agencies, prevents, investigates, or responds to incidents of terrorism and mass destruction, provides for the security of investigative files and documents, amends the Homeland Security Information Act. |
Arkansas |
AR S 632 |
Enacted, Act 1085 |
Enacts the Cyber Initiative Act, authorizes the Economic Development Commission to support a cyber alliance in order to reduce cyber risks and encourage economic development. |
Arizona |
AZ H 2177 |
Enacted, Chap. 45 |
Revises provisions relating to the Regulatory Sandbox Program, revises certain definitions, relates to temporary testing of an innovation without otherwise being licensed, revises provisions relating to the application process and requirements, provides for financial products and services, requires the employment of cybersecurity measures to avoid breaches. |
Arizona |
AZ H 2489 |
Failed - Adjourned |
Relates to election procedures oversight committee. |
Arizona |
AZ S 1470 |
Failed - Adjourned |
Relates to automatic voter registration, relates to database, relates to agencies. |
California |
CA A 74 |
Enacted, Chap. 23 |
Makes appropriations for the support of state government for the upcoming fiscal year, including appropriating funds to establish and operate the office of elections cybersecurity. Provides that activities performed by the office shall be designed so as to minimize overlap and in coordination with statewide cybersecurity efforts performed by the California Cybersecurity Integration Center. |
California |
CA A 190 |
Pending |
Makes appropriations for the support of state government for the 2019-20 fiscal year, including appropriating funds to establish and operate the office of elections cybersecurity. Provides that activities performed by the office shall be designed so as to minimize overlap and in coordination with statewide cybersecurity efforts performed by the California Cybersecurity Integration Center. |
California |
CA A 814 |
Enacted, Chap. 16 |
Clarifies that, for purposes of the prohibition against unlawfully accessing a computer system, a computer system includes devices or systems that are located within, connected to, or integrated with, a motor vehicle. |
California |
CA A 1043 |
Enacted, Chap. 46 |
Authorizes the expenditure of campaign funds to pay for, or reimburse the state for, the installation and monitoring of hardware, software, and services related to the cybersecurity of the electronic devices of a candidate, elected officer, or campaign worker. Requires a candidate or elected officer to report any expenditure of campaign funds for these purposes to the Fair Political Practices Commission in the candidate or officer's campaign statements. |
California |
CA A 1044 |
Enacted, Chap. 106 |
Authorizes the Secretary of State to require an applicant to take a training course regarding data security as a condition for the receipt of voter registration information if that course is made available to the applicant at no cost to the applicant. Clarifies that required reports by elections officers may include information about the identity of, and contact information for, the elections official who is responsible for conducting elections in the jurisdiction. |
California |
CA A 1242 |
Pending |
Requires each state agency to submit a summary of actual and project costs, information security costs, and to comply with the policies and procedures issued by the Office of Information Security. Defines state agency for these purposes to mean every state office, officer, department, division, bureau, board, and commission, except for the California State University. |
California |
CA A 1376 |
Pending |
Requires the Department of Veterans Affairs to collaborate with specified state agencies to establish a veterans' preference to be applied to employment opportunities within the field of cybersecurity that require a security clearance. |
California |
CA A 1469 |
Pending |
Requires the Bureau of Household Goods and Services, in consultation with stake holders, to conduct a review of its accepted trade standards for good and workmanlike repair to determine whether additional regulations need to be Adopted concerning privacy and security implications of connected devices. |
California |
CA A 1566 |
Pending |
Establishes the California Cyber Range Pilot Project, under the administration of the California Cybersecurity Institute, to test the overall feasibility of the pilot project through a yearlong, multiphased effort. Requires the pilot project to produce a scalable model for a permanent California Cyber Range Program. |
California |
CA S 73 |
Pending |
Makes appropriations for the support of state government for the upcoming fiscal year, including appropriating funds to establish and operate the office of elections cybersecurity. Provides that activities performed by the office shall be designed so as to minimize overlap and in coordination with statewide cybersecurity efforts performed by the California Cybersecurity Integration Center. |
California |
CA S 239 |
Pending |
Requires the prosecution for a felony violation of crimes relating to computer services and systems, as specified, to be commenced within three years after discovery of the commission of the offense, or within three years after the completion of the offense, whichever date is later. |
California |
CA SR 54 |
Adopted |
Proclaims the month of October 2019, and every October thereafter, to be National Cybersecurity Awareness Month in the state. |
Connecticut |
CT H 5417 |
Failed - Adjourned |
Establishes a task force to study the use of blockchain technology to manage elector information. |
Connecticut |
CT H 5989 |
Failed |
Offers protection to certain business data holders in the event of a data breach. |
Connecticut |
CT H 7321 |
Failed - Adjourned |
Requires the Secretary of the State to appoint an individual to serve in the office of the Secretary of the State in a cyber security role, limits, in certain situations, the type of information provided when voter registration records are provided, requires that each voting tabulator has a certain number of memory cards programmed for use with such tabulator, provides for security analysis of such memory cards by the University of State. |
Connecticut |
CT H 7424 |
Enacted, Chap. 117 |
Concerns the state budget for the upcoming biennium, makes appropriations therefor, implements provisions of the budget. Enacts the "Insurance Data Security Law." |
Connecticut |
CT S 709 |
Failed - Adjourned |
Creates a division of cyber security within the Department of Emergency Services and Public Protection. |
Connecticut |
CT S 811 |
Failed - Adjourned |
Increases penalties for computer crimes against financial institutions and their customers. |
Connecticut |
CT S 903 |
Failed - Adjourned |
Revises the standards governing insurance data and information security, notices following cybersecurity events, and investigations of cybersecurity events. |
Delaware |
DE H 174 |
Enacted, Chap. 176 |
Enacts the Insurance Data Security Act. Establishes standards for data security for Title 18 licensees and standards for the investigation of and notification to the Commissioner of a cybersecurity event affecting Title 18 licensees. |
Delaware |
DE S 153 |
Enacted, Chap. 185 |
Relates to information technology ("IT") recommendations of the Government Efficiency and Accountability Review ("GEAR") Board established by Governor Carney's Executive Order Four; modernizes Chapter 90C of Title 29 of the Delaware Code and authorizes the establishment of a shared it services model for state agencies. Sets forth state information security requirements. |
Florida |
FL H 327 |
Enacted, Chap. 2019-37 |
Relates to public meetings, exempts from public meetings requirements certain exempt information concerning information technology systems held by specified utilities, provides for future legislative review and repeal of the exemption, provides a statement of public necessity. |
Florida |
FL H 735 |
Failed |
Relates to blockchain technology, establishes the Blockchain Working Group in the Department of Management Services, provides for membership and duties of the Working Group, requires the Working Group to submit a report to the Governor and the Legislature and make presentations, requires the Department to provide support staff and other assistance. |
Florida |
FL H 1393 |
Enacted, Chap. 140 |
Establishes a Florida Blockchain Task Force to study the ways in which state, county, and municipal governments can benefit from a transition to a blockchain-based system for recordkeeping, security, and service delivery. Provides that the Task Force will develop and submit recommendations concerning the potential for blockchain-based systems to promote government efficiencies, better services for citizens, economic development, and safer cyber-secure interaction between government and the public. |
Florida |
FL H 2249 |
Failed |
Relates to the appropriations project titled Volusia County Schools Cyber Security Program, provides an appropriation. |
Florida |
FL H 2383 |
Failed |
Relates to the Appropriations Project titled Saint Petersburg College - Public Safety and Cybersecurity, provides an appropriation. |
Florida |
FL H 3147 |
Failed |
Relates to the Appropriations Project titled University of West State Cybersecurity Support, provides an appropriation. |
Florida |
FL H 5001 |
Failed |
Makes appropriations, including funds to county supervisors of elections for cybersecurity initiatives. |
Florida |
FL H 5301 |
Enacted, Chap. 2019-118 |
Relates to information technology reorganization. Requires a state chief information security officer, who must have experience and expertise in security and risk management for communications and information technology resources, be designated..Creates the Florida Cybersecurity Task Force. |
Florida |
FL H 7047 |
Enacted, Chap. 2019-32 |
Relates to a review under the Open Government Sunset Review Act, provides a public records exemption for information received by the Department of Legal Affairs pursuant to a notification of a security breach or during the course of an investigation of such breach, removes the scheduled repeal of the exemption. |
Florida |
FL PCB 6047 |
Failed-adjourned |
Relates to a review under the Open Government Sunset Review Act; amending s. 501.171, F.S., which provides a public records exemption for information received by the Department of Legal Affairs pursuant to a notification of a security breach or during the course of an investigation of such breach; removing the scheduled repeal of the exemption. |
Florida |
FL PCB 6089 |
Failed - adjourned |
Relates to information technology reorganization, transfers all powers, duties, functions, records, offices, personnel, associated administrative support positions, property, Pending issues and existing contracts, administrative authority, certain administrative rules, trust funds and unexpended balances of appropriations, allocations, and other funds of the Agency for State Technology to the Department of Management Services by a type two transfer. |
Florida |
FL S 450 |
Failed |
Relates to public meetings, provides an exemption from public meeting requirements for portions of a meeting at which certain exempt records related to the security of the technology, processes, or practices of certain utilities and the security of existing or proposed information technology systems or industrial control systems of certain utilities are discussed or may otherwise be revealed, provides for future legislative review and repeal of the exemption. |
Florida |
FL S 1024 |
Enacted, Chap. 52 |
Establishes the State Blockchain Task Force to explore and develop a master plan for fostering the expansion of the blockchain industry in the state, to recommend policies and state investments to help make this state a leader in blockchain technology, and to issue a report, requires the study to include if and how state, county, and municipal governments can benefit from a transition to a blockchain based system for recordkeeping, data security, financial transactions, and service delivery. |
Florida |
FL S 1570 |
Failed |
Relates to information technology reorganization. |
Florida |
FL S 2500 |
Enacted, Chap. 115 |
Makes appropriations, including funds to county supervisors of elections for cybersecurity initiatives. |
Florida |
FL S 7008 |
Failed |
Relates to a review under the Open Government Sunset Review Act, which provides a public records exemption for information received by the Department of Legal Affairs pursuant to a notification of a security breach or during the course of an investigation of such breach, removes the scheduled repeal of the exemption. |
Florida |
FL SPB 7008 |
Failed-adjourned |
Provides a public records exemption for information received by the Department of Legal Affairs pursuant to a notification of a security breach or during the course of an investigation of such breach. |
Georgia |
GA H 30 |
Enacted, Chap. 3 |
Appropriates funds to the Georgia Cyber Innovation and Training Center to enhance cybersecurity technology for private and public industries through unique education, training, research, and practical applications. |
Georgia |
GA H 31 |
Enacted, Chap. 319 |
Appropriates funds for cybersecurity training and cybersedurity initiatives in schools. |
Georgia |
GA H 641 |
Pending - Carryover |
Relates to general provisions regarding the Georgia Bureau of Investigation, so as to grant the Georgia Bureau of Investigation Powers and duties to identify and investigate violations of Article 6 of Chapter 9 of Title 16 of the Official Code of Georgia Annotated, the Georgia Computer Systems Protection Act, and other computer crimes, provides for subpoena power by the bureau for such investigations, provides for related matters, repeals conflicting laws. |
Georgia |
GA S 21 |
Pending - Carryover |
Relates to competencies and core curriculum, requires each local board of education to prescribe mandatory instruction concerning cybersecurity in every year in every grade from kindergarten through grade 12, provides for a definition, requires the State Board of Education to prescribe a minimum course of study in cybersecurity, provides for duties of the State School Superintendent. |
Georgia |
GA SR 228 |
Adopted |
Recognizes 2019 as Cybersecurity Career Awareness Year in Georgia. |
Georgia |
GA E.O. 182 |
Reconstitutes the Government Systems Cybersecurity Review Board. All Executive Branch agencies shall ensure that employees complete at least one form of cybersecurity training within ninety (90) days of this Executive Order. An employee's failure to comply with this Order shall result in formal disciplinary action, up to and including termination. |
Hawaii |
HI H 1553 |
Pending--Carryover |
Establishes the Hawaii State Fusion Center to, among other things, Integrate information technology, cybersecurity, and cybercrime prevention, and cyber and analytic capabilities, and improve situational awareness related to critical infrastructure or key resources protection of lifelines. |
Iowa |
IA D 1175 |
Pending - Carryover |
Relates to Secretary of State, elections technical bill. |
Iowa |
IA H 39 |
Pending - Carryover |
Relates to student data collection by the Department of Education, school districts, and accredited nonpublic schools. |
Iowa |
IA H 692 |
Enacted |
Relates to the conduct of state and local elections, providing penalties, and including effective date elections provisions, provides for penalties for using voter registration information, including resale or redistribution of the voter registration list without written permission of the state registrar, for purposes other than those permitted. |
Iowa |
IA HSB 49 |
Pending - Carryover |
Relates to the administration of elections, provides penalties, includes effective date provisions. |
Iowa |
IA S 204 |
Pending - Carryover |
Provides for an affirmative defense to certain claims relating to personal information security breach protection. |
Iowa |
IA S 575 |
Pending - Carryover |
Relates to the conduct of state and local elections, provides penalties, includes effective date provisions. |
Iowa |
IA SSB 1078 |
Pending - Carryover |
Relates to the administration of elections. |
Iowa |
IA SSB 1241 |
Pending - Carryover |
Relates to the conduct of state and local elections, provides penalties. |
Illinois |
IL H 2829 |
Pending |
Creates the Financial Institution Cybersecurity Act, provides that persons and entities operating under the authority of the Secretary of Financial and Professional Regulation under the Banking Act, the Insurance Code, the Savings Bank Act, the Credit Union Act, the Corporate Fiduciary Act, and the Residential Mortgage License Act must maintain a cybersecurity program to protect the confidentiality of their information system. |
Illinois |
IL H 3017 |
Pending |
Creates the Veterans Cyber Academy Pilot Program Act, provides that the Department of Veterans' Affairs shall establish and implement a pilot program to provide veterans residing in the state with access to cyber security training, certification, apprenticeships, and additional resources to enter the cyber security field of work, provides that the pilot program shall run from January 1, 2021 to December 31, 2023, provides specified requirements to the department in implementing the pilot program. |
Illinois |
IL H 3391 |
Pending |
Creates the Security of Connected Devices Act, requires manufacturers of connected devices to equip the device with security features that are designed to protect the device and any information the device contains from unauthorized access, destruction, use, modification, or disclosure. |
Illinois |
IL HJR 1 |
Pending |
Extends the sunset date of the operation of the Cybersecurity Task Force, reconstitutes the focus and membership of the Task Force. |
Illinois |
IL HJR 2 |
Pending |
Creates the Return Illinois To Prosperity Commission to review and evaluate the creation of a State Bank, provides that the mission of a State Bank would include supporting economic development by increasing access to capital for agriculture, businesses, and industry and providing stability to the local financial sector. |
Illinois |
IL S 240 |
Pending |
Creates the Consumer Credit Reporting Agency Registration and Cybersecurity Program Act, provides for requirements for consumer credit reporting agency registration, contains provisions regarding grounds for revocation and suspension of a registration, provides that by a certain date, a consumer credit reporting agency must have a cybersecurity program documented in writing and designed to protect the confidentiality, integrity and availability of its information systems. |
Illinois |
IL S 1622 |
Pending |
Amends the Election Code, provides that no voting machine used or purchased by an election authority may be made, manufactured, or assembled outside the United States or constructed with parts made, manufactured, or assembled outside the United States, including, but not limited to, any hardware or software, provides that, in provisions concerning voting machines, precinct tabulation optical scan technology voting systems, and direct recording electronic voting systems,. |
Illinois |
IL S 1719 |
Pending |
Creates the Keep Internet Devices Safe Act, provides that a digital device is an internet connected device that contains a microphone, provides that no private entity may turn on or enable a digital device's microphone unless the registered owner or person configuring the device is provided certain notices in a consumer agreement, provides that a manufacturer of a digital device that does not cause to be turned on or otherwise use a digital device's microphone is not subject to the restrictions on its use. |
Illinois |
IL S 1863 |
Pending |
Amends the Freedom of Information Act, exempts from disclosure risk and vulnerability assessments, security measures, schedules, certifications, and response policies or plans that are designed to detect, defend against, prevent, or respond to potential cyber attacks upon the State's or an election authority's network systems, or records that the disclosure of which would, in any way, constitute a risk to the proper administration of elections or voter registration. |
Indiana |
IN S 4 |
Enacted, Public Law 15 |
Provides that a permit for the discharge from a wastewater treatment plant may not be issued unless the application contains a cybersecurity plan. Excludes the cybersecurity plan from public access. |
Indiana |
IN S 558 |
Enacted, Public Law 157 |
Relates to election security, requires the Secretary of State to refer suspected criminal violations of election law for investigation by the appropriate prosecuting attorney, establishes an administrative enforcement mechanism for enforcement of election laws other than campaign finance laws, requires the statewide voter registration file to employ two factor authentication to restrict access. |
Indiana |
IN S 560 |
Enacted, Public Law 278 |
Relates to various election law matters, removes provisions relating to candidates for President of the United States filing ballot placement requests with the secretary of state, provides that the election division annual training conference for county election officials must include information on cybersecurity and physical security practices for the statewide voter registration system, voting systems, and polling places. |
Indiana |
IN S 570 |
Enacted, Public Law 71 |
Relates to election cyber security, includes a definition of VSTOP voting system technical oversight program in the election code, requires the secretary of state to establish proficiency standards for individuals who are authorized to access the statewide voter registration file, requires such individuals to meet the proficiency standards in order to access the file, requires the county election board to deliver voting systems and electronic poll books to precincts and vote centers. |
Kansas |
KS H 2209 |
Enacted, Chap. 54 |
Concerns insurance, relates to life insurance unfair or deceptive acts or practices, third party administrator license and renewal application fees, purchase of cybersecurity insurance, association health plans, and healthcare benefit coverage, establishes the Unclaimed Life Insurance Benefits Act. |
Kentucky |
KY HR 171 |
Adopted |
Urges the Kentucky Cabinet for Economic Development to work with state and federal officials and study the issue of blockchain technology. |
Kentucky |
KY S 14 |
Failed - Adjourned |
Provides definitions relating to personal information, provides certain personal information that shall be protected from disclosure by a public agency or third party contractor through redaction or other means, provides a list of covered persons, provides guidelines for contracts between a public agency and a third party contractor. |
Kentucky |
KY S 195 |
Failed - Adjourned |
Requires a manufacturer of a connected device offered for sale in Kentucky to equip the device with reasonable security features appropriate to the nature and function of the device and to the information it may collect, contain, or transmit, and designed to protect the device from unauthorized access, destruction, use, modification, or disclosure, defines authentication, connected device, manufacturer, and unauthorized access, destruction, use, modification, of disclosure. |
Louisiana |
LA H 74 |
Enacted, Chap. 292 |
Creates the crime of trespass against state computers, provides for elements of the crime, provides for criminal penalties. |
Louisiana |
LA H 325 |
Failed - Adjourned |
Prohibits the registrar of voters, clerk of court, and Department of State from disclosing specified computer system information. |
Louisiana |
LA H 442 |
Failed - Adjourned |
Establishes the State Cyber security and Information Technology Infrastructure Fund, dedicates revenues into the fund. |
Louisiana |
LA H 448 |
Failed - Adjourned |
Establishes the State Cyber security and Information Technology Infrastructure Fund, dedicates revenues into the fund. |
Louisiana |
LA H 511 |
Failed - Adjourned |
Creates the Louisiana Cybersecurity Talent Initiative Fund for the purpose of funding degree and certificate programs in cybersecurity Fields and the Cybersecurity Education Management Council to advise relative to the fund. |
Louisiana |
LA HCR 67 |
Adopted |
Requests Louisiana Economic Development to study cybersecurity issues faced by businesses in compliance with the Cybersecurity Framework Standards promulgated by the National Institute of Standards and Technology. |
Louisiana |
LA S 46 |
Enacted, Chap. 187 |
Authorizes entities to monitor, share, and receive certain information relative to cyber threats, authorizes certain defensive measures, relates to certain security and information controls, provides for confidentiality of certain information. |
Louisiana |
LA SCR 123 |
Adopted |
Creates a task force to develop and plan a tabletop exercise that tests and strengthens the infrastructure required to combat cyber threats. |
Massachusetts |
MA H 223 |
Pending |
Relates to the security of personal financial information. |
Massachusetts |
MA H 287 |
Pending |
Protects the privacy and security of biometric information. |
Massachusetts |
MA H 2690 |
Pending |
Establishes a task force to study the need for increased cyber security within government agencies. |
Massachusetts |
MA H 2692 |
Pending |
Relates to cybersecurity standards in state contracts or procurements. |
Massachusetts |
MA H 2728 |
Pending |
Provides that state agencies procuring information technology goods or services give preference to vendors that carry cybersecurity insurance. |
Massachusetts |
MA HD 3239 |
Pending |
Updates chapter 93H data security protections to include biometric information. |
Massachusetts |
MA S 315 |
Pending |
Relates to cyber security education in schools. |
Massachusetts |
MA S 1822 |
Pending |
Relates to cybersecurity insurance preference in state contracts. |
Massachusetts |
MA S 1887 |
Pending |
Establishes a Cybersecurity Control and Review Commission. |
Massachusetts |
MA S 2056 |
Pending |
Relates to the cybersecurity of the internet connected devices and autonomous vehicles. |
Maryland |
MD H 211 |
Failed - Adjourned |
Prohibits a person from committing a certain prohibited act with the intent to interrupt or impair the functioning of a health care facility, prohibits a person from knowingly possessing certain ransomware with the intent to use that ransomware for a certain purpose, alters and establishes certain penalties, authorizes a victim of a certain offense to bring a civil action for damages against a certain person, provides for the recovery of attorney's fees and court costs in an action brought under the Act. |
Maryland |
MD H 397 |
Enacted, Chap. 301 |
Requires the Emergency Number Systems Board to establish certain minimum standards, alters the purposes of the 9-1-1 Trust Fund beginning on a certain date, authorizes the use of money collected from a certain 9-1-1 fee to pay certain costs, alters the amount of and method for calculating the 9-1-1 fee and a certain additional charge. |
Maryland |
MD H 711 |
Failed |
Requires an online platform to make reasonable efforts to detect anonymous foreign political communications disseminated through the online platform and prevent the dissemination of anonymous foreign political communications through the online platform, requires an online platform to report certain information to the State Board of Elections within 48 hours after the online platform becomes aware that an anonymous foreign political communication has been disseminated through the online platform. |
Maryland |
MD H 716 |
Failed - Adjourned |
Requires certain units of State government to comply with certain standards and guidelines to ensure that the security of all information systems and applications is managed through a certain framework, requires certain units of State government to undertake activities comprising collection, processing, and sharing of personally identifiable information in good faith and in accordance with a certain provision of the Act. |
Maryland |
MD H 1315 |
Enacted, Chap. 455 |
Alters the locations of the Cyber Warrior Diversity Program in the state, specifies the amounts and uses of grants provided under the Program, alters the date by which governing entities must notify the State Higher Education Commission regarding enrollment. |
Maryland |
MD S 151 |
Failed - Adjourned |
Prohibits a person from committing a certain prohibited act with the intent to interrupt or impair the functioning of a health care facility, prohibits a person from knowingly possessing certain ransomware with the intent to use that ransomware for a certain purpose, alters and establishes certain penalties, authorizes a victim of a certain offense to bring a civil action for damages against a certain person, provides for the recovery of attorney's fees and court costs in an action brought under the Act. |
Maryland |
MD S 339 |
Enacted, Chap. 302 |
Requires a certain custodian of records to deny inspection of the part of a 9-1-1 communications record that depicts certain information, subject to a certain exception, requires the Emergency Number Systems Board to establish certain minimum standards, alters the purposes of the 9-1-1 Trust Fund beginning on a certain date, authorizes the use of money collected from a certain 9-1-1 fee to pay certain costs, alters the amount of and method for calculating the 9-1-1 fee and a certain additional charge. |
Maryland |
MD S 384 |
Failed - Adjourned |
Requires the State Board of Elections to adopt regulations that describe best practices for storage and security of voter registration information by certain persons, requires a person who has received a list of registered voters to disclose a breach in the secure storage of the voter registration information to the State Administrator of Elections as soon as possible after becoming aware of the breach. |
Maryland |
MD S 432 |
Enacted, Chap. 454 |
Alters the locations of the Cyber Warrior Diversity Program in the State, specifies the amounts and uses of certain grants provided under the Program, alters the date by which certain governing entities must notify the state Higher Education Commission regarding certain enrollment, requires the Commission to allocate certain funds to certain entities on a certain basis. |
Maryland |
MD S 581 |
Enacted, Chap. 211 |
Extends certain benefits under the More Jobs for Marylanders Program to businesses that locate or expand in opportunity zones in the state, alters the calculation the Governor shall use in determining the amount to include in the budget Reserve Fund, alters the information required to be contained in a certain report on the Tax Credit, provides for the heritage structure rehabilitation tax credit, provides for workforce housing projects. |
Maryland |
MD S 726 |
Failed - Adjourned |
Alters a certain definition under the State income tax credit for the purchase of cybersecurity technology or services to repeal a prohibition on a qualified buyer having 50 or more employees, applies the Act to all tax credit certificates issued after June 30, 2019. |
Michigan |
MI H 4348 |
Pending |
Provides executive recommendations for omnibus bill, including funding for improvement of the state's cybersecurity framework. |
Michigan |
MI S 205 |
Pending |
Provides executive recommendations for omnibus bill, including funding for cybersecurity. |
Minnesota |
MN H 14 |
Pending - Carryover |
Relates to elections, transfers and appropriates money for purposes of the Help America Vote Act, improves the administration and security of elections as authorized by federal law, including but not limited to modernizing, securing, and updating the statewide voter registration system and for cybersecurity upgrades as authorized by federal law, improving accessibility, preparing training materials, and training local election officials. |
Minnesota |
MN H 17 |
Pending - Carryover |
Appropriates money from the Help America Vote Act account for certain authorized purposes, provides for the purposes of modernizing, securing, and updating the statewide voter registration system and for cybersecurity upgrades as authorized by federal law. |
Minnesota |
MN H 102 |
Pending - Carryover |
Relates to public safety, expands crime of unauthorized computer access to include accessing a computer without penetrating security system. |
Minnesota |
MN H 1833 |
Pending - Carryover |
Modifies and establishes various provisions governing energy policy and finance, strengthens requirements for clean energy and energy conservation in the state, appropriates money, requires reports. |
Minnesota |
MN H 1949 |
Pending - Carryover |
Relates to state government, requires consideration of cloud computing service options in state agency information technology projects, requires technology infrastructure inventories and security risk assessments, requires completion of the consolidation of information technology services and a strategic workplan, requires a consolidation surcharge for certain agencies, mandates reports, defines terms. |
Minnesota |
MN H 2087 |
Pending - Carryover |
Relates to the operation of state government, appropriates money for the legislature, the governor's office, state auditor, attorney general, secretary of state, certain agencies, boards, and councils, changes provisions for administrative law judge salaries, revolving loan fund, cemeteries, and MERF. |
Minnesota |
MN H 2524 |
Pending - Carryover |
Relates to the secretary of state, creates a technology and cybersecurity account, provides for technology and cybersecurity maintenance. |
Minnesota |
MN H 2681 |
Pending - Carryover |
Relates to utilities, provides access rights to energy usage data maintained by utilities. |
Minnesota |
MN H 2721 |
Pending - Carryover |
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments. |
Minnesota |
MN H 2743 |
Pending - Carryover |
Relates to courts, increases certain court related fees, establishes a cyber security fee. |
Minnesota |
MN S 241 |
Failed |
Relates to state government, requires the use of reports produced by the statewide voter registration system, appropriates money from the Help America Vote Act account for certain authorized purposes, including cybersecurity upgrades. |
Minnesota |
MN S 1264 |
Pending - Carryover |
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments. |
Minnesota |
MN S 2097 |
Pending - Carryover |
Relates to state government, requires consideration of cloud computing service options in state agency information technology projects, requires technology infrastructure inventories and security risk assessments, requires completion of the consolidation of information technology services and a strategic workplan, requires a consolidation surcharge for certain agencies, mandates reports. |
Minnesota |
MN S 2726 |
Pending - Carryover |
Relates to the operation of state government, appropriates money for the Legislature, the Governor's office, State Auditor, Attorney General, Secretary of State, certain agencies, boards, and councils, changes provisions for administrative law judge salaries, revolving loan fund, cemeteries, and MERF. |
Minnesota |
MN S 2845 |
Pending - Carryover |
Relates to state government; requirements for state information technology security |
Minnesota |
MN H 3 a |
Failed - Adjourned |
Relates to public safety, modifies certain provisions relating to public safety, courts, corrections, sexual offenders, predatory offenders, vehicle operations, and firefighters, provides for a task force and working group, requires reports, provides for criminal penalties, appropriates money for courts, public safety, sentencing guidelines, corrections, human rights, Peace Officer Standards and Training Board, Private Detective Board, Guardian ad Litem Board, and Uniform Laws Commission. |
Minnesota |
MN H 8 a |
Failed - Adjourned |
Relates to the operation of state government, appropriates money for the legislature, the governor's office, state auditor, attorney general, secretary of state, and certain agencies, boards, councils, and retirement funds, changes provisions in state government operations, makes state payment terminology changes, adds provisions for presidential nomination primary, changes provisions for information technology, military and veterans affairs policy, gambling control board, and racing commission. |
Minnesota |
MN S 10a |
Enacted, Chap. 10 |
Appropriates money for government, including funds for enhancements to cybersecurity across state government and for elections cybersecurity upgrades. |
Missouri |
MO H 917 |
Failed - Adjourned |
Modifies provisions relating to elections. |
Mississippi |
MS H 613 |
Failed |
Exempts certain information technology records from the Mississippi Public Records Act, conforms to the provisions of this Act. |
Mississippi |
MS H 911 |
Failed |
Establishes the insurance data security law, provides the purpose and intent of the act, defines certain terms used in the act, requires insurance licensees in this state to develop, implement and maintain an information security program, requires certain investigation of a cyber security event, requires certain notification of a cyber security event, provides for certain confidentiality, provides exceptions to the act, provides for penalties for violations of the act. |
Mississippi |
MS S 2046 |
Enacted |
Exempts from the Public Records Act certain information technology related information that, if disclosed, could allow unauthorized access to the State's IT assets. |
Mississippi |
MS S 2768 |
Failed |
Authorizes and directs the Mississippi Department of Education to implement a mandatory k-12 computer science curriculum based on the Mississippi College and Career Readiness Standards for computer science which includes instruction in, but not limited to, computational thinking, cyber related, programming, cyber security, data science, robotics, and other computer science and cyber related content. |
Mississippi |
MS S 2831 |
Enacted |
Establishes the Insurance Data Security Law, provides the purpose and intent of the Act, defines certain terms used in the Act, requires insurance licensees in this state to develop, implement and maintain an information security program, requires certain investigation of a cybersecurity event, requires certain notification of a cybersecurity event, provides for certain confidentiality, provides exceptions to the Act, provides for penalties for violations of the Act. |
Montana |
MT D 1858 |
Failed |
Revises cybersecurity laws, relates to information technology. |
Montana |
MT H.B. 2 |
Enacted, Chap. 483 |
Appropriates money to various state agencies for the upcoming biennium, including funding for next generation antivirus software; cybersecurity staff; cybersecurity student programs; web application firewall; e-mail security gateway; security information and event management; analytics-driven security and continuous monitoring for threats; governance, risk, and compliance software; enterprise risk assessment; digital forensics lab; source code repository; security orchestration, automation and response; and outsourced professional services. Also provides that the State Information Technology Services Division shall report to the legislative finance committee quarterly on the Montana Cybersecurity Enhancement Project. |
Montana |
MT H 305 |
Enacted, Chap. 184 |
Revises the definition of state duty for special work by Montana National Guard personnel, provides state duty for special work is limited to existing provisions in preparation for declarations of emergencies and disasters and cyber security operations. |
North Carolina |
NC H 217 |
Enacted, Chap. 200 |
Makes miscellaneous and technical changes to the statutes relating to the Department of Information Technology, amends various statutes relating to state agency cybersecurity, amends various statutes relating to the Emergency Telephone Service and the 911 Board. |
North Carolina |
NC H 904 |
Pending |
Amends the identity theft protection act. |
North Carolina |
NC H 911 |
Pending |
Directs the Department of Information Technology to study and assess the threat of foreign technologies in state owned computer systems. |
North Carolina |
NC S 542 |
Pending |
Pertains to the cyber security regional training center. |
North Carolina |
NC S 666 |
Pending |
Appropriates funds for improved cyber security education and robotics education in school districts. |
North Dakota |
ND H 1048 |
Enacted, Chap. 469 |
Relates to the use of distributed ledger technologies, requires the Department of Information Technologies to research and develop the use of distributed ledger enabled platform technologies, such as blockchains, for computer controlled programs, data transfer and storage, and program regulation to protect against falsification, improve internal data security, and identify external hacking threats. |
North Dakota |
ND HCR 3004 |
Adopted |
Provides for a study of the potential benefits of blockchain technology in state government administration and affairs, including the cost-effectiveness and increased security of utilizing a blockchain technology electronic voting system. |
North Dakota |
ND S 2015 |
Enacted, Chap. 40 |
Provides an appropriation for defraying the expenses of the various divisions under the supervision of the director of the office of management and budget. |
North Dakota |
ND S 2110 |
Enacted, Chap. 468 |
Expands the powers and duties of the Information Technology Department to oversee cybersecurity strategy for all executive branch state agencies, including institutions under the control of the State Board of Higher Education, counties, cities, school districts, or other political subdivisions. |
North Dakota |
ND S 2209 |
Enacted, Chap. 375 |
Relates to protection for records related to critical infrastructure and security planning, mitigation, or threats. |
North Dakota |
ND S 2340 |
Enacted, Chap. 370 |
Revises provisions relating to the protection and confidentiality of records regarding emergency planning and response. |
Nebraska |
NE L 351 |
Pending - Carryover |
Provides for school district levy and bonding authority for cybersecurity and violence prevention. |
Nevada |
S.B. 21 |
Failed |
Relates to cybersecurity; enacts the Insurance Data Security Law; requires certain licensees with licenses or other authorizations related to the provision and administration of insurance to develop, implement and maintain an information security program that meets certain requirements; establishes requirements for the selection and oversight of third-party service providers by such licensees. |
Nevada |
S.B. 123 |
Enacted, Chap. 546 |
Enacts provisions governing the security and integrity of elections, including requiring an annual training class on cybersecurity for those who administer elections. Provides that any records of the Secretary of State or county or city clerk relating to the security of an election information system, including records relating to the prevention of a threat or attack on the security of an election information system, are confidential and not public records and may be disclosed only under certain limited circumstances. |
New Hampshire |
NH H 25 |
Enacted, Chap. 146 |
Makes appropriations for capital improvements for the biennium and extends certain lapse dates for previous appropriations. |
New Hampshire |
NH H 329 |
Enacted, Chap. 54 |
Permits a school board to review and adopt a data security plan at a non-public meeting. |
New Hampshire |
NH LSR 570 |
Pending |
Relates to review and adoption of school data security plans. |
New Hampshire |
NH LSR 781 |
Failed |
Establishes the insurance data security law. |
New Hampshire |
NH LSR 923 |
Pending |
Relates to the insurance data security law. |
New Hampshire |
NH S 194 |
Enacted, Chap. 309 |
Establishes the Insurance Data Security Law, updates and establishes standards for protection of consumers' non public information, requirements for investigation of a breach and notification to the Commissioner and consumers in the event of cyber security breaches relating to consumers' nonpublic information. |
New Jersey |
NJ A 730 |
Pending |
Clarifies crime of unlawful access concerning certain password protected communications in electronic storage. |
New Jersey |
NJ A 1766 |
Pending |
Requires certain persons and business entities to maintain comprehensive information security program. |
New Jersey |
NJ A 2355 |
Pending |
Concerns debarment of contractors for conviction of certain computer related crimes. |
New Jersey |
NJ A 3542 |
Pending |
Requires state, county, and municipal employees and certain state contractors to complete cybersecurity awareness training. |
New Jersey |
NJ A 3546 |
Pending |
Directs Rutgers Discovery Informatics Institute, the Office of Information Technology, and Big Data Alliance to develop an advanced cyber infrastructure strategic plan, appropriates funds. |
New Jersey |
NJ A 3613 |
Pending |
Revises provisions relating to the State Blockchain Initiative Task Force, requires the Task Force to study whether state, county, and municipal governments can benefit from a transition to a blockchain-based system for recordkeeping and service delivery. |
New Jersey |
NJ A 3659 |
Pending |
Requires Economic Development Authority to establish program offering low-interest loan to certain financial institutions and personal data businesses to protect business's information technology system from customer personal information disclosure. |
New Jersey |
NJ A 3922 |
Pending |
Requires state employees to review best cybersecurity practices. |
New Jersey |
NJ A 3983 |
Pending |
Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks. |
New Jersey |
NJ A 4247 |
Pending |
Concerns information security standards and guidelines for State and local government. |
New Jersey |
NJ A 4854 |
Pending |
Directs New Jersey Cybersecurity and Communications Integration Cell to develop cybersecurity prevention and awareness materials for businesses and to establish electronic mail fraud Internet website. |
New Jersey |
NJ A 4976 |
Pending |
Directs New Jersey Cyber security and Communications Integration Cell to develop cyber security prevention best practices and awareness materials for consumers in this state. |
New Jersey |
NJ A 5035 |
Pending |
Requires state election officials to coordinate with relevant federal officials regarding election security. |
New Jersey |
NJ A 5467 |
Pending |
Creates affirmative defense for certain breaches of security. |
New Jersey |
NJ AJR 54 |
Pending |
Designates October of each year as Cyber Security Awareness Month. |
New Jersey |
NJ AJR 86 |
Pending |
Urges Secretary of State to assure Legislature and public that State's electoral system is protected from foreign computer hackers. |
New Jersey |
NJ AR 194 |
Pending |
Urges Congress to appropriate additional federal funds to upgrade voting equipment and systems to address vulnerabilities to cyber attacks. |
New Jersey |
NJ S 998 |
Pending |
Requires Economic Development Authority (EDA) to establish program offering low-interest loan to certain financial institutions and personal data businesses to protect business's information technology system from customer personal information disclosure. |
New Jersey |
NJ S 1249 |
Pending |
Clarifies crime of unlawful access concerning certain password protected communications in electronic storage. |
New Jersey |
NJ S 2297 |
Enacted, Chap. 213 |
Revises provisions relating to the State Blockchain Initiative Task Force, relates to a study as to whether state, county, and municipal governments can benefit from a transition to a blockchain system for recordkeeping and service delivery, modifies membership of the Task Force. |
New Jersey |
NJ S 2692 |
Pending |
Requires certain persons and business entities to maintain a comprehensive information security program. |
New Jersey |
NJ S 3153 |
Pending |
Requires certain businesses to notify data subjects of collection of personally identifiable information and establishes certain security standards. |
New Jersey |
NJ S 3344 |
Pending |
Requires state election officials to coordinate with relevant federal officials regarding election security. |
New Jersey |
NJ S 3436 |
Pending |
Directs State Cybersecurity and Communications Integration Cell to develop cybersecurity prevention and awareness materials for businesses and to establish electronic mail fraud internet website. |
New Jersey |
NJ S 3488 |
Pending |
Directs State Cybersecurity and Communications Integration Cell to develop cybersecurity best practices and awareness materials for consumers in this State. |
New Jersey |
NJ S 3673 |
Pending |
Directs State Cybersecurity and Communications Integration Cell, Office of Information Technology, and State Big Data Alliance to develop an advanced cyberinfrastucture strategic plan. |
New Jersey |
NJ S 3738 |
Pending |
Requires State employees to receive best cybersecurity practices. |
New Jersey |
NJ S 3836 |
Pending |
Creates affirmative defense for certain breaches of security. |
New Jersey |
NJ SJR 22 |
Pending |
Urges Secretary of State to assure Legislature and public that State's electoral system is protected from foreign computer hackers. |
New Jersey |
NJ SR 113 |
Pending |
Urges Congress to appropriate additional federal funds for election security and voting equipment purposes. |
New Jersey |
NJ SJR 134 |
Pending |
Designates October of each year as Cyber Security Awareness Month. |
New Mexico |
NM H 7 |
Enacted, Chap. 60 |
Relates to higher education, creates centers of excellence at higher education institutions to promote development in the cybersecurity, sustainable agriculture, and renewable energy industries, and bioscience. |
Nevada |
NV A 33 |
Failed |
Revises provisions relating to the governance and oversight of information services for state agencies. |
Nevada |
NV S 21 |
Failed |
Relates to cybersecurity, enacts the Insurance Data Security Law, requires certain licensees with licenses or other authorizations related to the provision and administration of insurance to develop, implement and maintain an information security program that meets certain requirements, establishes requirements for the selection and oversight of third-party service providers by such licensees. |
Nevada |
NV S 69 |
Enacted, Chap. 392 |
Revises provisions relating to emergencies and cybersecurity. |
Nevada |
NV S 123 |
Enacted, Chap. 546 |
Revises provisions relating to elections. |
Nevada |
NV S 237 |
Failed |
Revises provisions relating to the security of elections. |
Nevada |
NV S 302 |
Enacted, Chap. 412 |
Revises provisions relating to personal information collected by governmental agencies. |
New York |
NY A 291 |
Pending |
Directs the commissioner of the division of homeland security and emergency services to work with other experts who maintain experience and knowledge in the area of cyber security to develop a cyber security action plan for New York state. |
New York |
NY A 465 |
Pending |
Enacts the Personal Information Protection Act, establishes a personal information bill of rights requiring parties having custody of residents personal identifying information to ensure the security thereof, provides for the approval of programs to secure personal identifying information by the office of information security, requires the notification of the division of state police and the subjects of information upon the breach of such information, directs the office of technology services to/. |
New York |
NY A 914 |
Pending |
Amends the Penal Law, relates to creating the crime of cyberterrorism and calculating damages caused by computer tampering, provides that cyberterrorism shall be a class B felony. |
New York |
NY A 1185 |
Pending |
Amends the Insurance Law, authorizes continuing care retirement communities to adopt a written cybersecurity policy, requires such policies to be self certified and approved by the superintendent. |
New York |
NY A 1351 |
Pending |
Directs the state board of elections to study and evaluate the use of blockchain technology to protect voter records and election results. |
New York |
NY A 1729 |
Pending |
Establishes a commission to study the European Union's general protection data regulation and the current state of cyber security in the state. |
New York |
NY A 2124 |
Pending |
Creates specific computer crimes as well as increasing penalties for crimes committed with the aid of a computer, provides for civil relief in cases of pornography on the internet, and penal sanctions in such cases. |
New York |
NY A 2229 |
Pending |
Requires manufacturers of connected devices to equip such devices with reasonable security features. |
New York |
NY A 4884 |
Pending |
Relates to creating the Modernized Voter Registration Act of New York, modernizes voter registration, promotes access to voting for individuals with disabilities, protects the ability of individuals to exercise the right to vote in elections for local and state office, makes an appropriation therefor. |
New York |
NY A 6514 |
Pending |
Establishes the offenses of phishing in the third degree, phishing in the second degree and phishing in the first degree, relates to the time in which prosecution of such offenses must be commenced. |
New York |
NY A 7682 |
Pending |
Relates to critical utility infrastructure security and responsibility, relates to the protection of critical infrastructure in the state, provides that an electric or gas corporation or municipality shall not share, disclose or otherwise provide access to a customer's electrical or gas consumption data. |
New York |
NY A 7913 |
Pending |
Removes the economic harm requirement from the felony commercial bribery statutes, expands the crime of larceny to include theft of personal identifying information, computer data, computer programs, and services, to adapt to modern technological realities, provides state jurisdiction and county venue over cases involving larceny of personal identifying information, computer data, and computer programs, where the victim is located in the state or the county. |
New York |
NY S 229 |
Pending |
Amends the Penal Law, relates to computer tampering. |
New York |
NY S 394 |
Pending |
Amends the Penal Law, elevates all computer tampering offenses by one degree in severity. |
New York |
NY S 2475 |
Pending |
Relates to computer related crimes. |
New York |
NY S 3172 |
Pending |
Establishes the offenses of phishing in the third degree, phishing in the second degree and phishing in the first degree, relates to the time in which prosecution of such offenses must be commenced. |
New York |
NY S 3625 |
Pending |
Amends the Insurance Law, promotes competitive property and casualty insurance markets for business to business insurance transactions. |
New York |
NY S 3973 |
Pending |
Requires manufacturers of connected devices to equip such devices with reasonable security features. |
New York |
NY S 4012 |
Pending |
Relates to the use of voice recognition features on certain products. |
New York |
NY S 4273 |
Pending |
Amends the Penal Law, relates to creating the crime of cyberterrorism and calculating damages caused by computer tampering, cyberterrorism shall be a class B felony. |
New York |
NY S 4444 |
Pending |
Establishes the computer security act, addressing the widespread problem of spyware, makes it illegal for third parties to knowingly and deceptively cause computer software to be copied onto personal computers that changes the computer users settings without permission, prevents users from resetting computers to the original preferences or removing third party software, secretly collects information about internet searches, disables the computers security software or causes related disruptive activities. |
New York |
NY S 4744 |
Pending |
Establishes a commission to study the European Unions general protection data regulation and the current state of cyber security in the state. |
New York |
NY S 5222 |
Pending |
Removes the specified amount economic harm requirement from the felony commercial bribery statutes, expands the crime of larceny to include theft of personal identifying information, computer data, computer programs, and services, to adapt to modern technological realities, provides state jurisdiction and county venue over cases involving larceny of personal identifying information, computer data, and computer programs, where the victim is located in the state or the county. |
New York |
NY S 5575 B |
Enacted, Chap. 117 |
Requires businesses have in place reasonable data security for private information, with a more flexible standard for small businesses, without creating new requirements for entities subject to existing or future regulations by any federal or other New York State government entity. Deems failure to provide required reasonable data security to be a violation of section 349 of the General Business Law, permitting the attorney general to bring suit but not any private plaintiff. |
New York |
NY S 6036 |
Pending |
Directs the state board of elections to study and evaluate the use of blockchain technology to protect voter records and election results. |
New York |
NY S 6195 |
Pending |
Relates to critical utility infrastructure security and responsibility, relates to the protection of critical infrastructure in the state, provides that an electric or gas corporation or municipality shall not share, disclose or otherwise provide access to a customer's electrical or gas consumption data. |
Ohio |
OH S 52 |
Enacted, Chap. 15 |
Creates the Civilian Cyber Security Reserve Forces, requires the Secretary of State as a member of the Homeland Security Advisory Council, requires the Secretary to appoint a Chief Information Security Officer, requires the Boards of Elections to audit election results, makes an appropriation. |
Ohio |
OH H 166 |
Status: Enacted, Chap. 10 |
Provides funding for cybersecurity initiatives, including for the establishment of a cyber range. The cyber range shall: (1) provide cyber training and education to K-12 students, higher education students, Ohio National Guardsmen, federal employees, and state and local government employees, and (2) provide for emergency preparedness exercises and training. |
Oklahoma |
OK H 2146 |
Pending - Carryover |
Creates a credit against income tax for qualified software or cybersecurity employees. |
Oklahoma |
OK H 2759 |
Enacted, Chap. 483 |
Relates to revenue and taxation, provides for certain qualified employers to make application to the Tax Commission, provides for income tax credit, specifies tax credit amount, imposes limitation on taxable years for which tax credit may be claimed, prohibits reduction of tax liability to less than zero, authorizes qualified employers to participate in designated economic incentives. |
Oklahoma |
OK S 261 |
Enacted, Chap. 163 |
Relates to election security, relates to the security of election materials, coercion, and election emergencies, authorizes post election audits for certain purposes, provides procedures, specifies the duties of the Secretary of State Election Board and the Secretary of County Election Board, specifies requirements relating to office space and arrangements for county election boards, prohibits providing false or misleading information to prevent registration or voting. |
Oklahoma |
OK S 584 |
Enacted, Chap. 331 |
Relates to public finance, relates to security risk assessments, establishes requirements for information security audit conducted by certain firm under certain basis, requires Information Services Division to assist in repairing vulnerabilities, provides an exception for certain agencies subject to certain mandatory cybersecurity standards, requires submission of information security audit findings, modifies requirement for submission of findings within certain time. |
Oklahoma |
OK S 746 |
Pending - Carryover |
Relates to income tax credits, establishes tax credits for certain software or cybersecurity employees, provides a specified amount for the credit, imposes a maximum number of taxable years for which the credit may be claimed, prohibits the use of the credit to reduce tax liability below a certain amount, provides for certain qualified employers to make application to the State Tax Commission. |
Oregon |
OR H 2395 |
Enacted, Chap. 193 |
Requires person that manufactures, sells or offers to sell connected device to equip connected device with reasonable security features that protect information that connected device collects, contains, stores or transmits from access, destruction, modification, use or disclosure that consumer does not authorize. |
Oregon |
OR H 3109 |
Failed |
Directs Oregon Business Development Department to study tax incentives for cyber security businesses and to report its findings to interim legislative committees related to economic development. |
Oregon |
OR H 3233 |
Failed |
Establishes program to improve cyber security of systems used to administer elections by encouraging independent technical experts, in cooperation with state election officials, local government election officials and election service providers, to identify and report election cyber security vulnerabilities. |
Oregon |
OR S 818 |
Failed |
Establishes program to improve cybersecurity of systems used to administer elections by encouraging independent technical experts, in cooperation with state election officials, local government election officials and election service providers, to identify and report election cybersecurity vulnerabilities. |
Oregon |
OR SCR 4 |
Failed |
Declares policy of the state concerning cybersecurity risks and need for proactive cybersecurity risk management. |
Pennsylvania |
PA H 140 |
Pending - Carryover |
Provides appropriations from the General Fund for the expenses of the Executive, Legislative and Judicial Departments of the Commonwealth, the public debt and the public schools for the fiscal year July 1, 2019, to June 30, 2020, and for the payment of Bills incurred and remaining unpaid at the close of the fiscal year ending June 30, 2019, provides appropriations from special funds and accounts to the Executive and Judicial Departments. |
Pennsylvania |
PA H 225 |
Pending - Carryover |
Amends the act, known as The Administrative Code of 1929, in organization of departmental administrative boards and commissions and of advisory boards and commissions, provides for Cyber security Innovation Commission. |
Pennsylvania |
PA S 487 |
Pending - Carryover |
Amends the act of December 22, 2005, known as the Breach of Personal Information Notification Act, provides for title of act, for definitions and for notification of breach, prohibits employees of the Commonwealth from using nonsecured Internet connections, provides for Commonwealth policy and for entities subject to the Health Insurance Portability and Accountability Act of 1996. |
Pennsylvania |
PA S 810 |
Pending - Carryover |
Relates to boards and offices; provides for information technology; establishes the Office of Information Technology and the Information Technology Fund; provides for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee; imposes duties on the Office of Information Technology; imposes penalties. |
Rhode Island |
RI H 5480 |
Failed--adjourned |
Establishes that manufacturers of devices capable of connecting to the Internet equip the devices with reasonable security features. |
Rhode Island |
RI H 5987 |
Failed--adjourned |
Criminalizes accessing the user account of another person without consent for the purpose of viewing or using information maintained on any electronic database, website, or account, with each instance constituting a separate offense. |
Rhode Island |
RI S 537 |
Failed--adjourned |
Establishes that manufacturers of devices capable of connecting to the Internet equip the devices with reasonable security features. |
South Carolina |
SC H 4293 |
Pending - Carryover |
Establishes the state Election Security Council, provides for the council's composition, duties, powers, and responsibilities, provides that after the effective date of this act, all voting systems used in the state shall utilize a paper based system using paper ballots tabulated by optical scanners as the ballot of record, requires the General Assembly to appropriate the funds necessary to purchase the voting systems required by this section. |
South Carolina |
SC S 374 |
Pending - Carryover |
Establishes the state Election Security Council, provides for the council's composition, duties, powers, and responsibilities, provides that after the effective date of this act all voting systems used in the state shall utilize a paper-based system using paper ballots tabulated by optical scanners as the ballot of record, requires the general assembly to appropriate the funds necessary to purchase the voting systems required by this section. |
Texas |
TX H 1 |
Status Enacted, Chap. 1353 |
Provides for appropriations for cybersecurity. |
Texas |
TX H 350 |
Failed - Adjourned |
Relates to the composition of the cybersecurity council. |
Texas |
TX H 351 |
Failed - Adjourned |
Relates to emergency management for cyber attacks against this state. |
Texas |
TX H 904 |
Failed - Adjourned |
Relates to requiring The University of Texas at San Antonio to conduct a study regarding cyber attacks against financial institutions in this state. |
Texas |
TX H 1421 |
Enacted, Chap. 1069 |
Relates to cybersecurity of voter registration lists and other election-related documents, systems, and technology, provides that the secretary of state shall adopt rules defining classes of protected election data and establishing best practices for identifying and reducing risk to the electronic use, storage, and transmission of election data and the security of election systems. |
Texas |
TX H 2401 |
Failed - Adjourned |
Relates to the requirement that state agency employees complete cyber security awareness training. |
Texas |
TX H 2591 |
Failed - Adjourned |
Relates to a cybersecurity monitor for certain electric utilities. |
Texas |
TX H 2689 |
Failed - Adjourned |
Relates to the designation of a cybersecurity coordinator by each school district. |
Texas |
TX H 2984 |
Enacted, Chap. 1149 |
Revises provisions relating to the essential knowledge and skills of the technology applications curriculum, establishes the Computer Science Strategic Advisory Committee to increase computer science instruction and participation in public schools. |
Texas |
TX H 3377 |
Failed - Adjourned |
Relates to a cyber security monitor for certain electric utilities. |
Texas |
TX H 3834 |
Enacted, Chap. 1308 |
Revises provisions relating to the requirement that certain state and local government employees and state contractors complete a cybersecurity training program certified by the State Cybersecurity Coordinator. |
Texas |
TX H 4214 |
Failed - Adjourned |
Relates to matters concerning governmental entities, including cyber security, governmental efficiencies, information resources, and emergency planning. |
Texas |
TX H 4539 |
Failed - Adjourned |
Relates to elections. |
Texas |
TX H 4597 |
Failed - Adjourned |
Relates to cybersecurity of state agencies. |
Texas |
TX HR 2180 |
Adopted |
Appropriates funds for the purpose of providing security vulnerability and penetration testing services and information security assessments to state agencies and institutions of higher education. |
Texas |
TX S 1 |
Status Failed-adjourned. |
Provides for appropriations for cybersecurity. |
Texas |
TX S 9 |
Failed - Adjourned |
Relates to election integrity, increases criminal penalties, creates a criminal offense, creates civil penalties. |
Texas |
TX S 64 |
Enacted, Chap 509 |
Establishes strategies to incentivize cybersecurity degree programs, provides for the coordination of cybersecurity coursework development, revises provisions relating to information sharing, requires the State Cybersecurity Coordinator to develop best practices for cybersecurity, provides for cybersecurity coordination programs for utilities. |
Texas |
TX S 820 |
Enacted, Chap. 605 |
Requires a school district to develop and maintain a cybersecurity framework. |
Texas |
TX S 936 |
Enacted, Chap. 610 |
Revises provisions relating to the Cybersecurity Monitor Program for electric utilities, requires the Public Utilities Commission to contract with an entity to act as the Commission's Cybersecurity Monitor, authorizes an electric utility, municipally owned utility, or electric cooperative to participate or discontinue participation in the Cybersecurity Monitor Program. |
Texas |
TX S 1779 |
Failed - Adjourned |
Relates to security for state agency information and information technologies. |
Texas |
TX S 1785 |
Failed - Adjourned |
Relates to the composition of the cybersecurity council. |
Texas |
TX S 1985 |
Failed - Adjourned |
Relates to the regulation of certain health organizations certified by the State Medical Board, provides an administrative penalty. |
Virginia |
VA H 1700 |
Enacted, Chap. 854 |
Amends the Budget Bill. provides funding for cybersecurity programs. |
Virginia |
VA H 2178 |
Enacted, Chap. 426 |
Relates to the voter registration system, relates to security plans and procedures, relates to remedy security risks, directs the State Board of Elections to promulgate regulations and standards necessary to ensure the security and integrity of the voter registration system and the supporting technologies utilized by the counties and cities to maintain and record registrant information, requires local electoral boards to develop and update annually written plans. |
Virginia |
VA H 2332 |
Enacted, Chap. 399 |
Requires the State Corporation Commission to convene a stakeholder group on consumer data protection issues. |
Virginia |
VA H 2519 |
Failed |
Relates to Virginia Information Technologies Agency, relates to a cybersecurity task force, establishes a cybersecurity task force to assist the Chief Information Officer (CIO) of the Virginia Information Technologies Agency in developing policies, standards, and guidelines applicable to the Commonwealth's executive, legislative, and judicial branches and independent agencies for assessing security risks, determining the appropriate security measures and performing security audits. |
Virginia |
VA H 2534 |
Failed |
Relates to Virginia Information Technologies Agency, relates to required information security training program for state employees, requires the Chief Information Officer of the Virginia Information Technologies Agency to develop and annually update a curriculum and materials for training all state employees in information security awareness and in proper procedures for detecting, assessing, reporting, and addressing information security threats by November 1, 2019. |
Virginia |
VA H 2787 |
Failed |
Relates to state voter registration system, relates to security plans and procedures, relates to remedying security risks. |
Virginia |
VA H 2793 |
Failed |
Relates to cybersecurity, relates to care and disposal of customer records, relates to security for connected devices, requires any business to take all reasonable steps to dispose of, or arrange for the disposal of, customer records within its custody or control containing personal information when the records are no longer to be retained by the business by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or undecipherable. |
Virginia |
VA HJR 628 |
Failed |
Relates to Virginia Freedom of Information Advisory Council, relates to threat of phishing attacks, relates to reporting, directs the Virginia Freedom of Information Advisory Council (FOIA Council) to study the threat of phishing attacks on citizens and public employees whose contact and private information is legally obtained as a result of a Freedom of Information Act (FOIA) request, provides that the study further directs the FOIA Council to examine the current FOIA provisions. |
Virginia |
VA S 966 |
Enacted, Chap. 296 |
Relates to electric utility regulation, provides for grid modernization and energy efficiency programs, provides for rate review proceedings and transitional rate periods, provides for energy storage facilities, relates to electric distribution grid transformation projects, and wind and solar generation facilities, relates to coal combustion by product management, relates to undergrounding electrical transmission lines, relates to fuel factor. |
Virginia |
VA S 1233 |
Enacted, Chap. 302 |
Relates to the administration of government, prohibits public bodies from using products and services provided by Kaspersky Lab, requires the State Information Technologies Agency to review statewide procedures for implementing such a prohibition and to prepare a report with recommendations for the Governor and General Assembly. |
Virginia |
VA H 5001a |
Enacted, Chap. 1 |
Revises the budget bill; makes appropriations to various state agencies and programs, including cybersecurity programs. |
Virginia |
VA H 5002a |
Enacted, Chap. 2 |
Revises the budget bill; makes appropriations to various state agencies and programs, including cybersecurity programs. |
Vermont |
VT H 135 |
Enacted, Chap. 49 |
Relates to the authority of the Agency of Digital Services. |
Vermont |
VT H 157 |
Pending - Carryover |
Relates to adopting minimum security standards for connected devices. |
Vermont |
VT S 110 |
Pending - Carryover |
Requires a report concerning the three branches of state government and the management of personally identifiable information. Relates to security of student information. |
Washington |
WA H 1109 |
Enacted, Chap. 415 |
Makes operating appropriations for the upcoming biennium, including appropriations for the office of cybersecurity. |
Washington |
WA H 1126 |
Enacted, Chap. 205 |
Enables electric utilities to prepare for the distributed energy future, proposes monitoring, control, and metering upgrades that are supported by a business case identifying how those upgrades will be leveraged to provide net benefits for customers, provides for cybersecurity and data privacy practices to the changing distribution system and the internet of things, including an assessment of the costs associated with ensuring customer privacy. |
Washington |
WA H 1251 |
Pending - Carryover |
Concerns security breaches of election systems or election data including by foreign entities. |
Washington |
WA H 1840 |
Pending - Carryover |
Concerns the removal of payment credentials and other sensitive data from state data networks. |
Washington |
WA H 2111 |
Pending - Carryover |
Concerns enhancing cybersecurity by eliminating the return of ballots by fax and email. |
Washington |
WA S 5153 |
Pending - Carryover |
Makes 2019-2021 biennium operating appropriations, including for the office of cyber security. |
West Virginia |
WV H 2452 |
Enacted, Act 123 |
Creates the West Virginia cybersecurity office, relates to cybersecurity of state government, removes the requirements of the Chief Technology Officer to oversee security of government information, creates the Cybersecurity Office, provides that the Chief Information Security Officer to oversee the Cybersecurity Office, authorizes the Chief Information Security Officer to create a cybersecurity framework, to assist and provide guidance to agencies in cyber risk strategy. |
West Virginia |
WV S 314 |
Failed - Adjourned |
Relates to cybersecurity of state government. |
Puerto Rico |
PR H 92 |
Pending - Carryover |
Creates the Investigative Cyber Crimes Unit under the Department of Justice which will be in charge of investigating and prosecuting serious and less serious crimes and/or misdemeanors related to the right to privacy, ownership, identity and security in commercial transactions, when committed using electronic means, such as the Internet and the computer. |
Puerto Rico |
PR HR 246 |
Adopted |
Orders the House Committee on Public Security to investigate the feasibility of establishing a forensic laboratory in cyber crimes, similar to that of the Immigration and Customs Enforcement, which provides primary services to state agencies. |
Puerto Rico |
PR HR 367 |
Pending - Carryover |
Orders the House Committee on Public Safety to assess the feasibility of establishing a forensic laboratory in cyber crimes, similar to that of the Immigration and Customs Enforcement, which provides services exclusively to state agencies. |
Puerto Rico |
PR HR 257 |
Pending - Carryover |
Orders the House Committees on Finance and Public Security to investigate the information systems of the Department of the Treasury, its maintenance and the reasons for a cyber virus that caused on Monday, January 6 of 2017 the Department of the Treasury to raise about $20 million, determines if the information from taxpayers and the government hosted on the servers of the Department of the Treasury was affected as a result of this cyber virus. |
Puerto Rico |
PR HR 475 |
Pending - Carryover |
Orders the House Committee on Public Safety to research the practices and policies of cyber security and of the executive departments and agencies of the Government, with urgency in the Department of the Treasury, the State Department and Department of Public Safety. |
Puerto Rico |
PR SR 158 |
Adopted |
Orders the Senate Committee on Finance of the Senate to study cyber attacks on the electronic systems of the Department of the Treasury and the Municipal Revenues Collection Center; studies the effect of this incident in the fulfilment of the functions of these agencies regarding any information, either from the Government or its taxpayers, that was affected; studies preventive measures to be established to avoid that this continues happening. |