IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Back from Recess, Legislators to Weigh IT Bills

California lawmakers, newly returned from their summer recess, will consider several bills this week with ramifications for state technology and cybersecurity.

California Capitol Building
This story is limited to Industry Insider — California members.
This story is limited to Industry Insider — California members. Login below to read this story or learn about membership.
Many proposed laws with potential significance to IT vendors may ultimately fail to clear the statehouse this session — and starting Monday, lawmakers will begin again the process of deciding which stay and which go.

That’s because Aug. 1 is the date Assembly members and state senators return to the Legislature from their summer recess, which began July 2. So-called fiscal committees in both houses, where many of these bills currently reside, will have through Aug. 12 to “report” bills out for consideration by lawmakers en masse on the floor. Among the bills:

  • State Senate Bill 717, from state Sen. Bill Dodd, D-Napa, would compel the California Department of Technology (CDT) — already responsible for the approval and oversight of state IT projects — to do more oversight on broadband. Specifically, it would mandate that by Jan. 1, 2024, CDT must review and identify to legislative committees “barriers to, and opportunities for, investment in, and efficient building of, broadband access points on private and government-owned structures and property, private and public lands and buildings, and public rights of way.” CDT would also have to review barriers and opportunities around “access to mobile and fixed broadband Internet service infrastructure by low-income tribal, urban, and rural customers and underserved communities,” and give recommendations on accelerating broadband deployment to those same communities. It will be considered Wednesday by the state Assembly Committee on Appropriations.
  • SB 892, from Sen. Melissa Hurtado, D-Sanger, would take aim at cybersecurity preparedness in the food, agriculture, water and wastewater systems sectors. It would require the California Governor’s Office of Emergency Services (Cal OES) to “develop, propose and adopt optional reporting requirements” for food and ag industry companies and cooperatives, and “entities in the water and wastewater systems” for when a “significant and verified cyber threat or active cyber attack” is identified. The bill would also require Cal OES to deliver a “strategic, multiyear outreach plan” on helping these sectors boost cybersecurity; and it would “prohibit disclosure as a public record” of a report of cyber attack or threat submitted pursuant to those reporting requirements. It, too, is due to be heard Wednesday by Assembly Appropriations.
  • AB 1711, from Assemblymember Kelly Seyarto, R-Murrieta, would require an agency, person or business that “owns or licenses” data with residents’ personal information (PI) to reveal a security breach after notifying residents; and it would require the agency to post a notice on its website whenever a person or business that runs a system on behalf of it issues such a security breach notification. The bill has cleared committee and is due for a third reading; however, it’s unclear when that will take place.
  • AB 2190, from Assemblymember Jacqui Irwin, D-Thousand Oaks, would require the chief of CDT’s Office of Information Security (OIS) to deliver an annual “statewide information security status report” to the Assembly Committee on Privacy and Consumer Protection and to the the Senate Governmental Organization Committee, with the inaugural installment due by January. The report and any information and records with it would be deemed confidential, and the information and records would be prohibited from disclosure. It will be considered Monday by the state Senate Committee on Appropriations.
  • AB 2135, also from Irwin, who is co-chair of the California Legislative Technology and Innovation Caucus, would require state agencies whose information security is not handled by OIS to adopt and implement Federal Information Processing Standards and National Institute of Standards and Technology standards around information security and privacy. Those agencies would also be required to contract with the California Military Department or a “qualified responsible vendor” every two years for a “comprehensive, independent security assessment.” The agencies would also be required to certify yearly by Feb. 1 to the state Senate president and the Assembly speaker that they comply with the adopted standards. The bill is also due to be considered Monday by Senate Appropriations.
Theo Douglas is Assistant Managing Editor of Industry Insider — California.