Alaska
|
AK H.B. 3
|
Status: Pending--carryover
|
Relates to the definition of disaster.
|
Alabama
|
AL S.B. 165
|
Status: Failed--adjourned
|
Public records, Alabama Public Records Act created, method of request for public records and manner of appeal, established, Office of Public Access Counselor, established, Sections 36-12-40, 36-12-41 repealed.
|
AL SJR 124
|
Status: Enacted
|
Recognizes Cybersecurity Awareness Month in October 2021.
|
Arizona
|
AZ S.B. 1159
|
Status: Failed--adjourned
|
Relates to technical correction, relates to electromagnetic pulse preparedness.
|
Arkansas
|
AR H.B. 1110
|
Status: Enacted
|
Requires a state entity to report a security incident to the Legislative Auditor.
|
AR S.B. 149
|
Status: Enacted
|
Amends the Fair Mortgage Lending Act. Provides that a mortgage broker, mortgage banker, or mortgage servicer required to be licensed shall establish, implement, update, and enforce written physical security and cybersecurity policies and procedures reasonably designed to ensure the confidentiality, integrity, and availability of physical and electronic records and information.
|
AR E.O. 12
|
Creates the state Cyber Advisory Council.
|
California
|
CA A.B. 128
|
Status: Enacted
|
Makes appropriations for the support of state government for the 2021-22 fiscal year, including $2,000,000 to be used to establish and operate the Office of Elections Cybersecurity. Activities performed by the Office of Elections Cybersecurity are intended to be specific to elections and shall be designed so as to minimize overlap and in coordination with statewide cybersecurity efforts performed by the California Cybersecurity Integration Center. Also appropriates up to $925,000 for the California Cybersecurity Integration Center. Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals, safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, economic stability, and national security. Appropriates $10,000,000 to address deferred maintenance projects that represent critical infrastructure deficiencies.
|
CA A.B. 327
|
Status: Failed (cybersecurity provisions below were amended out)
|
Adds the California Privacy Protection Agency as one of the organizations whose representatives comprise the California Cybersecurity Integration Center. Declares that its provisions further the purposes and intent of the California Privacy Rights Act of 2020.
|
CA A.B. 581
|
Status: Pending
|
Requires all state agencies, as generally defined, to review and implement specified National Institute of Standards and Technology (NIST) guidelines for, among other things, reporting, coordinating, publishing, and receiving information about a security vulnerability relating to information systems and the resolution thereof, no later than July 1, 2022.
|
CA A.B. 809
|
Status: Failed
|
Requires state agencies not covered by the policies and procedures issued by the Office of Information Security within the Department of Technology to adopt and implement information security and privacy policies, standards, and procedures based upon standards issued by the National Institute of Standards and Technology and the Federal Information Processing Standards.
|
CA A.B. 953
|
Status: Failed
|
Requires the Department of Fish and Wildlife to separately track and account for all revenues collected under the above filing fee provision and all costs incurred in its role as a responsible agency or trustee agency under the California Environmental Quality Act.
|
CA A.B. 1352
|
Status: Failed
|
Authorizes the Military Department, at the request of a local educational agency, to perform an independent security assessment of the local educational agency, or an individual schoolsite under its jurisdiction, the cost of which to be funded by the local educational agency, as specified.
|
CA A.B. 1403
|
Status: Vetoed
|
Relates to emergency services. Includes a deenergization event, defined as a planned power outage, as specified, within those conditions constituting a state of emergency and a local emergency.
|
CA S.B. 52
|
Status: Enacted
|
Expands the definition of sudden and severe energy shortage to include a deenergization event, defined as a planned power outage, as specified, and would make a deenergization event one of those conditions constituting a state of emergency and a local emergency.
|
CA S.B. 468
|
Status: Pending
|
Includes an electromagnetic pulse attack among those conditions constituting a state of emergency or local emergency.
|
Colorado
|
CO H.B.1236
|
Status: Enacted
|
Concerns the modification of certain statutory provisions to reflect the current state information technology environment. Provides that the Colorado cybersecurity council may develop a whole-of-state cybersecurity approach for the state and for local governments, including the coordination and setting of strategic statewide cybersecurity goals, roadmaps, and best practices. The council also may review the need to conduct risk assessments of local government systems and providing additional cybersecurity services to local governments.
|
Connecticut
|
CT H.B. 5868
|
Status: Failed
|
Requires an online listing of all cyberattacks or data breaches in the state, establishes a central location that lists all cyberattacks or data breaches in the state.
|
CT H.B. 6161
|
Status: Failed
|
Creates a tax safe harbor for business entities adopting a recognizable best practice cybersecurity plan.
|
CT H.B. 6391
|
Status: Enacted
|
Concerns the Insurance Department's recommendations regarding the general statutes.
|
CT H.B. 6607
|
Status: Enacted
|
Incentivizes the adoption of cybersecurity standards for businesses by allowing businesses that adopt certain cybersecurity framework to plead an affirmative defense to any cause of action that alleges that a failure to implement reasonable cybersecurity controls resulted in a data breach concerning personal or restricted information.
|
CT S.B. 4
|
Status: Failed
|
Requires the Public Utilities Regulatory Authority to apply net neutrality principles to broadband Internet access service providers and enforce such principles with civil penalties, directs the authority to conduct studies on cybersecurity and data privacy laws in the state, extends the crime of stalking in the second degree to certain electronic disclosures of personal identifiable information without consent.
|
CT S.B. 719
|
Status: Failed
|
Establishes a task force to study and develop recommendations concerning protection from, and prevention of, cyber attacks.
|
CT S.B. 720
|
Status: Failed
|
Concerns data privacy, net neutrality, cyber security and fairness in data usage in the new age of a digital workforce, protects the economy and online learning from data breaches and limits on broadband usage.
|
Florida
|
FL H 971
|
Status: Failed
|
Relates to public records, relates to consumer data privacy, provides exemption from public records requirements for information relating to investigations by Department of Legal Affairs and law enforcement agencies of certain data privacy violations, provides for future review and repeal, provides statement of public necessity.
|
FL H.B. 1137
|
Status: Enacted
|
Relates to information technology procurement, requires Department of Management Services (DMS) to establish project management and oversight standards for state agency compliance and perform project oversight on it projects, requires department to issue request for quotes to vendors approved to provide commodities or services, requires Department of Management Services (DMS) to prequalify firms and individuals to provide services on state term contract.
|
FL H.B. 1297
|
Status: Enacted
|
Relates to cybersecurity, requires audit plans of inspector general to include certain information, revises provisions to replace references to it and computer security with references to cybersecurity, provides and revises requirements for Department of Management Services, acting through State Digital Service, creates State Cybersecurity Advisory Council within Department of Management Services, provides purpose of council.
|
FL H.B. 5001
|
Status: Failed
|
Relates to General Appropriations Act, provides moneys for annual period beginning specified date, and ending specified date, and supplemental appropriations for period ending specified date, to pay salaries and other expenses, capital outlay-buildings and other improvements, and for other specified purposes of various agencies of state government.
|
FL S.B. 1448
|
Status: Failed
|
Relates to Information Technology Procurement, requires the Department of Management Services, through the Florida Digital Service, to establish certain project management and oversight standards for state agency compliance, requiring the department to perform project oversight on information technology projects that have total project costs of a certain amount or more.
|
FL S.B. 1900
|
Status: Failed
|
Relates to cybersecurity, requires certain audit plans of an inspector general to include certain information, revises provisions to replace references to information technology security and computer security with references to cybersecurity, provides that certain employees shall be assigned to selected exempt service, creates the Florida Cybersecurity Advisory Council within the Department of Management Services.
|
FL S.B. 7064
|
Status: Failed
|
Relates to public records/investigations by the department of legal affairs; provides an exemption from public records requirements for information relating to investigations by the Department of Legal Affairs and law enforcement agencies of certain data privacy violations; provides for future legislative review and repeal of the exemption; provides a statement of public necessity.
|
FL S.B. 7074
|
Status: Enacted
|
Relates to public records or social media platform activities, provides a public records exemption for information received by the Attorney General pursuant to an investigation by the Attorney General or a law enforcement agency into certain social media platform activities, provides a public records exemption for information received by the Department of Legal Affairs pursuant to an investigation by the department.
|
Georgia
|
GA H.B. 134
|
Status: Enacted
|
Relates to open and public meetings, so as to exclude meetings relating to cybersecurity contracting and planning from open meeting requirements, relates to inspection of public records, so as to provide an exemption for certain documents relating to cybersecurity plans and systems, provides for related matters, provides for an effective date, repeals conflicting laws.
|
GA H.B. 156
|
Status: Enacted
|
Relates to military, emergency management, and veterans affairs, so as to provide for additional powers and duties related to homeland security and the military, facilitates the sharing of information and reporting of cyber attacks, requires governmental agencies and utilities to report any cyber attacks to the director of emergency management and homeland security, provides for certain reports and records related to cyber attacks to be exempt from public disclosure, relates to workforce development.
|
GA H.B. 159
|
Status: Failed
|
Relates to military, emergency management, and veterans affairs, so as to establish the State Cybersecurity Review Board, provides for membership and duties of the board, provides for definitions, requires the board, in conjunction with the Georgia Technology Authority, to establish cybersecurity training for employees of all state agencies, provides for adverse employment action if such training is not completed.
|
GA H.B. 260
|
Status: Failed
|
Relates to selling and other trade practices, so as to provide for legislative findings, provides standards for cybersecurity programs to protect businesses from liability, provides for affirmative defenses for data breaches of private information, provides for related matters, provides for an effective date, repeals conflicting laws.
|
GA S.B. 52
|
Status: Failed
|
Relates to selling and other trade practices, so as to provide for legislative findings, provides standards for cybersecurity programs to protect businesses from liability, provides for affirmative defenses for data breaches of private information, provides for related matters, provides for an effective date, repeals conflicting laws.
|
Hawaii
|
HI H.B. 454
|
Status: Failed
|
Establishes an income tax credit for investment in qualified businesses that develop cybersecurity and artificial intelligence.
|
HI H.B. 739
|
Status: Failed
|
Requires manufacturers of connected devices to equip the devices with reasonable security features regarding information collected, unauthorized access, or the destruction or use of the devices.
|
HI H.B. 946
|
Status: Failed
|
(Governor Bill Package) Adopts the national conference of insurance commissioners' insurance data security model law to establish insurance data security standards for state insurance licensees.
|
HI H.B. 957
|
Status: Failed
|
(Governor Bill Package) Establishes the Hawaii state fusion center as a program under the office of homeland security as described in chapter 128a, Hawaii Revised Statutes, establishes the position of Hawaii state fusion center director.
|
HI S.B. 1002
|
Status: Failed
|
Requires manufacturers of connected devices to equip the devices with reasonable security features regarding information collected, unauthorized access, or the destruction or use of the devices.
|
HI S.B. 1100
|
Status: Enacted
|
(Governor Bill Package) Enacts the National Association of Insurance Commissioners' Insurance Data Security Model Law to establish insurance data security standards for Hawaii insurance licensees.
|
HI S.B. 1111
|
Status: Failed
|
(Governor Bill Package) Establishes the state fusion center as a program under the Office of Homeland Security, establishes the position of state state fusion center director who shall be state funded responsible to the Director of Homeland Security and accountable to manage the operations of the center.
|
Iowa
|
IA D 1335
|
Status: Failed
|
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the commissioner of insurance, makes penalties applicable, includes effective date provisions.
|
IA H.B. 719
|
Status: Enacted
|
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.
|
IA H.B. 861
|
Status: Enacted
|
Relates to appropriations to the justice system, gambling regulatory fees, and creating a bureau of cyber-crime, establishing a department of corrections survivor benefits fund, and including effective date and retroactive applicability provisions.
|
IA HSB 198
|
Status: Failed
|
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.
|
IA S.B. 553
|
Status: Failed
|
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.
|
IA SSB 1190
|
Status: Failed
|
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.
|
Idaho
|
ID H.B. 147
|
Status: Failed
|
Enacts the Insurance Data Security Act, establishes provisions regarding an information security program, provides for investigation and notice of a cybersecurity event, provides that the director of the department of insurance will have the power to examine and investigate certain matters, provides for confidentiality and sharing of documents, materials, and other information, provides exceptions, provides that the chapter does not create a private cause of action, provides for penalties.
|
Illinois
|
IL H.B. 1588
|
Status: Pending
|
Amends the Information Security Improvement Act, makes a technical change in a section concerning the short title.
|
IL H.B. 2869
|
Status: Pending
|
Amends the Local Records Act, provides that a unit of local government, acting through its governing board, may authorize the use of technology to execute its duties, or assist in the execution of certain portions of public duties, where those technologies utilize commonly accepted methods of data storage and cybersecurity, and the unit of local government otherwise continues adherence to the Local Records Act.
|
IL H.B. 3030
|
Status: Pending
|
Creates the Cybersecurity Compliance Act, creates an affirmative defense for every covered entity that creates, maintains, and complies with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of either personal information or both personal information and restricted information and that reasonably conforms to an industry-recognized cybersecurity framework, prescribes requirements for the cybersecurity program.
|
IL H.B. 3040
|
Status: Pending
|
Creates the Insurance Data Security Act, requires any person licensed, authorized to operate, or registered as an insurer in accordance with the insurance Laws of this State to conduct a risk assessment of cybersecurity threats, implement appropriate security measures, and no less than annually assess the effectiveness of the safeguards' key controls, systems, and procedures.
|
IL H.B. 3204
|
Status: Pending
|
Amends the Information Security Improvement Act, makes a technical change in a section concerning the short title.
|
IL H.B. 3523
|
Status: Enacted
|
Amends the Emergency Management Agency Act, expands the definition of disaster to include a cyber attack.
|
IL H.B. 3731
|
Status: Pending
|
Amends the Department of Innovation and Technology Act, requires the Department of Innovation and Technology to work to ensure the security of the social media and Internet presence of state elected officials and state agencies and, to the extent possible, reserve the use of State government online accounts, whether social media or email, for use only by state officials, state agencies, and employees thereof, to prevent false personation, provides for the adoption of rules, defines false personation.
|
IL H.B. 4074
|
Status: Pending
|
Creates the Consumers and Climate First Act, provides that it is the policy of the state to transition to 100% clean energy by 2050, amends the Governmental Ethics Act, expands the information required to be provided on a statement of economic interests to include employment by a public utility, amends the Enterprise Zone Act, expands, in provisions relating to High Impact Businesses, the definition of new electric generating facility to include a new utility scale solar power facility.
|
IL H.B. 4152
|
Status: Pending
|
Amends the School Code to require a school district to report a cyber security attack to the State Board of Education as soon as school personnel determine that a breach of the school district's computer system or network has occurred, amends various Acts relating to the governance of public universities and community colleges in Illinois to require a public university or community college district to report a cyber security attack to the Department of Innovation and Technology as soon as school person.
|
IL S.B. 350
|
Status: Pending
|
Amends the Freedom of Information Act, exempts from disclosure risk and vulnerability assessments, security measures, schedules, certifications, and response policies or plans that are designed to detect, defend against, prevent, or respond to potential cyber attacks upon the state's or an election authority's network systems, or records that the disclosure of which would, in any way, constitute a risk to the proper administration of elections or voter registration.
|
IL S.B. 825
|
Status: Enacted
|
Amends the Election Code, relates to cybersecurity, requires each election authority maintaining a website to begin utilizing a .gov website address and a .gov electronic mail address for each employee.
|
IL S.B. 2506
|
Status: Pending
|
Amends the Local Records Act, provides that a unit of local government, acting through its governing board, may authorize the use of technology to execute its duties, or assist in the execution of certain portions of public duties, where those technologies utilize commonly accepted methods of data storage and cybersecurity, and the unit of local government otherwise continues adherence to the Local Records Act.
|
IL S.B. 2896
|
Status: Pending
|
Creates the Consumers and Climate First Act, provides that it is the policy of the state to transition to 100% clean energy by 2050, amends the Governmental Ethics Act, expands the information required to be provided on a statement of economic interests to include employment by a public utility, amends the Enterprise Zone Act, expands, in provisions relating to High Impact Businesses, the definition of new electric generating facility to include a new utility scale solar power facility.
|
Indiana
|
IN H.B. 1169
|
Status: Enacted
|
Relates to cybersecurity incidents, requires the office of technology to maintain a repository of cybersecurity incidents, provides that a state agency and a political subdivision shall report any cybersecurity incident to the office without unreasonable delay and not later than two business days after discovery of the cybersecurity incident in a format prescribed by the chief information officer, allows the office of technology to assist a state agency with certain issues concerning information technology.
|
Kansas
|
KS H.B. 2292
|
Status: Failed
|
Creates exemptions in the Open Records Act for cyber security assessments, plans and vulnerabilities.
|
KS H.B. 2390
|
Status: Enacted
|
Makes permanent certain exceptions to the disclosure of public records under the Open Records Act.
|
KS S.B. 250
|
Status: Failed
|
Amends the state Cybersecurity Act, requires security training for all state agencies, provides for certain information to be provided to the Joint Committee on Information Technology.
|
Louisiana
|
LA H.B. 128
|
Status: Enacted
|
Provides relative to the powers and duties of the Cash Management Review Board with respect to financial security and cybersecurity plans and procedures adopted by state agencies, including the assessment and deployment of such plans and procedures.
|
LA H.B. 373
|
Status: Enacted
|
Establishes an exception to public records requirements for certain information by the Secretary of State.
|
LA H.B. 417
|
Status: Failed--adjourned
|
(Constitutional Amendment) Revises Article VII of the Constitution of Louisiana.
|
LA H.B. 508
|
Status: Failed--adjourned
|
Dedicates funds to the State Cybersecurity and Information Technology Fund.
|
LA H.B. 607
|
Status: Enacted
|
Directs the joint legislative committee on technology and cybersecurity to examine and consider potential regulatory structures for network installers and cybersecurity providers operating in the state.
|
LA HCR 108
|
Status: Adopted
|
Directs the Department of Economic Development to study and report on cyber-related issues.
|
LA S.B. 15
|
Status: Enacted
|
Relates to purchase of telecommunication and video equipment or services by all state agencies.
|
Massachusetts
|
MA H.B. 107
|
Status: Pending
|
Regulates privacy and technology in education.
|
MA H.B. 122
|
Status: Pending
|
Relates to cyber procurement insurance.
|
MA H.B. 349
|
Status: Pending
|
Relates to the security of personal financial information.
|
MA H.B. 3132
|
Status: Pending
|
Establishes a task force to study the need for increased cyber security within government agencies.
|
MA H.B. 3133
|
Status: Pending
|
Relates to cybersecurity standards in state contracts or procurements.
|
MA S.B. 55
|
Status: Pending
|
Relates to cyber crime prevention in schools.
|
MA S.B. 2088
|
Status: Pending
|
Establishes a Cybersecurity Control and Review Commission.
|
MA HD 573
|
Status: Pending
|
Ensures cyber security in the Commonwealth.
|
MA HD 582
|
Status: Pending
|
Relates to cybersecurity standards in government procurements.
|
MA HD 2720
|
Status: Pending
|
Relates to cyber procurement insurance.
|
MA SD 399
|
Status: Pending
|
Establishes a Cybersecurity Control and Review Commission.
|
MA SD 2327
|
Status: Pending
|
Relates to cyber crime prevention in schools.
|
MA S.B. 51
|
Status: Pending
|
Creates an office of data protection, cybersecurity, and privacy.
|
Maryland
|
MD H.B. 38
|
Status: Failed--adjourned
|
Relates to the Department of Information Technology.
|
MD H.B. 148
|
Status: Failed--adjourned
|
Relates to the Personal Information Protection Act.
|
MD H.B. 425
|
Status: Enacted
|
Prohibits a person from committing a certain prohibited act with the intent to interrupt or impair the functioning of a health care facility or a public school, prohibits a person from knowingly possessing certain ransomware with the intent to use the ransomware for purposes of introduction into a computer, network or system of another person, alters and establishes certain penalties, authorizes a victim of a certain offense to bring a civil action for damages against a certain person.
|
MD H.B. 587
|
Status: Failed--adjourned
|
Requires each unit of State government to submit a certain report related to information technology and cybersecurity to the Department of Information Technology on or before a certain date each year, establishes the required contents of certain reports, requires the Department to compile and analyze certain information and report to each unit of State government and the General Assembly certain information and recommendations by a certain date of each year.
|
MD H.B. 717
|
Status: Failed--adjourned
|
Provides for the target per pupil foundation amount in fiscal year 2022, requires each county board of education to use not less than 7% of the target per pupil foundation amount to provide certain technology resources to students, authorizes a local school system, at the end of each fiscal year, to hold unused funds in a special fund to be used in a subsequent fiscal year, requires a county board that allocates certain funding to follow certain information technology security standards.
|
MD H.B. 824
|
Status: Failed--adjourned
|
Requires the State Department of Education, the Behavioral Health Administration within the Maryland Department of Health, the Maryland Center for School Safety, and the Department of Information Technology jointly to develop and publish a cyber safety guide and training course on safe Internet, social media, and technology usage for certain students, parents, and school employees to be implemented beginning in the 2022-2023 school year, requires the guide to be posted on certain websites.
|
MD H.B. 879
|
Status: Failed--adjourned
|
Establishes the Cybersecurity Coordination and Operations Office within the Maryland Emergency Management Agency to help improve statewide cybersecurity readiness and response, requires the Director of MEMA to appoint an Executive Director as head of the Office, requires the Office to be provided with sufficient staff to perform the Office's functions.
|
MD H.B. 1129
|
Status: Failed--adjourned
|
Requires the Department of Information Technology, in coordination with the Maryland Cybersecurity Council, to develop criteria for the certification of certain cybersecurity training programs for use by State and local government employees required to complete cybersecurity training each year, certify at least 20 programs, review and update certain certification standards at certain times, and maintain a list of all certified programs on its website.
|
MD H.B. 1306
|
Status: Failed--adjourned
|
Alters the duties of the Maryland Cybersecurity Council to include monitoring and evaluating certain election security measures and high-speed Internet access in the State, requires the Council to make recommendations concerning any legislative changes considered necessary by the Council to address election security and high-speed Internet access.
|
MD S.B. 49
|
Status: Enacted
|
Relates to cybersecurity. Requires the Secretary of Information Technology to advise and oversee a consistent cybersecurity strategy for certain units of state government. Requires the Secretary to advise and consult with the Legislative and Judicial branches of state government regarding a cybersecurity strategy. Requires the Secretary to develop guidance on consistent cybersecurity strategies for certain political subdivisions of the state.
|
MD S.B. 69
|
Status: Failed--adjourned
|
Relates to the emergency management agency.
|
MD S.B. 112
|
Status: Failed--adjourned
|
Relates to the Personal Information Protection Act.
|
MD S.B. 160
|
Status: Enacted
|
Relates to the Cybersecurity Investment Incentive Tax Credit Program.
|
MD S.B. 231
|
Status: Failed--adjourned
|
Relates to cyber safety guide and training course.
|
MD S.B. 348
|
Status: Failed
|
Relates to information technology.
|
MD S.B. 351
|
Status: Failed--adjourned
|
Relates to protection of information.
|
MD S.B. 623
|
Status: Enacted
|
Prohibits a person from committing a certain prohibited act with the intent to interrupt or impair the functioning of a health care facility or a public school, prohibits a person from knowingly possessing certain ransomware with the intent to use the ransomware to restrict access by authorized persons and demanding payment to remove the ransomware, authorizes a victim of a certain offense to bring a civil action for damages against a certain person.
|
MD S.B. 734
|
Status: Failed--adjourned
|
Requires the Department of Information Technology to issue certain standards and guidelines for units of State government for the appropriate use and management of certain Internet of Things devices under certain circumstances, requires the Department to review and revise its standards and guidelines at least once every 5 years to ensure that they are at least as comprehensive as the standards and guidelines adopted by the Director of NIST.
|
MD S.B. 770
|
Status: Failed--adjourned
|
Provides for the target per pupil foundation amount in fiscal year 2022, requires each county board of education to use not less than 7% of the target per pupil foundation amount to provide certain technology resources to students, authorizes a local school system, at the end of each fiscal year, to hold unused funds in a special fund to be used in a subsequent fiscal year, requires a county board that allocates certain funding to follow certain information technology security standards.
|
MD S.B. 873
|
Status: Failed--adjourned
|
Requires the Department of Information Technology, in coordination with the Maryland Cybersecurity Council, to develop criteria for the certification of certain cybersecurity training programs for use by State and local government employees required to complete cybersecurity training each year, certify at least 20 programs, review and update certain certification standards at certain times, and maintain a list of all certified programs on its website.
|
MD S.B. 902
|
Status: Failed--adjourned
|
Establishes the Cyber Workforce Program in the Partnership for Workforce Quality Program, provides for the purpose of the Cyber Program, requires the Secretary of Commerce to direct the Cyber Program, requires the Secretary to establish certain criteria and priorities for assistance under the Cyber Program, requires the Secretary to submit a certain report on the operation and performance of the Cyber Program.
|
MD S.B. 917
|
Status: Failed--adjourned
|
Requires each unit of State government and certain local agencies to submit a certain report related to information technology and cybersecurity to the Department of Information Technology on or before September 1 each year, establishes the required contents of certain reports, requires the Department to compile and analyze certain information and report to each unit of State government and the General Assembly certain information and recommendations by December 31 each year.
|
MD S.B. 943
|
Status: Enacted
|
Relates to University of Maryland Strategic Partnership Act of 2016.
|
Maine
|
ME H.B. 17
|
Status: Enacted
|
Enacts the Maine Insurance Data Security Act, establishes standards for information security programs based on ongoing risk assessment for protecting consumers' personal information, establishes requirements for the investigation of and notification to the Superintendent of Insurance regarding cybersecurity events.
|
ME H.B. 672
|
Status: Enacted
|
Protects data privacy and security in elections, proposes to protect data privacy and security in elections.
|
ME LR 114
|
Status: Failed
|
Enacts the Maine Insurance Data Security Act.
|
ME LR 1607
|
Status: Failed
|
Protects data privacy and security in elections.
|
ME S.B. 577 a
|
Status: Enacted
|
Provides allocations for the distribution of state fiscal recovery funds. Provides funding to tackle the highest-risk areas identified by an external program review, including formalizing a business continuity plan for the State's information technology and setting a framework for providing leadership to state agencies in business continuity planning. This one-time funding for cybersecurity will augment the proposed General Fund appropriation request and provide the resources needed to tackle some of the highest-risk areas, including business continuity planning and workforce enhancements. Provides funding to support and maintain the State's cybersecurity program and investments.
|
ME E.O. 3
|
|
Establishes the state of Maine Cybersecurity Advisory Council.
|
Michigan
|
MI H.B. 5036
|
Status: Pending
|
Provides technology, management, and budget department to create resources concerning digital literacy and cyber safety on public website to House Communications and Technology Committee.
|
MI S.B. 520
|
Status: Pending
|
Provides technology, management, and budget department to create resources concerning digital literacy and cyber safety on public website.
|
MI S.B. 672
|
Status: Pending
|
Provides for an affirmative defense for covered entities with cybersecurity programs under certain circumstances.
|
Minnesota
|
MN H.B. 6
|
Status: Enacted
|
(Special session) Relates to commerce, establishes a biennial budget for Department of Commerce, Public Utilities Commission, and energy activities, modifies various provisions governing insurance, modifies provisions governing collections agencies and debt Buyers, modifies and adds consumer protections, establishes and modifies provisions governing energy, renewable energy, and utility regulation, provides for certain salary increases, makes technical changes, establishes penalties, requires reports, appropriates money.
|
MN S.B. 19
|
Status: Failed--adjourned
|
(Special session)Relates to commerce, establishes a biennial budget for Department of Commerce, Public Utilities Commission, and energy activities, modifies various provisions governing insurance, modifies provisions governing collections agencies and debt Buyers, modifies and adds consumer protections, establishes and modifies provisions governing energy, renewable energy, and utility regulation, provides for certain salary increases, makes technical changes, establishes penalties, requires reports, appropriates money.
|
MN H.B. 66
|
Status: Failed - adjourned
|
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments.
|
MN H.B. 1031
|
Status: Failed
|
Relates to commerce, establishes a biennial budget for Department of Commerce and energy activities, modifies various provisions governing and administered by the Department of Commerce, establishes a prescription drug affordability board and related regulations, modifies various provisions governing insurance.
|
MN H.B. 1913
|
Status: Failed - adjourned
|
Relates to insurance, establishes an Insurance Data Security Law.
|
MN S.B. 972
|
Status: Failed - adjourned
|
Relates to commerce, establishes a biennial budget for Department of Commerce and energy activities, modifies various provisions governing and administered by the Department of Commerce, establishes a prescription drug affordability board and related regulations, modifies various provisions governing insurance, establishes a student loan borrower bill of rights, modifies and adding consumer protections, modifies provisions governing collections agencies and debt buyers.
|
MN S.B. 1174
|
Status: Failed - adjourned
|
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments, proposes coding for new law.
|
MN S.B. 1606
|
Status: Failed
|
Relates to insurance, establishes an Insurance Data Security Law.
|
MN S.B. 1846
|
Status: Failed - adjourned
|
Relates to commerce, modifies various provisions governing or administered by the Department of Commerce, modifies allowance of reinsurance credit, establishes an insurance data security law, makes technical changes.
|
Missouri
|
MO H.B. 1204
|
Status: Failed--adjourned
|
Establishes the Missouri Cybersecurity Commission.
|
MO S.B. 49
|
Status: Enacted
|
Relates to public safety, modifies provisions relating to licensure as a boat dealer, modifies provisions relating to certain vessel registration and fees, adds restrictions for certain vessel anchorage at docks, provides a penalty, establishes the Missouri Cybersecurity Commission within the Department of Public Safety.
|
MO S.B. 674
|
Status: Failed - adjourned
|
Relates to grants to employers for the purpose of enhancing cybersecurity.
|
Mississippi
|
MS H.B. 633
|
Status: Enacted
|
Creates the Mississippi Computer Science and Cyber Education Equality Act, authorizes and directs the Mississippi Department of Education to implement a mandatory k 12 computer science curriculum based on the Mississippi College and Career Readiness Standards for computer science, which includes instruction in, but not limited to, computational thinking, cyber related, programming, cyber security, data science, robotics and other computer science and cyber related content.
|
MS S.B. 2678
|
Status: Failed
|
Creates the Mississippi Computer Science and Cyber Education Equality Act, authorizes and directs the Mississippi Department of Education to implement a mandatory K 12 computer science curriculum based on the state college and career readiness standards for computer science which includes instruction in, but not limited to, computational thinking, computer programming, cyber security, data science, robotics and other computer science and cyber related content.
|
MS E.O. 1
|
|
Creates a Task Force on State Cybersecurity, directs the Task Force to develop recommendations and proposals to identify vulnerabilities of systems, staffing, training and technologies with state agencies.
|
Montana
|
MT H.B. 10
|
Status: Enacted
|
Revises laws related to Information Technology Capital Projects, appropriates money for Information Technology Capital Projects for the biennium ending a specified date, provides for matters relating to the appropriations, provides for a transfer of funds from the general fund to the Long-Range Information Technology Program Account, provides for the development and acquisition of new information technology systems for the specified agencies.
|
MT H.B. 530
|
Status: Enacted
|
Requires the Secretary of State to adopt rules defining and governing election security; requires election security assessments by the Secretary of State and county election administrations; establishes that security assessments are confidential information; establishes reporting requirements; directs the Secretary of State to adopt rules prohibiting certain persons from receiving pecuniary benefits with respect to certain ballot activities; provides for penaltieS.
|
MT H.B. 614
|
Status: Enacted
|
Revises the workforce development provisions of the Health and Economic Livelihood Partnership act, establishes allowable uses of workforce development funding, requires contracting for training and education programs, extends rulemaking authority.
|
MT E.O. 13
|
|
Continues the Montana Information Security Advisory Council.
|
Nevada
|
NV BDR 63
|
Status: Failed--adjourned
|
Revises provisions relating to cyber security.
|
New Hampshire
|
NH H.B. 137
|
Status: Failed
|
Exempts certain statewide standards and protocols relative to information technology, networks, telephony, and cyber security developed by the department of information technology from a specified rulemaking.
|
NH H.B. 425
|
Status: Enacted
|
Establishes certain technical committees and a cybersecurity advisory committee in the Department of Information Technology.
|
NH H.B. 487
|
Status: Failed
|
Establishes an information technology supply chain risk authority.
|
NH H.B. 1277
|
Status: Enacted
|
Defines cybersecurity incident and requires that political subdivisions report such incidents to the department of information technology.
|
NH LSR 546
|
Status: Pending
|
Establishes the position of chief information security officer and deputy chief information security officer in the department of information technology.
|
NH LSR 643
|
Status: Failed
|
Relates to cyber security incident reporting and recommended cyber security standards for political subdivisions.
|
New Jersey
|
NJ A.B. 442
|
Status: Pending
|
Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks.
|
NJ A.B. 1378
|
Status: Pending
|
Directs New Jersey Cyber security and Communications Integration Cell to develop cyber security prevention best practices and awareness materials for consumers in this state.
|
NJ A.B. 1396
|
Status: Pending
|
Concerns information security standards and guidelines for state and local government.
|
NJ A.B. 1654
|
Status: Pending
|
Requires state, county, and municipal employees and certain state contractors to complete cybersecurity awareness training.
|
NJ A.B. 2083
|
Status: Pending
|
Establishes the crime of cyber interference, defined as tampering or interfering with any software, computer, cell phone, or any other electronic device, with the purpose to harass another.
|
NJ A.B. 2852
|
Status: Pending
|
Directs state Cybersecurity and Communications Integration Cell, Office of Information Technology, and state Big Data Alliance to develop advanced cyberinfrastucture strategic plan.
|
NJ A.B. 3308
|
Status: Pending
|
Clarifies the crime of unlawful access concerning certain password protected communications in electronic storage.
|
NJ A.B. 3684
|
Status: Pending
|
Requires state employees to receive best cybersecurity practices.
|
NJ A.B. 3834
|
Status: Pending
|
Concerns debarment of contractors for conviction of certain computer-related crimes.
|
NJ A.B. 3984
|
Status: Pending
|
Creates affirmative defense for certain breaches of security.
|
NJ A.B. 4825
|
Status: Pending
|
Revises cybersecurity, asset management, and related reporting requirements in Water Quality Accountability Act.
|
NJ A.B. 6018
|
Status: Pending
|
Requires each principal department in Executive Branch and each State college to conduct review of department's or college's cybersecurity infrastructure and make recommendations.
|
NJ A.B. 6098
|
Status: Pending
|
Requires businesses in financial, essential infrastructure, and health care industries to report cybersecurity incidents.
|
NJ A.B. 6101
|
Status: Pending
|
Establishes cybersecurity employment grant program for qualified businesses.
|
NJ A.B. 6102
|
Status: Pending
|
Requires businesses in financial, essential infrastructure, and health care industries to develop cybersecurity plans.
|
NJ A.B. 6103
|
Status: Pending
|
Requires instruction on cybersecurity in grades nine through 12, requires Office of Secretary of Higher Education to develop cybersecurity model curricula, establishes loan redemption programs for individuals in certain cybersecurity occupations.
|
NJ A.B. 6104
|
Status: Pending
|
Requires municipalities, counties, and school districts to report cybersecurity incidents.
|
NJ A.B. 6178
|
Status: Pending
|
Requires public agencies report cybersecurity incidents to New Jersey Office of Homeland Security and Preparedness.
|
NJ AJR 40
|
Status: Pending
|
Urges Secretary of State to assure Legislature and public that State's electoral system is protected from foreign computer hackers.
|
NJ AJR 66
|
Status: Pending
|
Establishes Technology Task Force.
|
NJ AJR 153
|
Status: Pending
|
Designates October of each year as Cyber Security Awareness Month.
|
NJ AJR 248
|
Status: Pending
|
Establishes state Cybersecurity Task Force.
|
NJ S.B. 343
|
Status: Pending
|
Directs the state Cybersecurity and Communications Integration Cell, Office of Information Technology, and the state Big Data Alliance to develop an advanced cyberinfrastucture strategic plan.
|
NJ S.B. 647
|
Status: Enacted
|
Revises cybersecurity, asset management, and related reporting requirements in Water Quality Accountability Act.
|
NJ S.B. 1233
|
Status: Pending
|
Requires certain persons and business entities to maintain comprehensive information security program.
|
NJ S.B. 1619
|
Status: Pending
|
Clarifies crime of unlawful access concerning certain password protected communications in electronic storage.
|
NJ S.B. 2155
|
Status: Pending
|
Requires Economic Development Authority to establish program offering low interest loan to certain financial institutions and personal data businesses to protect business's information technology system from customer personal information disclosure.
|
NJ S.B. 3062
|
Status: Pending
|
Creates affirmative defense for certain breaches of security.
|
NJ S.B. 3325
|
Status: Pending
|
Establishes the New Jersey Information Technology Commission.
|
NJ S.B. 3897
|
Status: Pending
|
Requires each principal department in Executive Branch and each State college to conduct review of department's or college's cybersecurity infrastructure and make recommendations.
|
NJ S.B. 4035
|
Status: Pending
|
Requires businesses in financial, essential infrastructure, and health care industries to develop cybersecurity plans.
|
NJ S.B. 4036
|
Status: Pending
|
Requires businesses in financial, essential infrastructure, and health care industries to report cybersecurity incidents.
|
NJ S.B. 4037
|
Status: Pending
|
Requires municipalities, counties, and school districts to report cybersecurity incidents.
|
NJ S.B. 4038
|
Status: Pending
|
Establishes cybersecurity employment grant program for qualified businesses.
|
NJ S.B. 4039
|
Status: Pending
|
Requires instruction on cybersecurity in grades nine through 12, requires Office of Secretary of Higher Education to develop cybersecurity model curricula, establishes loan redemption programs for individuals in certain cybersecurity occupations.
|
NJ S.B. 4278
|
Status: Pending
|
Requires public agencies report cybersecurity incidents to State Office of Homeland Security and Preparedness.
|
NJ SJR 127
|
Status: Pending
|
Establishes State Cybersecurity Task Force.
|
New Mexico
|
NM H.B. 70
|
Status: Failed--adjourned
|
Relates to domestic terrorism, defines "denial of service attack", defines "school", "community center", "place of worship" and "public accommodation", creates the crimes of terrorism, cyberterrorism, possessing a terroristic weapon and making a terroristic threat, provides penalties, provides for concurrent jurisdiction of crimes under the antiterrorism act, requires information sharing and reporting.
|
New York
|
NY A.B. 535
|
Status: Pending
|
Enacts the New York Grid Modernization Act to address the aging infrastructure, establishes the grid modernization program, defines terms, creates the smart grid advisory council, makes related changes. Provides for cyber security systems to protect customer financial information and data relating to personal electrical usage.
|
NY A.B. 749
|
Status: Pending
|
Authorizes continuing care retirement communities to adopt a written cybersecurity policy, requires such policies to be self-certified and approved by the superintendent.
|
NY A.B. 3847
|
Status: Pending
|
Establishes the crime of disruption of an online public meeting when a person with intent to cause public inconvenience, annoyance or alarm, without lawful authority, and acting through a computer service, he or she disturbs any lawful assembly or meeting of persons open to the public conducted through a computer service, makes such crime a class B misdemeanor.
|
NY A.B. 3900
|
Status: Pending
|
Establishes a commission to study the European Union's general protection data regulation and the current state of cybersecurity in the state.
|
NY A.B. 4490
|
Status: Pending
|
Enacts the "computer spyware protection act", prohibits the installation, transmission and use of computer software that collects personally identifiable information, authorizes the Attorney General to bring a civil action against any person who violates any provision of this section, seeks damages ranging from one thousand dollars to one million dollars.
|
NY A.B. 4567
|
Status: Pending
|
Establishes the School District Cyber Crime Prevention Services Program to provide school districts with information on strategies, best practices and programs offering training and assistance in the prevention of cyber crimes in school districts or otherwise affecting school districts, provides further that information on eligibility and applications for financial assistance be made available to school districts.
|
NY A.B. 4581
|
Status: Pending
|
Establishes the misdemeanor of interfering in the election process by electronic means.
|
NY A.B. 4640
|
Status: Pending
|
Requires the Department of Education to provide annual notifications to school districts to combat cyber crime.
|
NY A.B. 4892
|
Status: Pending
|
Creates the crime of cyberterrorism and calculating damages caused by computer tampering, cyberterrorism shall be a class B felony.
|
NY A.B. 6984
|
Status: Pending
|
Establishes civilian cyber security reserve Forces within the New York state militia to be capable of being expanded and trained to educate and protect state, county, and local government entities, critical infrastructure, including election systems, businesses and citizens of the state from cyber attacks, makes related provisions.
|
NY A.B. 7983
|
Status: Pending
|
Relates to computer-related crimes. Creates the crimes of unlawful disruption of computer services in the first and second degree, unlawful computer access assistance in the first and second degree, unauthorized use of internet domain name or profile, and unlawful introduction of a computer contaminant, allows for a civil action for compensatory damages for victims of such crimes.
|
NY S.B. 118
|
Status: Pending
|
Establishes the misdemeanor of interfering in the election process by electronic means.
|
NY S.B. 348
|
Status: Pending
|
Requires the Department of Education to provide annual notifications to school districts to combat cyber crime.
|
NY S.B. 349
|
Status: Pending
|
Establishes the school district cyber crime prevention services program.
|
NY S.B. 2087
|
Status: Pending
|
Amends the Tax Law, relates to a business tax credit for purchase of data breach insurance.
|
NY S.B. 2652
|
Status: Pending
|
Amends the State Technology Law, requires governmental entities to implement multifactor authentication for local and remote network access.
|
NY S.B. 3213
|
Status: Pending
|
Directs that state agencies require that procurement of personal computing goods, services and solutions meet the National Institute of Standards and Technology Cybersecurity Framework.
|
NY S.B. 5186
|
Status: Pending
|
Relates to computer-related crimes, creates the crimes of unlawful disruption of computer services in the first and second degree, unlawful computer access assistance in the first and second degree, unauthorized use of internet domain name or profile, and unlawful introduction of a computer contaminant, allows for a civil action for compensatory damages for victims of such crimes.
|
NY S.B. 5410
|
Status: Pending
|
Elevates all computer tampering offenses by one degree in severity.
|
NY S.B. 6068
|
Status: Pending
|
Establishes a commission to study the European Union's general protection data regulation and the current state of cybersecurity in the state.
|
NY S.B. 6154
|
Status: Pending
|
Creates a Cyber Security Enhancement Fund to be used for the purpose of upgrading cyber security in local governments, including but not limited to, villages, towns and cities with a population of one million or less, restricts the use of taxpayer moneys in paying ransoms in response to ransomware attacks.
|
NY S.B. 6806
|
Status: Pending
|
Prohibits governmental entities, business entities and health care entities from paying a ransom in the event of a cyber incident or a cyber ransom or ransomware attack.
|
NY S.B. 7312
|
Status: Pending
|
Enacts the "Critical Infrastructure Standards and Procedures (CRISP) Act."
|
North Carolina
|
NC H.B. 813
|
Status: Pending
|
Prohibits any state agency, unit of local government, or public authority from paying a ransom in connection with a cybersecurity incident and clarifies the reporting of cybersecurity incidents to the department of information technology.
|
NC S.B. 621
|
Status: Failed - adjourned
|
Appropriates additional funds to support a dedicated North Carolina Defense Cyber Office in the NC Military Business Center.
|
NC S.B. 105
|
Status: Enacted
|
Prohibits state agencies or local government entities from submitting payment or otherwise communicating with an entity that us making a ransomware demand. Makes base budget appropriations for current operations of state agencies, departments, and institutions. (art. 84)
|
North Dakota
|
ND D 198
|
Status: Failed--adjourned
|
Relates to cybersecurity incident reporting requirements.
|
ND H.B. 1064
|
Status: Failed
|
Relates to the powers and duties of the information technology department.
|
ND H.B. 1314
|
Status: Enacted
|
Relates to cybersecurity incident reporting requirements.
|
ND H.B. 1417
|
Status: Enacted
|
Relates to the Powers and duties of the information technology department.
|
ND S.B. 2075
|
Status: Enacted
|
Relates to third party software access to insurance policy information.
|
Ohio
|
OH H.B. 116
|
Status: Pending
|
Enacts the Computer Crimes Act.
|
OH H.B. 230
|
Status: Pending
|
Regards the state's information technology systems and shared services, makes an appropriation. Creates a biannual advisory committee on state information and technology and a cybersecurity and fraud advisory board to examine and make recommendations on the state's information technology systems and services, including cybersecurity.
|
OH H.B. 432
|
Status: Pending
|
Amends section 1347.12, enacts section 125.184 of the Revised Code regarding data breaches on state agency computer systems. Requires the state chief information officer to conduct an examination of each state agency to assess the risk of a breach of the security of the system of that state agency.
|
Oklahoma
|
OK H.B. 1759
|
Status: Enacted
|
Relates to crimes and punishments, relates to the Oklahoma Computer Crimes Act, modifies definition, defines term, expands scope of certain prohibited acts, makes certain acts unlawful, provides construing provision, provides an effective date.
|
Oregon
|
OR S.B. 293
|
Status: Enacted
|
Directs office of State Chief Information Officer to develop recommendations related to elevating consideration of privacy, confidentiality and data security measures in state government enterprise and shared information technology services, and to submit recommendations in report to certain interim committees of Legislative Assembly by specified date.
|
Pennsylvania
|
PA H.B. 40
|
Status: Pending
|
Establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the joint cybersecurity oversight committee, imposes duties on the office of information technology, provides for administration of statewide radio network, imposes penalties.
|
PA S.B. 482
|
Status: Pending
|
Establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee, imposes duties on the Office of Information Technology, provides for administration of Statewide Radio Network, imposes penalties.
|
PA H.B. 1362
|
Status: Pending
|
Provides for Cybersecurity Coordination Board.
|
PA H.B. 1397
|
Status: Pending
|
Amends the Public Utility Confidential Security Information Disclosure Protection Act, provides for procedures for submitting, challenging and protecting confidential security information, for applicability to other law and for prohibition.
|
PA S.B. 597
|
Status: Pending
|
Provides for water and wastewater asset management plans. Relates to the development of cybersecurity system plans.
|
PA S.B. 696
|
Status: Pending
|
Prohibits employees of the Commonwealth from using nonsecured Internet connections, provides for Commonwealth policy and for entities subject to the Health Insurance Portability and Accountability Act.
|
PA S.B. 726
|
Status: Pending
|
Provides for the offense of ransomware, imposes duties on the Office of Administration.
|
Rhode Island
|
RI H.B. 5200
|
Status: Pending
|
Adopts the National Association of Insurance Commissioners Cybersecurity Act which establishes the current cybersecurity standard for insurers doing business in this state.
|
RI H.B. 6042
|
Status: Pending
|
Authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity.
|
RI S.B. 340
|
Status: Pending
|
Establishes that manufacturers of devices capable of connecting to the Internet equip the devices with reasonable security features.
|
RI S.B. 835
|
Status: Pending
|
Authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity.
|
Tennessee
|
TN H.B. 766
|
Status: Enacted
|
Establishes the exclusive standards for data security, licensees' investigations of cybersecurity events, and licensees' notification of cybersecurity events to the commissioner and affected consumers; provides that a licensee is a person, as defined, and does not include a purchasing group or risk retention group chartered and licensed in another state or a person acting as an assuming insurer and domiciled in another state or jurisdiction.
|
TN H.B. 925
|
Status: Enacted
|
Requires the state-level safety team to include cybersecurity policies and procedures in the template safety plan that Local Education Agencies must adopt as part of their comprehensive district-wide and building-level school safety plans.
|
TN S.B. 725
|
Status: Substituted on Senate floor by H 766
|
Establishes the exclusive standards for data security, licensees' investigations of cybersecurity events, and licensees' notification of cybersecurity events to the commissioner and affected consumers; provides that a licensee is a person, as defined, and does not include a purchasing group or risk retention group chartered and licensed in another state or a person acting as an assuming insurer and domiciled in another state or jurisdiction.
|
TN S.B. 1211
|
Status: Enacted
|
Clarifies that wireless communication includes text messages sent and received on smart devices for purposes of the Anti-Phishing Act.
|
TN S.B. 1425
|
Status: Failed - adjourned
|
Requires the state-level safety team to include cybersecurity policies and procedures in the template safety plan that Local Education Agencies must adopt as part of their comprehensive district-wide and building-level school safety plans.
|
Texas
|
TX H.B. 2
|
Status: Enacted
|
Relates to making supplemental appropriations and reductions in appropriations and giving direction and adjustment authority regarding appropriations.
|
TX H.B. 244
|
Status: Failed -adjourned
|
Relates to the establishment of a grant program for promoting computer science certification and professional development in coding, technology applications, and computer science for public school teachers.
|
TX H.B. 307
|
Status: Failed
|
(Special session 1) Relates to state agency and local government security incident procedures.
|
TX H.B. 1118
|
Status: Enacted
|
Relates to state agency and local government compliance with cybersecurity training requirements.
|
TX H.B. 1180
|
Status: Failed--adjourned
|
Relates to the creation of the Fiscal Risk Management Commission.
|
TX H.B. 2065
|
Status: Failed--adjourned
|
Relates to the composition of the cybersecurity council.
|
TX H.B. 2066
|
Status: Failed--adjourned
|
Relates to emergency management for cybersecurity events threatening this state.
|
TX H.B. 2160
|
Status: Failed--adjourned
|
Relates to requiring the Department of Information Resources to conduct a study concerning the cybersecurity of small businesses.
|
TX H.B. 3298
|
Status: Failed--adjourned
|
Relates to computer science and technology applications in public schools, including the essential knowledge and skills of the technology applications curriculum, the establishment of a computer science strategic advisory committee, and the establishment of a computer science and technology applications professional development grant program for public school teachers.
|
TX H.B. 3390
|
Status: Enacted
|
Relates to the purchase of cybersecurity insurance coverage by the State Department of Transportation.
|
TX H.B. 3743
|
Status: Failed--adjourned
|
Relates to cybersecurity and privacy regarding distance learning in public schools and prohibiting ransomware payments by certain governmental entities.
|
TX H.B. 3791
|
Status: Failed--adjourned
|
Relates to the Powers and duties of the State Electric Grid Security and Emergency Preparedness Advisory Council.
|
TX H.B. 3792
|
Status: Failed--adjourned
|
Relates to protecting the population of the state, its environment, and its most vulnerable communities, promoting the resilience of the electric grid and certain municipalities.
|
TX H.B. 3892
|
Status: Failed--adjourned
|
Relates to matters concerning governmental entities, including cybersecurity, governmental efficiencies, information resources, and emergency planning.
|
TX H.B. 4018
|
Status: Enacted
|
relates to legislative oversight and funding of improvement and modernization projects for state agency information resource
|
TX H.B. 4071
|
Status: Failed--adjourned
|
Relates to the requirements for the purchase of endpoint devices by a state agency.
|
TX H.B. 4196
|
Status: Failed--adjourned
|
Relates to the development by the Public Utility Commission of the state of physical security and cybersecurity practices for certain utilities.
|
TX H.B. 4256
|
Status: Failed--adjourned
|
Relates to the duties and oversight of the Department of Public Safety's office of inspector general regarding the use of cyber technology and activity.
|
TX H.B. 4395
|
Status: Failed--adjourned
|
Relates to state and local governments requirements to report security incidents to the Department of Information Resources.
|
TX H.B. 4397
|
Status: Failed--adjourned
|
Relates to a cybersecurity monitor for certain electric utilities.
|
TX S.B. 345
|
Status: Failed--adjourned
|
Relates to state agency and local government compliance with cybersecurity training requirements.
|
TX S.B. 475
|
Status: Enacted
|
Relates to state agency and local government information security, including establishment of the state risk and authorization management program and the State volunteer incident response team, authorizes fees.
|
TX S.B. 851
|
Status: Enacted
|
Relates to the composition of the cybersecurity council.
|
TX S.B. 1367
|
Status: Enacted
|
Relates to the regulation of commercial property and casualty insurance and insurance for certain large risks.
|
TX S.B. 1606
|
Status: Failed--adjourned
|
Relates to protecting the population of the state, its environment, and its most vulnerable communities, promoting the resilience of the electric grid and certain municipalities.
|
TX S.B. 1696
|
Status: Enacted
|
Relates to establishing a system for the sharing of information regarding cyber attacks or other cybersecurity incidents occurring in schools in this state.
|
TX S.B. 1908
|
Status: Failed--adjourned
|
Relates to the purchase of cybersecurity insurance coverage by the State Department of Transportation.
|
TX S.B. 2116
|
Status: Enacted
|
Relates to prohibiting contracts or other agreements with certain foreign-owned companies in connection with critical infrastructure in this state.
|
TX S.B. 2134
|
Status: Failed--adjourned
|
Relates to certain standardization in cybersecurity degree programs offered by public institutions of higher education.
|
TX S.B. 2135
|
Status: Failed--adjourned
|
Relates to pathways to assist students in transitioning from high school to postsecondary education in cybersecurity.
|
TX S.B. 2231
|
Status: Failed--adjourned
|
Relates to the resilience of the electric grid and certain municipalities.
|
TX H.B. 145
|
Status: Failed--adjourned
|
(Special session 1) Relates to emergency management for cybersecurity events threatening this state.
|
TX H.B. 307
|
Status: Failed--adjourned
|
(Special session 1) Relates to state agency and local government security incident procedures.
|
TX S.B. 28
|
Status: Failed--adjourned
|
(Special session 1) Relates to the resilience of the electric grid and certain municipalities.
|
TX H.B. 202
|
Status: Failed--adjourned
|
(Special session 2) Relates to emergency management for cybersecurity events threatening this state.
|
TX S.B. 1
|
Status: Enacted
|
(Special session 2) Relates to election integrity and security, including by preventing fraud in the conduct of elections in this state, increases criminal penalties, creates criminal offenses, provides civil penalties.
|
TX S.B. 28
|
Status: Failed--adjourned
|
(Special session 2) Relates to the resilience of the electric grid and certain municipalities.
|
Utah
|
UT H.B. 80
|
Status: Enacted
|
Creates affirmative defenses to certain causes of action arising out of a breach of system security.
|
Vermont
|
VA H.B. 30
|
Status: Enacted
|
Relates to the Budget Bill, provides for all appropriations of the Budget submitted by the Governor, provides a portion of revenues for upcoming biennium.
|
VA H.B. 322
|
Status: Failed - adjourned
|
Relates to Virginia Information Technologies Agency, relates to Cybersecurity Advisory Council created, relates to report, creates the Cybersecurity Advisory Council to assist the Chief Information Officer (CIO) of the Virginia Information Technologies Agency with the development of policies, standards, and guidelines for assessing security risks, determining appropriate security measures, and performing security audits of government electronic information, provides that make recommendations to the CIO.
|
VA H.B. 524
|
Status: Failed
|
Relates to the register of volunteer cybersecurity and information technology professionals, directs the Secretary of Administration to establish a register of cybersecurity and information technology professionals interested in volunteering to assist localities and school divisions, in collaborating on workforce development, and in providing mentorship opportunities.
|
VA H.B. 852
|
Status: Enacted
|
Relates to the Information Technologies Agency, requires the Chief Information Officer of the Information Technologies Agency to develop and annually update a curriculum and materials for training all state employees in information security awareness and in proper procedures for detecting, assessing, reporting, and addressing information security threats.
|
VA H.B. 957
|
Status: Failed
|
Relates to Virginia Cyber Initiative Act, directs the Virginia Information Technologies Agency to work with public and private institutions of higher education, state agencies, and businesses in the Commonwealth to develop a cyber alliance, to be known as the Virginia Cyber Initiative, to reduce cyber risks and encourage economic development in the cybersecurity field.
|
VA H.B. 1082
|
Status: Enacted
|
Amends the Emergency Services and Disaster Law, defines cyber incident for purposes of the Law as an event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, and physical or virtual infrastructure controlled by computers or information systems., makes technical corrections.
|
VA H.B. 1334
|
Status: Enacted
|
Establishes standards for insurance data security, for the investigation of a cybersecurity event, and for the notification to the Commissioner of Insurance and affected consumers of a cybersecurity event, requires insurers to develop, implement, and maintain a comprehensive written information security program based on an assessment of its risk that contains administrative, technical, and physical safeguards.
|
VA H.B. 1800
|
Status: Enacted
|
Relates to Budget Bill, amends the 2020 Special Session I Acts of Assembly. Includes funds to implement a training curriculum for state employees on best practices for cyber security.
|
VA HJR 23
|
Status: Failed
|
Relates to study, relates to Department of Elections, relates to use of blockchain technology to protect voter records and election results, relates to report, requests the Department of Elections to conduct a study to determine the kinds of blockchain technology that could be used to secure voter records and election results, determine the costs and benefits of using such technology as compared to traditional registration and election security measures, and make recommendations.
|
VA HJR 64
|
Status: Adopted
|
Requests the Information Technologies Agency to study the Commonwealth's susceptibility, preparedness, and ability to respond to ransomware attacks, provides that in conducting its study, the Agency shall assess the Commonwealth's susceptibility to ransomware attacks at the state and local levels of government.
|
VA S.B. 378
|
Status: Enacted
|
Relates to computer trespass, relates to penalty, expands the crime of computer trespass to provide that the prohibited actions that constitute computer trespass are criminalized if done through intentionally deceptive means and without authority, specifies that a computer hardware or software provider, an interactive computer service, or a telecommunications or cable operator does not have to provide notice of its activities to a computer user that a reasonable computer user should expect may occur.
|
VA S.B. 641
|
Status: Failed - adjourned
|
Relates to civil action, relates to sale of personal data, requires a person that disseminates, obtains, maintains, or collects personal data about a consumer for a fee to implement security practices to protect the confidentiality of a consumer's personal data, obtain express consent of a parent of a minor before selling the personal data of such minor, provide access to consumers to their own personal data that is held by the entity, and refrain from maintaining or selling data.
|
VA S.B. 1003
|
Status: Enacted
|
Relates to computer crimes, provides that any person, who, without the intent to receive any direct or indirect benefit, maliciously sends an electronically transmitted communication containing a false representation intended to cause another person to spend money, and such false representation causes such person to spend money, is guilty of a Class 1 misdemeanor.
|
VT H.B. 274
|
Status: Failed - adjourned
|
Relates to consumer protection and collection of consumer information.
|
VT H.B. 304
|
Status: Failed - adjourned
|
Relates to creating the crime of extortion by introducing ransomware.
|
VT H.B. 431
|
Status: Enacted
|
Relates to miscellaneous energy subjects. Provides that records relating to a regulated utility's cybersecurity program, assessments, and plans, including all reports, summaries, compilations, analyses, notes, or other cybersecurity information are not public records.
|
VT H.B. 439
|
Status: Enacted
|
Makes appropriations in support of government for the fiscal year. Provides that the Secretary shall prepare and submit a strategic plan for information technology and cybersecurity, concurrent with the Governor's annual budget request required under 32 V.S.A. Section 306. Provides funding to the Agency of Digital Services cybersecurity - core infrastructure replacement and router replacements for public safety connections to the municipalities.
|
Washington
|
WA H.B. 1068
|
Status: Enacted
|
Exempts election security information from public records disclosure.
|
WA H.B. 1190
|
Status: Failed - adjourned
|
Fosters economic growth in Washington by supporting emerging businesses in the new space economy.
|
WA S.B. 5092
|
Status: Enacted
|
Makes 2021-2023 fiscal biennium operating appropriations.
|
WA S.B. 5432
|
Status: Enacted
|
Concerns cybersecurity and data sharing in Washington state government.
|
Wisconsin
|
WI A.B. 147
|
Status: Failed
|
Imposes requirements related to insurance data cybersecurity, grants rule making authority.
|
WI S.B. 160
|
Status: Enacted
|
Imposes requirements related to insurance data cybersecurity, grants rule making authority.
|
West Virginia
|
WV H.B. 2763
|
Status: Enacted
|
Creates cyber incident reporting.
|
WV H.B. 2925
|
Status: Failed - adjourned
|
Relates to data disposal protection.
|
Wyoming
|
WY S.B. 132
|
Status: Failed
|
Relates to the legislature, requires the joint corporations, elections and political subdivisions interim committee to study emergency preparedness and energy distribution in the event of a disruption of federal government operations, requires a report, provides for an effective date.
|
Puerto Rico
|
PR HR 468
|
Status: Pending
|
Orders the House Committee on Finance and Budget to carry out an investigation into the cyber attack caused by ransomware in 2017, causing a state of emergency in the Department of the Treasury.
|
PR S.B. 118
|
Status: Pending
|
Amends Law 20 of 2017, the Law of the Department of Security, in order to add functions and powers to the Office of Security Information Management, which are essential to really achieve the implementation of the system interoperability of communications and that it has a proper and accurate operation.
|