Alaska |
AK H 245 |
Status: Failed--adjourned |
Relates to the definition of disaster. |
Arkansas |
AR E.O. 17 |
Establishes the State Computer Science and Cybersecurity Task Force. |
California |
CA A 89 |
Status: Enacted |
The Budget Act of 2020 includes funding for the California Cybersecurity Integration Center. Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals, safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, economic stability, and national security. The Office of Emergency Service shall report annually during budget subcommittee hearings on the activities and outcomes of the California Cybersecurity Integration Center and the Cyber Incident Response Team. This report shall include: (1) the number, source(s), and target(s) of cyber attacks in California; (2) how the center responded to each, and whether any of the center's investigations have led to prosecutions; and (3) a summary of special bulletins, notices, and awareness efforts of the center. |
CA A 1376 |
Status: Failed--adjourned |
Amends veterans' preference provisions to require the Department of Human Resources to collaborate with specified state entities to establish a veterans' preference to be applied to employment opportunities within the field of cybersecurity that require a background check. |
CA A 1917 |
Status: Failed--adjourned |
Makes appropriations for the support of state government for the current fiscal year. |
CA A 2320 |
Status: Failed--adjourned |
Requires a contract with a contractor doing business with a state agency to require that the contractor maintain cyber insurance if the contractor receives or has access to records containing personal information protected under the Information Practices Act. |
CA A 2326 |
Status: Failed--adjourned |
States the intent of the legislature to enact future legislation relating to school cybersecurity. |
CA A 2507 |
Status: Failed--adjourned |
Adds the Development of General Services as one of the organizations whose representatives comprise the Cybersecurity Integration Center. |
CA A 2564 |
Status: Failed--adjourned |
States the intent of the legislature to enact legislation to improve the security of information technology systems and connected devices by requiring public agencies and businesses to develop security vulnerability disclosure policies. |
CA A 2669 |
Status: Failed--adjourned |
States the intent of the legislature to enact legislation relating to state information security programs. |
CA A 3276 |
Status: Failed--adjourned |
Expresses the intent of the legislature to enact subsequent legislation that would require every school district in the state to conduct an information technology cybersecurity assessment. |
CA S 239 |
Status: Failed--adjourned |
Requires the prosecution for a felony violation of certain crimes to be commenced within three years after discovery of the commission of the offense. |
CA S 922 |
Status: Failed--adjourned |
Requires the prosecution for a felony violation of specified computer-related crimes, including introducing ransomware into a computer with intent to extort property from another, to be commenced within three years after discovery of the commission of the offense. |
CA S 1218 |
Status: Failed--adjourned |
Requires the commission to adopt inspection, detection, response, and replacement standards, and to adopt rules, to address the cybersecurity risks to the transmission and distribution systems of electrical corporations, electrical cooperatives, and gas corporations, and would require the standards or rules to provide for secure and reliable service. |
Connecticut |
CT H 5430 |
Status: Failed--adjourned |
Makes clear that computer crimes include attacks that involve any computer, computer network or computer software that is owned, leased or licensed by a financial institution, and targeted at the money, property or personal information of customers that is being held by a financial institution in connection with a loan or deposit account, or in a fiduciary, trust or custodial capacity. |
CT H 5511 |
Status: Failed--adjourned |
Requires that the Commissioner of Emergency Services and Public Protection analyze municipal cybersecurity needs throughout the state and determine the feasibility of the Department of Emergency Services and Public Protection providing individualized assistance to municipalities most at risk of suffering cybersecurity attacks. |
CT S 235 |
Status: Failed--adjourned |
Establishes a cybersecurity task force. |
Delaware |
DE S 153 |
Status: Enacted |
Authorizes the Department of Technology and Information to develop and implement a comprehensive information security program that applies personnel, process, and technology controls to protect the state's data, systems, and infrastructure, within the state's computing environment and on partner systems. |
Florida |
FL H 821 |
Status: Enacted |
Relates to public records and meetings, revises a provision to reflect the abolishment of the Agency for State Technology, provides an exemption from public records requirements for portions of records held by a state agency that contain network schematics, hardware and software configurations and encryption, provides an exemption from public meetings requirements for portions of meetings that would reveal such records. |
FL H 865 |
Status: Failed |
Relates to emergency reporting, requires a county or municipality to report certain incidents to the State Watch Office within the Division of Emergency Management, authorizes the division to establish guidelines to specify additional information that must be provided by a reporting county or municipality. |
FL HM 525 |
Status: Failed |
Urges Congress to support the State Cyber Resiliency Act and to direct the United States Department of Homeland Security to administer state and local cybersecurity grants. |
FL H 4007 |
Status: Failed--adjourned |
Provides an appropriation for the West Palm Beach Supervisory Control and Data Acquisition (SCADA) Cybersecurity Technology Upgrades. |
FL H 5001 |
Status: Enacted |
Relates to General Appropriations Act, provides moneys for annual period beginning on a specified date, and ending on a specified date, and supplemental appropriations for period ending on a specified date, to pay salaries and other expenses, capital outlay-buildings and other improvements, and for other specified purposes of various agencies of state government, includes funding for certain coronavirus response items. |
FL H 5003 |
Status: Enacted |
Relates to Implementing the 2020-2021 General Appropriations Act, implements specified appropriations of the General Appropriations Act for 2020-2021 fiscal year. |
FL S 1170 |
Status: Failed |
Revises a provision to reflect the abolishment of the Agency for State Technology, provides an exemption from public records requirements for portions of records held by a state agency which contain network schematics, hardware and software configurations, or encryption, provides an exemption from public meetings requirements for portions of meetings which would reveal certain records. |
Georgia |
GA H 641 |
Status: Failed--adjourned |
Relates to general provisions regarding the Georgia Bureau of Investigation, so as to grant the Georgia Bureau of Investigation Powers and duties to identify and investigate violations of Article 6 of Chapter 9 of Title 16 of the Official Code of Georgia Annotated, the Georgia Computer Systems Protection Act, and other computer crimes, provides for subpoena power by the bureau for such investigations, provides for related matters, repeals conflicting laws. |
GA H 792 |
Status: Enacted |
Utilizes funds from the Revenue Shortfall Reserve and matches federal funds for coronavirus preparedness and response efforts and to enhance cybersecurity technology. |
GA H 862 |
Status: Failed--adjourned |
Relates to the Georgia Bureau of Investigation, so as to provide for the establishment of a Cybersecurity Task Force, provides for its membership, powers and duties, reports and recommendations and dissolution, provides for definitions, provides for related matters, repeals conflicting laws. |
GA H 1004 |
Status: Failed--adjourned |
Relates to imposition, rate, and computation and exemptions regarding income taxes, provide for income tax credits for higher education for the Fort Gordon Cyber Security and Information Technology Innovation Corridor and the Savannah Logistics Technology Innovation Corridor, provides for definitions, provides for applicability and eligibility, provides for limitations, provides for related matters, repeals conflicting laws. |
GA H 1049 |
Status: Failed--adjourned |
Facilitates the sharing of information and reporting of cyberattacks, requires governmental agencies and utilities to report any cyberattacks to the director of emergency management and homeland security, provides for the director to promulgate certain rules and regulations, provides for proceedings related to cybersecurity to be held in executive session, provides for certain information, data, and reports related to cybersecurity and cyberattacks to be exempt from public disclosure and inspection. |
GA H 1133 |
Status: Failed--adjourned |
Relates to general provisions of state government so as to prohibit state agencies from paying ransoms in response to cyber attacks, provides for a definition, provides for related matters, provides for an effective date, repeals conflicting laws. |
GA HR 1093 |
Status: Failed--adjourned |
Creates the House Study Committee on Cybersecurity. |
GA S 21 |
Status: Failed--adjourned |
Relates to competencies and core curriculum, requires each local board of education to prescribe mandatory instruction concerning cybersecurity in every year in every grade from kindergarten through 12, provides for a definition, requires the State Board of Education to prescribe a minimum course of study in cybersecurity, provides for duties of the state school superintendent. |
GA S 493 |
Status: Failed--adjourned |
Relates to selling and other trade practices, provides for legislative findings, provides standards for cybersecurity programs to protect businesses from liability, provides for affirmative defenses for data breaches of private information, provides for related matters, provides for an effective date, repeals conflicting laws. |
GA E.O. 182 |
|
Reconstitutes the State Government Systems Cybersecurity Board and mandating cybersecurity training. |
Hawaii |
HI H 1553 |
Status: Failed--adjourned |
Establishes the State Fusion Center as a program under the Office of Homeland Security and establishes the state-funded position of State Fusion Center Director to manage the daily operations of the center. |
HI H 1685 |
Status: Failed--adjourned |
Establishes an income tax credit for investment in qualified businesses that develop cybersecurity and artificial intelligence. |
HI H 2134 |
Status: Failed--adjourned |
(Short Form Bill) Relates to cybersecurity. |
HI H 2333 |
Status: Failed--adjourned |
Establishes the State Fusion Center as a program under the Office of Homeland Security, establishes the position of State Fusion Center Director who shall be state-funded, responsible to the director of Homeland Security, and accountable to manage the operations of the center. |
HI S 2889 |
Status: Failed--adjourned |
(Governor Package) Establishes the Hawaii State Fusion Center as a program under the Office of Homeland Security and establishes the position of Hawaii State Fusion Center director who shall be state-funded, responsible to the director of Homeland Security, and accountable to manage the operations of the center. |
Iowa |
IA D 1175 |
Status: Failed--adjourned |
Relates to secretary of state, elections technical bill. |
IA D 5247 |
Status: Failed--adjourned |
Relates to cybercrime investigation bureau. |
IA H 39 |
Status: Failed--adjourned |
Relates to student data collection by the Department of Education, school districts and accredited nonpublic schools. |
IA H 2250 |
Status: Failed--adjourned |
Relates to election systems security. |
IA H 2568 |
Status: Failed--adjourned |
Establishes a cybercrime investigation unit in the department of public safety to investigate crimes with a nexus to the internet or computer technology including crimes involving child exploitation and cyber intrusion. |
IA HSB 49 |
Status: Failed--adjourned |
Relates to the administration of elections, provides penalties, includes effective date provisions. |
IA HSB 616 |
Status: Failed--adjourned |
Establishes a cybercrime investigation division in the Department of Public Safety to investigate crimes with a nexus to the internet or computer technology including crimes involving child exploitation and cyber intrusion. |
IA S 204 |
Status: Failed--adjourned |
Provides for an affirmative defense to certain claims relating to personal information security breach protection. |
IA S 575 |
Status: Failed--adjourned |
Relates to the conduct of state and local elections, provides penalties, includes effective date provisions. |
IA S 2073 |
Status: Failed--adjourned |
Provides for an affirmative defense to certain claims relating to personal information security breach protection. |
IA S 2080 |
Status: Failed--adjourned |
Prohibits the state and political subdivisions of the state from exStatus: Pending public money for payment to persons responsible for ransomware attacks. |
IA S 2252 |
Status: Failed--adjourned |
Provides for an affirmative defense to certain claims relating to personal information security breach protection. |
IA S 2390 |
Status: Failed--adjourned |
Establishes a cybercrime investigation unit within the Department of Public Safety to investigate crimes with a nexus to the internet or computer technology including crimes involving child exploitation and cyber intrusion. |
IA S 2391 |
Status: Failed--adjourned |
Prohibits the state and political subdivisions of the state from exStatus: Pending public money for payment to persons responsible for ransomware attacks. |
IA SSB 1078 |
Status: Failed--adjourned |
Relates to the administration of elections. |
IA SSB 1241 |
Status: Failed--adjourned |
Relates to the conduct of state and local elections, provides penalties. |
IA SSB 3010 |
Status: Failed--adjourned |
Establishes a cybercrime investigation, requires the Department of Public Safety to investigate crimes with a nexus to the internet or computer technology including crimes involving child exploitation and cyber intrusion. |
Illinois |
IL H 2829 |
Status: Pending |
Creates the Financial Institution Cybersecurity Act, provides that persons and entities operating under the authority of the secretary of Financial and Professional Regulation under the Banking Act, Insurance Code, Savings Bank Act, Credit Union Act, Corporate Fiduciary Act, and Residential Mortgage License Act must maintain a cybersecurity program to protect the confidentiality of their information system. |
IL H 3017 |
Status: Pending |
Creates the Veterans Cyber Academy Pilot Program Act, provides that the Department of Veterans' Affairs shall establish and implement a pilot program to provide veterans residing in the state with access to cybersecurity training, certification, apprenticeships, and additional resources to enter the cybersecurity field of work, provides that the pilot program shall run from Jan. 1, 2021, to Dec. 31, 2023, provides specified requirements to the department in implementing the pilot program. |
IL H 3391 |
Status: Pending |
Creates the Security of Connected Devices Act, requires manufacturers of connected devices to equip the device with security features that are designed to protect the device and any information the device contains from unauthorized access, destruction, use, modification or disclosure. |
IL H 3934 |
Status: Pending |
Amends the Emergency Management Agency Act, provides that a disaster includes a cyberattack, directs the governor, to the greatest extent practicable, to delegate or assign command authority to the director of the Emergency Management Agency by orders issued at the time of a disaster. |
IL H 4418 |
Status: Pending |
Amends the Election Code, requires the State Board of Elections, in consultation with the Department of Innovation and Technology, to study and evaluate the use of blockchain technology to protect voter records and election results with the assistance of specified experts, requires the board to submit a report on the use of blockchain technology to the governor and General Assembly, repeals the provisions on Jan. 1, 2023. |
IL H 4443 |
Status: Pending |
Amends the Freedom of Information Act, modifies the exemptions from inspection and copying concerning cybersecurity vulnerabilities, amends the Department of Innovation and Technology Act, authorizes the Department of Innovation and Technology to accept grants and donations, creates the Technology, Education and Cybersecurity Fund as a special fund in the state treasury to be used by the Department of Innovation and Technology to promote and effectuate information technology activities. |
IL H 4444 |
Status: Pending |
Amends the Freedom of Information Act, modifies the exemptions from inspection and copying concerning cybersecurity vulnerabilities, amends the Department of Innovation and Technology Act, authorizes the Department of Innovation and Technology to accept grants and donations, creates the Technology, Education and Cybersecurity Fund as a special fund in the state treasury to be used by the Department of Innovation and Technology to promote and effectuate information technology activities. |
IL H 4559 |
Status: Pending |
Amends the Freedom of Information Act, exempts from the Act records that are designed to detect, defend against, prevent or respond to potential cyber-attacks on elections and voter registration held by the State Board of Elections, the Department of Innovation and Technology, election authorities and other necessary parties, amends the Election Code, combines changes made by two Public Acts regarding cybersecurity efforts, changes references to the Help America Vote Act. |
IL H 5204 |
Status: Pending |
Creates the Cybersecurity Compliance Act, defines terms, creates an affirmative defense for every covered entity that creates, maintains and complies with a written cybersecurity program that contains administrative, technical and physical safeguards for the protection of either personal information or both personal information and restricted information and that reasonably conforms to an industry-recognized cybersecurity framework, prescribes requirements for the cybersecurity program. |
IL H 5396 |
Status: Pending |
Amends the Emergency Management Agency Act, provides that a cyberattack is a disaster. |
IL H 5397 |
Status: Pending |
Creates the Insurance Data Security Act, requires any person licensed, authorized to operate, or registered as an insurer in accordance with the insurance laws of this state to conduct a risk assessment of cybersecurity threats, implement appropriate security measures, and no less than annually assess the effectiveness of the safeguards' key controls, systems and procedures, requires a licensee to develop, implement and maintain a written information security program based on the licensee's risk. |
IL H 5398 |
Status: Pending |
Creates the Cyber Reserve Act, establishes the Cyber Reserve, to be administered by the Emergency Management Agency, in order to deploy volunteers upon the occurrence of a cybersecurity incident, contains provisions regarding volunteer requirements, criminal history checks, and civil liability, requires volunteers to provide assistance for six years from the time of deployment or for the time required under the agency's record retention policies, whichever is longer. |
IL H 5399 |
Status: Pending |
Amends the Information Security Improvement Act, provides that no state agency shall use any software platform developed, in whole or in part, by Kaspersky Lab or any entity of which Kaspersky Lab Holds majority ownership, provides that the Department of Innovation and Technology shall adopt rules as necessary to implement the provisions, provides legislative findings. |
IL HJR 1 |
Status: Pending |
Extends the sunset date of the operation of the Cybersecurity Task Force, reconstitutes the focus and membership of the Task Force. |
IL HJR 2 |
Status: Pending |
Creates the Return Illinois To Prosperity Commission to review and evaluate the creation of a State Bank, provides that the mission of a State Bank would include supporting economic development by increasing access to capital for agriculture, businesses, and industry and providing stability to the local financial sector. |
IL HJR 108 |
Status: Pending |
Urges the State Board of Education, by the 2020-2021 school year, to establish a P12 Cyber Threat Response Team within the State Board of Education to provide assistance to public schools, early childhood providers, and special education facilities across the state when faced with a cybersecurity threat. |
IL S 240 |
Status: Pending |
Creates the Consumer Credit Reporting Agency Registration and Cybersecurity Program Act, provides for requirements for consumer credit reporting agency registration, contains provisions regarding grounds for revocation and suspension of a registration, provides that by a certain date, a consumer credit reporting agency must have a cybersecurity program documented in writing and designed to protect the confidentiality, integrity and availability of its information systems. |
IL S 1622 |
Status: Pending |
Amends the Election Code, provides that no voting machine used, adopted or purchased by an election authority may be made, manufactured or assembled outside the United States or constructed with parts made, manufactured or assembled outside the United States, including, but not limited to, any hardware or software, provides that, in provisions concerning voting machines, precinct tabulation optical scan technology voting systems, and direct recording electronic voting systems, |
IL S 1719 |
Status: Pending |
Creates the Keep Internet Devices Safe Act, provides that a digital device is an internet-connected device that contains a microphone, provides that no private entity may turn on or enable a digital device's microphone unless the registered owner or person configuring the device is provided certain notices in a consumer agreement, provides that a manufacturer of a digital device that does not cause to be turned on or otherwise use a digital device's microphone is not subject to the restrictions on its use. |
IL S 2778 |
Status: Pending |
Amends the Emergency Management Agency Act, provides that a cyberattack is a disaster, requires the governor to delegate or assign authority to the director of the Emergency Management Agency to manage, coordinate and direct all resources by orders issued at the time of a disaster. |
IL S 3518 |
Status: Pending |
Amends the Freedom of Information Act, modifies the exemptions from inspection and copying concerning cybersecurity vulnerabilities, amends the Department of Innovation and Technology Act, authorizes the Department of Innovation and Technology to accept grants and donations, creates the Technology, Education and Cybersecurity Fund as a special fund in the state treasury to be used by the Department of Innovation and Technology to promote and effectuate information technology activities. |
Indiana |
IN H 1240 |
Status: Failed--adjourned |
Relates to cybersecurity training program, provides that the Department of Homeland Security Division of Preparedness and Training, with the assistance of other certain entities, shall create and implement mandatory cybersecurity training courses for all individuals elected to a county office, and newly elected individuals to a county office, provides that a training course shall include activities, case studies, hypothetical situations, and other methods that focus on forming information security habits. |
IN H 1372 |
Status: Enacted |
Adopts the insurance data security model law, which requires certain holders of an insurance license, authority, or registration to maintain an information security program and meet other requirements. Establishes an affirmative defense to a tort civil action for a licensee that satisfies the requirements of the insurance data security model law. |
IN HR 42 |
Status: Adopted |
Urges the Legislative Council to assign to an appropriate study committee the topic of the potential dangers of cyberhacking and ransomware attacks on state and local governments as well as the creation of a specialized Cyber-Technical Assistance Program at Purdue University. |
IN S 179 |
Status: Enacted |
Relates to election cybersecurity, requires counties to enter into an agreement with the secretary of state to use a threat intelligence and enterprise security company for specified security purposes, requires certain proficiency standards for personnel qualified to access the statewide voter registration system, requires applicants for certification of voting systems and electronic poll books to include specified information. |
IN S 240 |
Status: Failed--adjourned |
Relates to cybersecurity requirements for insurers, requires an insurer to develop, maintain and update an information security program for the purpose of protecting consumers nonpublic information, conduct a risk assessment of its information systems to aid in the development of an information security program, notify the insurance commissioner if a cybersecurity event affecting the nonpublic information of 250 or more consumers occurs, and develop an incident response plan to respond to cybersecurity. |
IN S 334 |
Status: Enacted |
Allows the secretary of state and election division to assist a prosecuting attorney in prosecuting certain actions and allow the use of an attorney retained by the secretary of state or election division, requires boards of elections and registration to attend election security meetings called by the election division, changes the time frame in which a voter list maintenance program must be conducted for certain special elections. |
IN S 380 |
Status: Failed--adjourned |
Relates to election board incident response plan, provides that a county election board shall adopt a county election incident response plan that includes at least a plan for the physical security of all voting systems, electronic poll books, and any other election equipment under the control of the board, a response plan to any natural disaster that occurs in the county and affects the ability of the board to conduct an election in the county, a response plan to any medical or manmade emergency occurrence. |
IN SR 13 |
Status: Adopted |
Urges the legislative council to assign to an appropriate study committee the topic of the potential dangers of cyberhacking in state government, specifically the use of ransomware. |
Kansas |
KS S 454 |
Status: Failed--adjourned |
Creates exemptions in the Open Records Act for election security records and cybersecurity records. |
Louisiana |
LA H 6 |
Status: Enacted |
(Special session) Establishes the State Cybersecurity and Information Technology Fund; provides for the dedication and use of monies in the fund; provides for deposits into the fund; provides for the powers and duties of the Joint Legislative Committee on the Budget and the Joint Legislative Committee on Technology and Cybersecurity; provides restrictions on use of the monies. |
LA H 398 |
Status: Failed--adjourned |
(Constitutional Amendment) Establishes the State Cybersecurity and Information Technology Fund, dedicates revenues to the fund. |
LA H 412 |
Status: Enacted |
Expands the authorized uses of monies in the State Emergency Response Fund. |
LA H 478 |
Status: Failed--adjourned |
Establishes the State Cybersecurity and Information Technology Fund, dedicates revenues to the fund. |
LA H 614 |
Status: Enacted |
Provides relative to data security for persons regulated by the commissioner of insurance. |
LA H 633 |
Status: Enacted |
Provides for the mandatory training in cybersecurity awareness for all state and local employees, officials and contractors. |
LA H 636 |
Status: Enacted |
Creates and provides for the Joint Legislative Committee on Technology and Cybersecurity. |
LA H 751 |
Status: Enacted |
Makes revisions to the Election Code, including providing for cybersecurity training for all persons who have user credentials to access the computer network operated or managed by the secretary of state. |
LA S 79 |
Status: Enacted |
Creates the Cybersecurity Talent Initiative Fund for the purpose of funding degree and certificate programs in cybersecurity Fields and the Cybersecurity Education Management Council to advise relative to the fund. |
LA S 140 |
Status: Enacted |
Requires certain offices to report cyber incidents to the secretary of state. |
LA S 273 |
Status: Enacted |
rovides for registration with the Secretary of State by managed service providers and managed security service providers servicing public bodies; provides requirements for doing business; provides for exceptions to the Public Records Law; provides for time limitations on the reporting of cyber incidents. |
LA S 398 |
Status: Enacted |
Provides for qualifications of volunteers to cyber response and recovery support efforts with the Governor's Office of Homeland Security and Emergency Preparedness. |
LA SCR 10 |
Status: Adopted |
Establishes and provides for the Cyber Investigators Alliance. |
Massachusetts |
MA H 223 |
Status: Pending |
Relates to the security of personal financial information. |
MA H 287 |
Status: Pending |
Protects the privacy and security of biometric information. |
MA H 2690 |
Status: Pending |
Establishes a task force to study the need for increased cybersecurity within government agencies. |
MA H 2692 |
Status: Pending |
Relates to cybersecurity standards in state contracts or procurements. |
MA H 2728 |
Status: Pending |
Provides that state agencies procuring information technology goods or services give preference to vendors that carry cybersecurity insurance. |
MA H 3763 |
Status: Pending |
Provides for convenient voting for military personnel, their families and civilians stationed or working abroad. |
MA S 315 |
Status: Pending |
Relates to cybersecurity education in schools. |
MA S 1822 |
Status: Pending |
Relates to cybersecurity insurance preference in state contracts. |
MA S 1887 |
Status: Pending |
Establishes a Cybersecurity Control and Review Commission. |
MA S 2056 |
Status: Pending |
Relates to the cybersecurity of internet-connected devices and autonomous vehicles. |
Maryland |
MD H 45 |
Status: Enacted |
Alters the terms relating to eligibility for benefits under the More Jobs for Marylanders and Opportunity Zone Enhancement programs, alters the taxable years for which enhancements under the Opportunity Zone Enhancement Program are applicable, requires the Department of Commerce to publish information about the Program on its website, limits eligibility of Program benefits to investments in newly established biotechnology and cybersecurity companies. |
MD H 176 |
Status: Enacted |
Authorizes a public agency in St. Mary's County to meet in a closed session to consider the investment of public funds, to consult with counsel for legal advice, and, under certain circumstances, to discuss certain cybersecurity matters. |
MD H 215 |
Status: Failed--adjourned |
Prohibits a person from knowingly possessing certain ransomware with the intent to use that ransomware for introduction into the computer, computer network, or computer system of another person without the authorization of the other person. Establishes penalties. |
MD H 235 |
Status: Failed--adjourned |
Requires the secretary of information technology, in consultation with the attorney general, to advise and oversee a consistent cybersecurity strategy for units of state government, including institutions under the control of the governing boards of public institutions of higher education, counties, school districts, municipal corporations, and other political subdivisions of the state, requires the secretary to advise and consult with the legislative and judicial branches regarding cybersecurity. |
MD H 237 |
Status: Failed-adjourned |
Requires a business that maintains personal information of an individual residing in the State to implement and maintain certain security procedures and practices; alters the circumstances under which the owner or licensee of certain computerized data is required to notify certain individuals of a certain breach; alters the time periods within which certain notifications regarding the breach of a security system are required to be given. |
MD H 274 |
Status: Failed--adjourned |
Requires a financial institution that requires a customer to provide an answer to a security question for a certain purpose to allow a customer to choose from at least two options for each required security question, prohibits a financial institution from using a customer's mother's maiden name as a means of safeguarding access to the customer's account. |
MD H 392 |
Status: Failed--adjourned |
Prohibits the State Board of Elections from approving a contract with an election service provider unless the contract includes a clause requiring the election service provider to report to the state administrator of elections if any stage in the manufacturing of a component of the provider's election system occurred outside the United States, alters the circumstances under which the State Board is prohibited from certifying a voting system. |
MD H 635 |
Status: Failed--adjourned |
Prohibits a person from knowingly possessing certain malware or ransomware with the intent to use that malware or ransomware for the purpose of introduction into a computer, computer network, or computer system of another person without the authorization of the other person, creates a certain exception, establishes a certain penalty. |
MD H 888 |
Status: Failed--adjourned |
Requires the manufacturer of a connected device to equip the device with a certain reasonable security feature, provides that a security feature for a connected device is reasonable if the connected device is equipped with a certain means for authentication, provides that a violation of the act is an unfair, abusive, or deceptive trade practice within the meaning of the Maryland Consumer Protection Act and is subject to certain enforcement and penalty provisions. |
MD H 996 |
Status: Failed--adjourned |
Requires the Department of Information Technology, in consultation with the Maryland Cybersecurity Council, to establish a Cybersecurity Response Team, sets forth the duties of the Cybersecurity Response Team, alters the purposes of the 9-1-1 Trust Fund, requires the comptroller to disperse certain funds from the 9-1-1 Trust Fund to certain local jurisdictions for a certain purpose. |
MD H 1183 |
Status: Failed--adjourned |
Codifies the establishment of the Office of Security Management within the Department of Information Technology, the position of State Chief Information Security Officer, and the Maryland Cybersecurity Coordinating Council, alters the membership of the council, requires each unit of the legislative or judicial branch of state government that uses a certain network to certify certain compliance to the department on or before a specific date each year. |
MD H 1580 |
Status: Failed--adjourned |
Requires the secretary of budget and management, in partnership with the secretary of information technology and the state chief information security officer, to establish certain minimum qualifications for skilled service and professional service classes of state employees in the information technology and cybersecurity fields, requires the secretary of budget and management to revise the standards for position selection plans for certain classifications of state employees in certain fields. |
MD H 1588 |
Status: Failed--adjourned |
Requires the secretary of information technology to conduct a risk assessment of any major information technology development project the secretary believes may present an exceptional risk to the state, requires the risk assessment to consider the nature, processing, and use of sensitive or personally identifiable information, authorizes the secretary to recommend an increase in a certain limitation of liability amount under certain circumstances, requires a certain recommendation to be made. |
MD H 1618 |
Status: Failed--adjourned |
Establishes the Cybersecurity Coordination and Operations Office within the Emergency Management Agency to help improve statewide cybersecurity readiness and response, requires the director of MEMA to appoint an executive director as head of the office, requires the office to be provided with sufficient staff to perform the office's functions, requires the office to establish regional assistance groups to deliver or coordinate support services to political subdivisions and agencies. |
MD S 5 |
Status: Failed--adjourned |
Establishes the Maryland Cyber Reserve within the Military Department, provides that the organized militia of the state includes the reserve, provides the governor is the commander-in-chief of the reserve. |
MD S 30 |
Status: Failed--adjourned |
Relates to crimes involving computers. |
MD S 47 |
Status: Enacted |
Requires the Commission to Advance Next Generation 911 Across Maryland to report findings and recommendations to the Governor and the General Assembly on or before a certain date. Requires the commissions to make recommendations for potential statutory or administrative changes to protect against cybersecurity threats to the 9-1-1- system |
MD S 120 |
Status: Failed |
Relates to cybersecurity, relates to the Department of Information Technology. |
MD S 160 |
Status: Failed--adjourned |
Requires a financial institution that requires a customer to provide an answer to a security question for a certain purpose to allow a customer to choose from at least two options for each required security question, prohibits a financial institution from using a customer's mother's maiden name as a means of safeguarding access to the customer's account. |
MD A 201 |
Status: Failed--adjourned |
Requires a business that maintains personal information of an individual residing in the State to implement and maintain certain security procedures and practices; alters the circumstances under which the owner or licensee of certain computerized data is required to notify certain individuals of a certain breach; alters the time periods within which certain notifications regarding the breach of a security system are required to be given. |
MD S 588 |
Status: Failed--adjourned |
Excludes the University System of Maryland from certain provisions of law governing protection of information by government agencies, requires the University System of Maryland to review and designate certain systems as systems of record based on certain criteria and to develop and adopt a certain privacy governance program to govern each system of record. |
MD S 724 |
Status: Failed--adjourned |
Requires the secretary of budget and management, in partnership with the secretary of information technology and the state chief information security officer, to establish certain minimum qualifications for skilled service and professional service classes of state employees in the information technology and cybersecurity fields. |
MD S 820 |
Status: Failed--adjourned |
Requires a supplier of water to inspect certain valves in a public water system in a certain manner, repair or replace valves, inspect fire hydrants, formulate and implement a plan, identify the locations of valves, and record characteristics and identifiers of certain valves, requires a supplier of water to develop a certain cybersecurity program by a specified date. |
MD S 936 |
Status: Failed--adjourned |
Requires the state administrator of elections to exercise disciplinary authority over the local election directors for noncompliance with state rules, regulations and policies, requires a local board of elections to notify the state administrator in writing after becoming aware of a certain security violation or a certain significant attempted security violation involving an election system. |
MD S 1036 |
Status: Failed--adjourned |
Establishes the Cybersecurity Coordination and Operations Office within the Maryland Emergency Management Agency to help improve statewide cybersecurity readiness and response, requires the director of MEMA to appoint an executive director as head of the office, requires the office to be provided with sufficient staff to perform the office's functions, requires the office to establish regional assistance groups to deliver or coordinate support services to political subdivisions, agencies. |
MD S 1049 |
Status: Failed--adjourned |
Establishes the Cybersecurity Talent Pipeline Management Program to provide funds to a certain collaborative, defines "collaborative" as commitments of partnership between at least two cybersecurity organizations to improve the state's cybersecurity workforce needs, as per a signed agreement, authorizes the program to award only one competitive matching grant in the first year, requires the governor, in fiscal years 2022 through 2024, to include in the annual budget bill an appropriation. |
Maine |
ME S 697 |
Status: Failed |
Enacts the state Insurance Data Security Act, establishes standards for information security programs based on ongoing risk assessment for protecting consumers' personal information, establishes requirements for the investigation of and notification to the superintendent of insurance regarding cybersecurity events. |
Michigan |
MI H 4348 |
Status: Pending |
Provides executive recommendation for omnibus bill. |
MI H 5426 |
Status: Pending |
Modifies Michigan Cyber Civilian Corps Act. |
MI H 5427 |
Status: Pending |
Modifies Michigan Cyber Civilian Corps Advisory Board duties. |
MI H 5554 |
Status: Pending |
Provides for omnibus budget. |
MI S 205 |
Status: Pending |
Provides executive recommendation for omnibus bill. |
MI SR 2 |
Status: Adopted |
Urges the Governor to use the most current federal guidelines on identifying essential critical infrastructure workers. |
Minnesota |
MN H 14 |
Status: Failed--adjourned |
Relates to elections, transfers and appropriates money for purposes of the Help America Vote Act, improves the administration and security of elections as authorized by federal law, including but not limited to modernizing, securing and updating the statewide voter registration system and for cybersecurity upgrades as authorized by federal law, improving accessibility, preparing training materials and training local election officials. |
MN H 17 |
Status: Failed--adjourned |
Appropriates money from the Help America Vote Act account for certain authorized purposes, provides for the purposes of modernizing, securing and updating the statewide voter registration system and for cybersecurity upgrades as authorized by federal law. |
MN H 102 |
Status: Failed--adjourned |
Relates to public safety, expands crime of unauthorized computer access to include accessing a computer without penetrating security system. |
MN H 162 |
Status: Failed--adjourned |
(First special session) Relates to state government; establishes a Legislative Commission on Cybersecurity; provides legislative appointments. |
MN H 1833 |
Status: Failed--adjourned |
Modifies and establishes various provisions governing energy policy and finance, strengthens requirements for clean energy and energy conservation in the state, appropriates money, requires reports. |
MN H 1949 |
Status: Failed--adjourned |
Relates to state government, requires consideration of cloud computing service options in state agency information technology projects, requires technology infrastructure inventories and security risk assessments, requires completion of the consolidation of information technology services and a strategic work plan, requires a consolidation surcharge for certain agencies, mandates reports, defines terms. |
MN H 2087 |
Status: Failed--adjourned |
Relates to the operation of state government, appropriates money for the legislature, the governor's office, state auditor, attorney general, secretary of state, certain agencies, boards and councils, changes provisions for administrative law judge salaries, revolving loan fund, cemeteries and MERF. |
MN H 2524 |
Status: Failed--adjourned |
Relates to the secretary of state, creates a technology and cybersecurity account, provides for technology and cybersecurity maintenance. |
MN H 2721 |
Status: Failed--adjourned |
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments. |
MN H 2743 |
Status: Failed--adjourned |
Relates to courts, increases certain court-related fees, establishes a cybersecurity fee. |
MN H 3842 |
Status: Failed--adjourned |
Relates to insurance, establishes an Insurance Data Security Law. |
MN H 4084 |
Status: Failed--adjourned |
Relates to elections, provides for election technology and cybersecurity assessment, maintenance and enhancement, requires certain election security notifications. |
MN H 4351 |
Status: Failed--adjourned |
Relates to elections; creates a technology and cybersecurity account; provides for technology and cybersecurity maintenance; requires election day registrants to cast provisional ballots; amends the process to register to vote in conjunction with submitting an absentee ballot; provides a penalty; makes conforming changes; appropriates money. |
MN H 4536 |
Status: Failed--adjourned |
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments. |
MN H 4540 |
Status: Failed--adjourned |
Relates to public safety, modifies certain provisions relating to sexual assault examination kits, background checks, and the Board of Public Defense, appropriates money for the Supreme Court, corrections, sentencing guidelines, and public safety, transfers funds to a disaster contingency account. |
MN S 1264 |
Status: Failed--adjourned |
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments. |
MN S 2097 |
Status: Failed--adjourned |
Relates to state government, requires consideration of cloud computing service options in state agency information technology projects, requires technology infrastructure inventories and security risk assessments, requires completion of the consolidation of information technology services and a strategic work plan, requires a consolidation surcharge for certain agencies, mandates reports. |
MN S 2227 |
Status: Failed--adjourned |
Relates to the operation of the state government, appropriates money for the legislature, governor's office, state auditor, attorney general, secretary of state, certain agencies, boards, councils and retirement funds, changes provisions in state government operations, establishes commissions and task forces, repeals state aid to PERA General for MERF, establishes observances for veterans and allies. |
MN S 2726 |
Status: Failed--adjourned |
Relates to the operation of state government, appropriates money for the legislature, governor's office, state auditor, attorney general, secretary of state, certain agencies, boards and councils, changes provisions for administrative law judge salaries, revolving loan fund, cemeteries and MERF. |
MN S 2845 |
Status: Failed--adjourned |
Relates to state government, requirements for state information technology security. |
MN S 3275 |
Status: Failed--adjourned |
Relates to elections, creates a technology and cybersecurity account, provides for technology and cybersecurity maintenance, requires Election Day registrants to cast provisional ballots, amends the process to register to vote in conjunction with submitting an absentee ballot, provides a penalty, makes conforming changes, appropriates money. |
MN S 3548 |
Status: Failed--adjourned |
Relates to elections, transfers and appropriates money for purposes of the Help America Vote Act. |
MN S 3629 |
Status: Failed--adjourned |
Relates to education, increases safe schools revenue, requires a report, appropriates money. |
MN S 4269 |
Status: Failed--adjourneding |
Relates to insurance, establishes an Insurance Data Security Law. |
MN S 4530 |
Status: Failed--adjourned |
Relates to public safety, modifies certain provisions relating to sexual assault examination kits, background checks, and Board of Public Defense, appropriates money for the supreme court, corrections, sentencing guidelines, and public safety, transfers funds to disaster contingency account. |
Missouri |
MO H 2050 |
Status: Failed--adjourned |
Requires that the comprehensive state energy plan be reviewed by the Division of Energy by Jan. 1, 2022, and biennially thereafter, and updated if necessary. |
MO H 2120 |
Status: Enacted |
Establishes provisions relating to water safety and security. Provides that each community water system shall create a plan that establishes policies and procedures for identifying and mitigating cyber risk. The plan shall include risk assessments and implementation of appropriate controls to mitigate identified cyber risks. |
MO S 688 |
Status: Failed--adjourned |
Requires that the comprehensive state energy plan be reviewed by the Division of Energy by a specified date, and biennially thereafter, and updated if necessary. |
Mississippi |
MS H 1165 |
Status: Failed |
Authorizes and directs the State Department of Education to implement a mandatory K-12 computer science curriculum based on the state college and career readiness standards for computer science which includes instruction in, but not limited to, computational thinking, cyber-related, programming, cybersecurity, data science, robotics, and other computer science and cyber-related content, prescribes minimum components of the curriculum at each grade level, provides for teacher training as needed. |
MS S 2284 |
Status: Failed |
Authorizes and directs the Mississippi Department of Education to implement a mandatory K-12 computer science curriculum based on the Mississippi College and Career Readiness Standards for Computer Science which includes instruction in, but not limited to, computational thinking, cyber-related, programming, cybersecurity, data science, robotics, and other computer science and cyber-related content, prescribes minimum components of the curriculum at each grade level. |
MS S 2969 |
Status: Enacted |
Makes an appropriation to defray the expenses of the Department of Finance and Administration, including those related to cybersecurity services and hardware, for the upcoming fiscal year |
MS E.O. 20 |
Creates a Task Force on State Cybersecurity; directs the Task Force to develop recommendations and proposals to identify vulnerabilities of systems, staffing, training and technologies with state agencies. |
Nebraska |
NE L 351 |
Status: Failed--adjourned |
Provides for school district levy and bonding authority for cybersecurity and violence prevention. |
New Hampshire |
NH H 1259 |
Status: Failed--adjourned |
Exempts statewide standards and protocols relative to information technology, networks, telephony and cybersecurity developed by the Department of Information Technology in consultation with the Information Technology Council. |
NH LSR 570 |
Status: Failed--adjourned |
Relates to review and adoption of school data security plans. |
NH LSR 923 |
Status: Failed--adjourned |
Relates to the insurance data security law. |
NH LSR 2812 |
Status: Failed--adjourned |
Relates to minimal cybersecurity standards for municipalities. |
NH S 694 |
Status: Failed--adjourned |
Requires the department of information technology to adopt minimum cybersecurity standards for political subdivisions, requires political subdivisions to self report their level of adherence to the standards, makes appropriations to the department of information technology. |
New Jersey |
NJ A 442 |
Status: Pending |
Requires public institutions of higher education to establish plans concerning cybersecurity and prevention of cyberattacks. |
NJ A 1378 |
Status: Pending |
Directs New Jersey Cybersecurity and Communications Integration Cell to develop cybersecurity prevention best practices and awareness materials for consumers in this state. |
NJ A 1396 |
Status: Pending |
Concerns information security standards and guidelines for state and local government. |
NJ A 1654 |
Status: Pending |
Requires state, county and municipal employees and certain state contractors to complete cybersecurity awareness training. |
NJ A 2083 |
Status: Pending |
Establishes the crime of cyber interference, defined as tampering or interfering with any software, computer, cellphone or any other electronic device, with the purpose to harass another. |
NJ A 2852 |
Status: Pending |
Directs state Cybersecurity and Communications Integration Cell, Office of Information Technology, and state Big Data Alliance to develop advanced cyber-infrastructure strategic plan. |
NJ A 3684 |
Status: Pending |
Requires state employees to receive best cybersecurity practices. |
NJ A 3834 |
Status: Pending |
Concerns debarment of contractors for conviction of certain computer-related crimes. |
NJ AJR 40 |
Status: Pending |
Urges secretary of state to assure legislature and public that State's electoral system is protected from foreign computer hackers. |
NJ AJR 66 |
Status: Pending |
Establishes Technology Task Force. |
NJ AJR 153 |
Status: Pending |
Designates October of each year as Cyber Security Awareness Month. |
NJ S 343 |
Status: Pending |
Directs the state Cybersecurity and Communications Integration Cell, Office of Information Technology, and the state Big Data Alliance to develop an advanced cyber-infrastructure strategic plan. |
NJ S 647 |
Status: Pending |
Revises cybersecurity, asset management, and related reporting requirements in "Water Quality Accountability Act." |
NJ S 1233 |
Status: Pending |
Requires certain persons and business entities to maintain comprehensive information security program. |
NJ S 2155 |
Status: Pending |
Requires Economic Development Authority to establish program offering low interest loan to certain financial institutions and personal data businesses to protect business's information technology system from customer personal information disclosure. |
New Mexico |
NM H 2 |
Status: Enacted |
Makes general appropriations and authorizing expenditures by state agencies required by law. |
NM SJM 7 |
Status: Failed—Adjourned |
Relates to study school cybersecurity issues. |
New York |
NY A 291 |
Status: Pending |
Directs the commissioner of the division of homeland security and emergency services to work with other experts who maintain experience and knowledge in the area of cybersecurity to develop a cybersecurity action plan for New York state. |
NY A 465 |
Status: Pending |
Enacts the Personal Information Protection Act, establishes a personal information bill of rights requiring parties having custody of residents personal identifying information to ensure the security thereof, provides for the approval of programs to secure personal identifying information by the office of information security, requires the notification of the division of state police and the subjects of information upon the breach of such information.. |
NY A 914 |
Status: Pending |
Amends the Penal Law, relates to creating the crime of cyberterrorism and calculating damages caused by computer tampering, provides that cyberterrorism shall be a class B felony. |
NY A 1185 |
Status: Pending |
Amends the Insurance Law, authorizes continuing care retirement communities to adopt a written cybersecurity policy, requires such policies to be self-certified and approved by the superintendent. |
NY A 1351 |
Status: Pending |
Directs the state board of elections to study and evaluate the use of blockchain technology to protect voter records and election results. |
NY A 1729 |
Status: Pending |
Establishes a commission to study the European Union's general protection data regulation and the current state of cybersecurity in the state. |
NY A 2124 |
Status: Pending |
Creates specific computer crimes as well as increasing penalties for crimes committed with the aid of a computer, provides for civil relief in cases of pornography on the internet, and penal sanctions in such cases. |
NY A 2229 |
Status: Pending |
Requires manufacturers of connected devices to equip such devices with reasonable security features. |
NY A 4884 |
Status: Pending |
Relates to creating the Modernized Voter Registration Act of New York, modernizes voter registration, promotes access to voting for individuals with disabilities, protects the ability of individuals to exercise the right to vote in elections for local and state office, makes an appropriation therefor. |
NY A 6514 |
Status: Pending |
Establishes the offenses of phishing in the third degree, phishing in the second degree and phishing in the first degree, relates to the time in which prosecution of such offenses must be commenced. |
NY A 7682 |
Status: Pending |
Relates to critical utility infrastructure security and responsibility, relates to the protection of critical infrastructure in the state, provides that an electric or gas corporation or municipality shall not share, disclose or otherwise provide access to a customer's electrical or gas consumption data. |
NY A 7913 |
Status: Pending |
Removes the economic harm requirement from the felony commercial bribery statutes, expands the crime of larceny to include theft of personal identifying information, computer data, computer programs, and services, to adapt to modern technological realities, provides state jurisdiction and county venue over cases involving larceny of personal identifying information, computer data, and computer programs, where the victim is located in the state or the county. |
NY A 8776 |
Status: Pending |
Amends the Military Law, establishes civilian cybersecurity reserve forces within the state militia to be capable of being expanded and trained to educate and protect state, county and local government entities, critical infrastructure, including election systems, businesses and citizens of the state from cyberattacks. |
NY S 229 |
Status: Pending |
Amends the Penal Law, relates to computer tampering. |
NY S 394 |
Status: Pending |
Amends the Penal Law, elevates all computer tampering offenses by one degree in severity. |
NY S 2475 |
Status: Pending |
Relates to computer-related crimes. |
NY S 3172 |
Status: Pending |
Establishes the offenses of phishing in the third degree, phishing in the second degree and phishing in the first degree, relates to the time in which prosecution of such offenses must be commenced. |
NY S 3625 |
Status: Pending |
Amends the Insurance Law, promotes competitive property and casualty insurance markets for business to business insurance transactions. |
NY S 3973 |
Status: Pending |
Requires manufacturers of connected devices to equip such devices with reasonable security features. |
NY S 4273 |
Status: Pending |
Amends the Penal Law, relates to creating the crime of cyberterrorism and calculating damages caused by computer tampering, cyberterrorism shall be a class B felony. |
NY S 4444 |
Status: Pending |
Establishes the computer security act, addressing the widespread problem of spyware, makes it illegal for third parties to knowingly and deceptively cause computer software to be copied onto personal computers that changes the computer users settings without permission, prevents users from resetting computers to the original preferences or removing third-party software, secretly collects information about internet searches, disables the computers security software or causes related disruptive activities. |
NY S 4744 |
Status: Pending |
Establishes a commission to study the European Union's general protection data regulation and the current state of cybersecurity in the state. |
NY S 5222 |
Status: Pending |
Removes the specified amount economic harm requirement from the felony commercial bribery statutes, expands the crime of larceny to include theft of personal identifying information, computer data, computer programs, and services, to adapt to modern technological realities, provides state jurisdiction and county venue over cases involving larceny of personal identifying information, computer data, and computer programs, where the victim is located in the state or the county. |
NY S 5449 |
Status: Pending |
Establishes the Ethical Standards for State Agency Contractors Act, prohibits a contractor from organizational conflicts of interest with respect to such state agency contract, prohibits contractors' employees from taking any action that would constitute a personal conflict of interest, provides for nondisclosure agreements, provides reporting requirements and imposes consequences for violations. |
NY S 6036 |
Status: Pending |
Directs the state board of elections to study and evaluate the use of blockchain technology to protect voter records and election results. |
NY S 6195 |
Status: Pending |
Relates to critical utility infrastructure security and responsibility, relates to the protection of critical infrastructure in the state, provides that an electric or gas corporation or municipality shall not share, disclose or otherwise provide access to a customer's electrical or gas consumption data. |
NY S 6822 |
Status: Pending |
Amends the Military Law, establishes civilian cybersecurity reserve forces within the state militia to be capable of being expanded and trained to educate and protect state, county, and local government entities, critical infrastructure, including election systems, businesses, and citizens of the state from cyber attacks. |
NY S 7001 |
Status: Pending |
Requires the department of education to provide annual notifications to school districts to combat cybercrime. |
NY S 7003 |
Status: Pending |
Establishes the school district cybercrime prevention services program to provide school districts with information on strategies, best practices and programs offering training and assistance in the prevention of cybercrimes in school districts or otherwise affecting school districts, provides that information on eligibility and applications for financial assistance be made available to school districts. |
NY S 7246 |
Status: Pending |
Creates a cybersecurity enhancement fund to be used for the purpose of upgrading cybersecurity in local governments, including but not limited to, villages, towns and cities with a population of one million or less and restricts the use of taxpayer money in paying ransoms in response to ransomware attacks. |
NY S 7289 |
Status: Pending |
Prohibits any municipal corporation or other government entity from paying ransom in the event of a cyber-attack against such municipal corporation's or government entity's critical infrastructure. |
NY S 7584 |
Status: Pending |
Prohibits the procurement of telecommunications equipment or services which originate from certain Chinese entities and allows for the Department of Homeland Security and Emergency Services in consultation with the secretary of state to add additional prohibitions. |
NY S 8184 |
Status: Pending |
Establishes tiers of essential employees during a state of emergency and designates categories of employees in each tier. |
North Carolina |
NC H 911 |
Status: Failed--adjourned |
Directs the Department of Information Technology to study and assess the threat of foreign technologies in state-owned computer systems. |
NC H 1043 |
Status: Enacted |
Provides aid to people of the state in response to the coronavirus disease 2019 (covid-19) crisis, including funding for Department of Public Instruction, in response to COVID-19, to (i) establish a statewide shared cybersecurity infrastructure to protect school business systems and minimize instructional disruption and (ii) for district monitoring and support in consultation with the School Connectivity Initiative. |
NC S 212 |
Status: Enacted |
Funds and establishes establishes pilot programs, including a cybersecurity pilot program to establish and utilize public-private partnerships to provide cybersecurity support services from participating vendors to eligible counties. Projects and services shall be integrated with existing state cybersecurity infrastructure and shall share all resulting data with the state. |
NC S 284 |
Status: Failed--adjourned |
Creates a pilot program to establish public private partnerships that will assist certain counties with cybersecurityresources; creates a pilot program within the Department of Information Technology to enhance program management capabilities within the agency; establishes a grant program at the Department to encourage the expansion of satellite based broadband service to unserved portions of the state; streamlines the preparation and finalization of new leases and lease renewals on state property. |
Ohio |
OH H 368 |
Status: Pending |
Enacts the Computer Crimes Act. |
Oklahoma |
OK H 2146 |
Status: Failed--adjourned |
Creates a credit against income tax for qualified software or cybersecurity employees. |
OK H 3192 |
Status: Failed--adjourned |
Relates to revenue and taxation, relates to an income tax credit with respect to certain software or cybersecurity employees, modifies definitions, modifies references, modifies provisions related to qualifying employers and qualified employees, provides an effective date, declares an emergency. |
OK H 3274 |
Status: Failed--adjourned |
Relates to cities and towns, relates to Oklahoma Municipal Power Authority, provides certain exemptions, provides an effective date. |
OK S 746 |
Status: Failed--adjourned |
Relates to income tax credits, establishes tax credits for certain software or cybersecurity employees, provides a specified amount for the credit, imposes a maximum number of taxable years for which the credit may be claimed, prohibits the use of the credit to reduce tax liability below a certain amount, provides for certain qualified employers to make application to the State Tax Commission. |
OK S 1204 |
Status: Enacted |
Relates to income tax, relates to income tax credit for qualifying software or cybersecurity employees, modifies definition, eliminates specific authority for participation in certain program and related requirements, updates statutory references, provides an effective date, declares an emergency. |
OK S 1842 |
Status: Failed--adjourned |
Relates to the Oklahoma Municipal Power Authority, relates to the Open Meetings Act, authorizes the authority to hold executive sessions for specified purposes, relates to the Oklahoma Open Records Act, authorizes the authority to keep certain records confidential, relates to the Information Technology Consolidation and Coordination Act, modifies definition, provides an effective date. |
OK S 1919 |
Status: Failed--adjourned |
Relates to insurance, creates the Insurance Data Security Act, defines terms, requires licensed insurers to develop and maintain a comprehensive information security program based on certain factors, provides objectives of security program, requires licensee to conduct certain assessment of risk factors and ensure sufficiency of safeguarding data policies and procedures, requires use of data from assessment to determine design of information security program and necessary security measures. |
Pennsylvania |
PA H 140 |
Status: Failed--adjourned |
Provides appropriations from the General Fund for the expenses of the Executive, Legislative and Judicial Departments of the Commonwealth, the public debt and the public schools for the fiscal year July 1, 2019, to June 30, 2020, and for the payment of bills incurred and remaining unpaid at the close of the fiscal year ending June 30, 2019, provides appropriations from special funds and accounts to the Executive and Judicial departments. |
PA H 225 |
Status: Failed--adjourned |
Amends the act, known as The Administrative Code of 1929, in organization of departmental administrative boards and commissions and of advisory boards and commissions, provides for Cybersecurity Innovation Commission. |
PA H 2009 |
Status: Failed--adjourned |
Provides for the Cybersecurity Coordination Board to collect, study and share information about data privacy and cybersecurity issues and initiatives with respect to developing uniform cybersecurity techniques, standards, policies, procedures and best practices. |
PA H 2387 |
Status: Enacted |
Provides appropriations from the General Fund for the expenses of the Executive, Legislative and Judicial Departments of the Commonwealth, the public debt and the public schools, and for the payment of Bills incurred and remaining unpaid at the close of the fiscal year. |
PA H 2567 |
Status: Failed--adjourned |
Establishes the Office of Information Technology and the Information Technology Fund; provides for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee; imposes duties on the Office of Information Technology; provides for administration of the Statewide Radio Network and imposes penalties. |
PA S 487 |
Status: Failed--adjourned |
Amends the act of Dec. 22, 2005, known as the Breach of Personal Information Notification Act, provides for title of act, for definitions and for notification of breach, prohibits employees of the Commonwealth from using nonsecured Internet connections, provides for Commonwealth policy and for entities subject to the Health Insurance Portability and Accountability Act of 1996. |
PA S 810 |
Status: Failed--adjourned |
Relates to boards and offices, provides for information technology, establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee, imposes duties on the Office of Information Technology, provides for the administration of the Statewide Radio Network, imposes penalties. |
PA S 487 |
Status: Failed--adjourned |
Amends the act of December 22, 2005, known as the Breach of Personal Information Notification Act, provides for title of act, for definitions and for notification of breach, prohibits employees of the Commonwealth from using nonsecured Internet connections, provides for Commonwealth policy and for entities subject to the Health Insurance Portability and Accountability Act of 1996. |
PA S 613 |
Status: Vetoed |
Amends the Administrative Code, reenacts provisions relating to criminal history background checks of employees and contractors with access to federal tax information, provides for the coronavirus emergency mitigation plan for businesses. |
Rhode Island |
RI H 7723 |
Status: Pending |
Regulates data brokers, provides that data brokers would be required to annually register, provide substantive notifications to consumers, and adopt comprehensive data security programs. |
RI H 7771 |
Status: Pending |
Adopts the National Association of Insurance Commissioners Cybersecurity Act which establishes the current standard for insurers doing business in this state. |
RI H 7954 |
Status: Pending |
Creates an Election Systems Cybersecurity Review Board to provide a security analysis of the elections systems and facilities, creates a Cybersecurity Incident Response Group to establish protocols and policy planning for cybersecurity threats at any state agency. |
RI S 2030 |
Status: Pending |
Establishes that manufacturers of devices capable of connecting to the internet equip the devices with reasonable security features. |
RI S 2618 |
Status: Pending |
Adopts the National Association of Insurance Commissioners Cybersecurity Act which establishes the current standard for insurers doing business in this state. |
RI S 2844 |
Status: Pending |
Creates an elections systems cybersecurity review board to provide a security analyses of the elections systems and facilities and would create a cybersecurity incident response group to establish protocols and policy planning for cybersecurity threats at any state agency. |
South Carolina |
SC H 3585 |
Status: Failed--adjourned |
Clarifies that certain individuals are authorized to adjust food spoilage claims without an adjuster's license, requires a long term care insurance provider to submit all premium rate schedules to the Department of Insurance and to establish certain procedures concerning the premium approval process, relates to the duties of the director of the Department of Insurance, alters public hearing requirements, relates to insurance premium taxes, excludes certain factors from the total premium computation. |
SC H 4293 |
Status: Failed--adjourned |
Establishes the state Election Security Council, provides for the council's composition, duties, powers and responsibilities, provides that after the effective date of this act, all voting systems used in the state shall utilize a paper-based system using paper ballots tabulated by optical scanners as the ballot of record, requires the General Assembly to appropriate the funds necessary to purchase the voting systems required by this section. |
SC S 374 |
Status: Failed--adjourned |
Establishes the state Election Security Council, provides for the council's composition, duties, powers and responsibilities, provides that after the effective date of this act all voting systems used in the state shall utilize a paper-based system using paper ballots tabulated by optical scanners as the ballot of record, requires the general assembly to appropriate the funds necessary to purchase the voting systems required by this section. |
South Dakota |
SD H 1044 |
Status: Enacted |
Makes an appropriation to the Board of Regents to fund the development of the Cyber Incubator and Entrepreneurial Center at Dakota State University, declares an emergency. |
Tennessee |
TN HR 249 |
Status: Failed--adjourned |
Directs the Tennessee Department of Financial Institutions to conduct a study relative to the application of blockchain and related technology in the financial services sector and to recommend any changes to the laws and rules of this State that impact the application of those technologies in this state. |
Utah |
UT H 41 |
Status: Enacted |
Addresses water policies of the state, outlines the water policies of the state, encourages state agencies to follow the state policy, addresses suits referencing the state policy, requires an annual review of the policy. |
UT H 158 |
Status: Failed |
Creates affirmative defenses to causes of action arising out a data breach involving personal information, restricted information, or both personal information and restricted information, provides that an entity may not claim an affirmative defense if the entity had notice of a threat or hazard, establishes the requirements for asserting an affirmative defense, provides a severability clause. |
Virginia |
VA H 322 |
Status: Pending—Carryover |
Relates to Virginia Information Technologies Agency, relates to Cybersecurity Advisory Council created, relates to report, creates the Cybersecurity Advisory Council to assist the chief Information officer (CIO) of the Virginia Information Technologies Agency with the development of policies, standards and guidelines for assessing security risks, determining appropriate security measures, and performing security audits of government electronic information, provides that make recommendations to the CIO. |
VA H 524 |
Status: Failed |
Relates to the register of volunteer cybersecurity and information technology professionals, directs the secretary of administration to establish a register of cybersecurity and information technology professionals interested in volunteering to assist localities and school divisions, in collaborating on workforce development, and in providing mentorship opportunities. |
VA H 852 |
Status: Enacted |
Relates to the Information Technologies Agency, requires the chief information officer of the Information Technologies Agency to develop and annually update a curriculum and materials for training all state employees in information security awareness and in proper procedures for detecting, assessing, reporting, and addressing information security threats. |
VA H 957 |
Status: Failed |
Relates to Virginia Cyber Initiative Act, directs the Virginia Information Technologies Agency to work with public and private institutions of higher education, state agencies, and businesses in the Commonwealth to develop a cyber alliance, to be known as the Virginia Cyber Initiative, to reduce cyber risks and encourage economic development in the cybersecurity field. |
VA H 1082 |
Status: Enacted |
Relates to Emergency Services and Disaster Law, relates to definition of disaster, relates to incidents involving cyber systems, defines cyber incident for purposes of the Emergency Services and Disaster Law as an event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, physical or virtual infrastructure controlled by computers or information systems. |
VA H 1334 |
Status: Enacted |
Establishes standards for insurance data security, for the investigation of a cybersecurity event, and for the notification to the commissioner of Insurance and affected consumers of a cybersecurity event, requires insurers to develop, implement, and maintain a comprehensive written information security program based on an assessment of its risk that contains administrative, technical, and physical safeguards. |
VA HJR 23 |
Status: Failed |
Relates to study; relates to Department of Elections; relates to use of blockchain technology to protect voter records and election results; relates to report; requests the Department of Elections to conduct a study to determine the kinds of blockchain technology that could be used to secure voter records and election results, determine the costs and benefits of using such technology as compared to traditional registration and election security measures, and make recommendations. |
VA HJR 64 |
Status: Adopted |
Requests the Information Technologies Agency to study the Commonwealth's susceptibility, preparedness, and ability to respond to ransomware attacks, provides that in conducting its study, the agency shall assess the Commonwealth's susceptibility to ransomware attacks at the state and local levels of government. |
VA S 378 |
Status: Enacted |
Relates to computer trespass, relates to penalty, expands the crime of computer trespass to provide that the prohibited actions that constitute computer trespass are criminalized if done through intentionally deceptive means and without authority, specifies that a computer hardware or software provider, an interactive computer service, or a telecommunications or cable operator does not have to provide notice of its activities to a computer user that a reasonable computer user should expect may occur. |
VA S 641 |
Status: Pending—Carryover |
Relates to civil action, relates to sale of personal data, requires a person that disseminates, obtains, maintains, or collects personal data about a consumer for a fee to implement security practices to protect the confidentiality of a consumer's personal data, obtain express consent of a parent of a minor before selling the personal data of such minor, provide access to consumers to their own personal data that is held by the entity, and refrain from maintaining or selling data. |
VA S 1003 |
Status: Enacted |
Relates to computer crimes, relates to penalty, provides that it is a Class 1 misdemeanor for a person to maliciously use an Internet-capable computer as part of a hoax to cause another person to expend monetary funds that would not have been expended if not for the hoax if the person using such computer knew or should have known that the funds would be expended, provides that it is not a defense that the defendant did not receive any direct or indirect benefit from the hoax. |
Vermont |
VT H 157 |
Status: Failed--adjourned |
Relates to adopting minimum security standards for connected devices. |
VT H 692 |
Status: Failed--adjourned |
Relates to providing mandatory cybersecurity awareness training to municipal employees. |
VT H 895 |
Status: Failed--adjourned |
Relates to creating an Information Technology Development Initiative. |
VT H 966 |
Status: Enacted |
Provides funding for the Agency of Digital Services to fund efforts to mitigate cybersecurity risks posed by state employees working from home as a result of the COVID-19 pandemic. |
VT S 304 |
Status: Failed--adjourned |
Relates to an Interbranch Cybersecurity Task Force. |
Washington |
WA H 1251 |
Status: Enacted |
Concerns security breaches of election systems or election data including by foreign entities. |
WA H 1840 |
Status: Failed--adjourned |
Concerns the removal of payment credentials and other sensitive data from state data networks. |
WA H 2111 |
Status: Failed--adjourned |
Concerns enhancing cybersecurity by eliminating the return of ballots by fax and email. |
WA H 2293 |
Status: Failed--adjourned |
Exempts election security information from public records disclosure. |
WA H 2325 |
Status: Failed--adjourned |
Makes current fiscal biennium supplemental operating appropriations. |
WA H 2647 |
Status: Failed--adjourned |
Concerns election security. |
WA H 2663 |
Status: Failed--adjourned |
Concerns maximum salaries for skill center certificated instructional staff training students to work in skill center identified high-demand fields, including as veterinary technicians, nursing or medical assistants, or cybersecurity specialists. |
WA S 5153 |
Status: Failed--adjourned |
Makes 2019-2021 biennium operating appropriations. |
WA S 6285 |
Status: Failed--adjourned |
Exempts election security information from public records disclosure. |
WA S 6412 |
Status: Failed--adjourned |
Concerns election security. |
Wisconsin |
WI A 819 |
Status: Failed |
Imposes requirements related to insurance data cybersecurity, grants rulemaking authority. |
WI S 784 |
Status: Failed |
Imposes requirements related to insurance data cybersecurity, grants rulemaking authority. |
West Virginia |
WV S 261 |
Status: Enacted |
Creates criminal penalties for introducing ransomware into computer with intent to extort. |
District of Columbia |
DC B 612 |
Status: Pending |
(Introduced) Amends the Office of the Chief Technology Officer Establishment Act to strengthen the district government's cybersecurity posture, amends the Technology Services Support Act to rename the DC NET Services Support Fund and modify the purposes for which money in that hind may be expended to respond to the demand within the District government for innovative technologies. |
Puerto Rico |
PR H 92 |
Status: Failed |
Creates the Investigative Cyber Crimes Unit under the Department of Justice which will be in charge of investigating and prosecuting serious and less serious crimes and/or misdemeanors related to the right to privacy, ownership, identity and security in commercial transactions, when committed using electronic means, such as the Internet and the computer. |
PR HR 257 |
Status: Pending—Carryover |
Orders the House Committees on Finance and Public Security to investigate the information systems of the Department of the Treasury, its maintenance and the reasons for a cyber virus that caused on Jan. 6, 2017, the Department of the Treasury to raise about $20 million, determines if the information from taxpayers and the government hosted on the servers of the Department of the Treasury was affected as a result of this cyber virus. |
PR HR 367 |
Status: Pending—Carryover |
Orders the House Committee on Public Safety to assess the feasibility of establishing a forensic laboratory in cyber crimes, similar to that of the Immigration and Customs Enforcement, which provides services exclusively to state agencies. |
PR HR 475 |
Status: Pending—Carryover |
Orders the House Committee on Public Safety to research the practices and policies of cybersecurity and of the executive departments and agencies of the Government, with urgency in the Department of the Treasury, the State Department and Department of Public Safety. |