Friday was the last day for policy committees in the state Senate and Assembly to meet and report out bills. Elected officials are now in the midst of a monthlong recess and will return to the statehouse Aug. 14. Here are a few of the proposed IT bills awaiting them:
- Assembly Bill 749, from Assemblymember Jacqui Irwin, D-Thousand Oaks, would require state agencies by Jan. 1, 2025, to take action on data, hardware, software, internal systems and essential third-party software, including requiring multifactor authentication for access to all systems and data owned, managed, maintained or utilized by or on behalf of the agency. The agencies would also have to implement a “zero trust architecture ... and prioritize” using solutions that either comply with, are authorized by, or align to “federal guidelines, programs and frameworks.” The chief of the Office of Information Security at the California Department of Technology would have until Jan. 1, 2024, to “develop uniform technology policies, standards and procedures” to be used by all state agencies around “zero trust architecture, including multifactor authentication” on all systems in the State Administrative and Statewide Information Management manuals. Lawmakers on July 11 referred the bill to the Senate Appropriations Committee, which has a meeting set for Aug. 14 though an agenda has not yet been released.
- State Senate Bill 265, from Sen. Melissa Hurtado, D-Sanger, builds on existing law that created the California Governor’s Office of Emergency Services (Cal OES) and which required it to stand up the California Cybersecurity Integration Center (Cal-CSIC). The two entities already have until Jan. 1, 2024, to submit a “strategic, multiyear outreach plan to assist the food and agriculture sector and wastewater sector” in improving cybersecurity to the Legislature. SB 265 directs the two entities to create and submit to the Legislature by Jan. 1, 2025, a similar plan to help “critical infrastructure sectors” in boosting cybersecurity and securing funding to improve cybersecurity preparedness. Critical infrastructure sectors, per federal definitions, could include communications, IT, transportation and emergency services sectors, among many others. Lawmakers on July 11 referred the bill to Assembly Appropriations; no hearing date has been set.
- AB 569, from Assemblymember Eduardo Garcia, D-Coachella, builds on existing law, which created the Cybersecurity Regional Alliances and Multistakeholder Partnerships Pilot Program to close the cybersecurity workforce gap via regional pipeline programs in the California State University system. (AB 183, a higher education trailer bill, established the program last June.) The programs are already required to set goals and metrics and report, and the California State University chancellor already reports yearly on each campus pilot. But lawmakers want to gain a more global understanding of the program’s performance. AB 569 requires the chancellor’s office to report to the Legislature by July 1, 2028, on the pilot, with enrollment data, recommendations on improving the pilot and on improving veteran participation. On Thursday, lawmakers sent the bill to the Assembly Office of Engrossing and Enrolling where bills are, generally, edited and prepared for printing.
- AB 39, the Digital Financial Assets Law, from Assemblymember Timothy S. Grayson, D-Concord, prohibits people from taking part in business activity involving digital financial assets after Jan. 1, 2025, unless they are licensed with the Department of Financial Protection and Innovation (DFPI). Certain entities would be exempt, and commissioners would be able to exempt others if it’s in the public interest. DFPI would be able to do examinations of licensees and require them to keep records of all activity for five years including monthly ledgers listing assets, liabilities and the like. DFPI would also do enforcement against unlicensed entities or people engaged in business around digital financial assets, with the potential for civil penalties. People covered under the act’s provisions would have to disclose things including fees and charges to residents before engaging in business with them; and those licensed under the act would have to have policies and procedures in place around operational security and information security. And the bill would define a “digital financial asset” as a “digital representation of value that is used as a medium of exchange, unit of account, or store of value, and that is not legal tender, whether or not denominated in legal tender.” On Thursday, lawmakers sent the bill to Senate Appropriations.
