Proposed legislation of interest so far this session includes bills dealing with procurement, digital equity, privacy and cybersecurity, all of which are now under consideration. Here’s some of what Gov. Gavin Newsom could be signing into law this fall – assuming, of course, these bills survive scrutiny from both legislative houses and a gubernatorial veto:
- State Assembly Bill 1806, introduced Monday by Assemblymember Rudy Salas, D-Bakersfield, would take aim at monolithic IT projects and procurement, declaring “that large-scale information technology acquisitions are best realized using modular contracting.” That is, provided several factors are met including leveraging “increments across the organization”; the use of integrated project teams; collaboration between IT project manager and contracting officer teams; early setting of cost, schedule, performance and outcome targets; and proper governance. The bill would require the California Department of Technology (CDT) to maximize the use of modular contracting – defined as “a contractual approach that provides for incremental delivery, implementation and testing of an information technology acquisition by dividing it into discrete increments.” And it would require CDT to “simplify management of large-scale information technology acquisition” by breaking it into smaller increments; address complicated IT objectives incrementally to boost the likelihood of standing up “workable solutions”; and provide for delivery, implementation and testing of systems in “discrete,” independent solutions. The department would also have to award contracts for increments of an IT acquisition via modular contracting within 180 days of issuing a solicitation, and deliver an increment of an IT “acquisition” within 18 months of a solicitation. A CDT representative said the department does not comment on proposed legislation.
- State Senate Bill 876, from state Sen. Josh Becker, D-San Mateo, would create the Digital Education Equity Program (DEEP), to be run by the California Department of Education (CDE). It would require the program to provide “technical assistance and teacher professional development to school districts, county offices of education, and charter schools on the implementation of educational technology.” It would also require the department guide county offices of education on addressing local learning needs via technology. The bill would require DEEP to provide guidelines and funding to all county offices of education to more effectively address locally determined educational needs with the use of technology. It would require CDE to create an Office of Educational Technology and Digital Equity to assist in administering DEEP and to prepare a “comprehensive State Digital Equity Plan” documenting needs and priorities around access to and use of technology in schools. And it would authorize CDE to provide grants of up to three years to county offices of education to administer services. The bill has been sent to the state Senate Committee on Education.
- AB 1711, from Assemblymember Kelly Seyarto, R-Murrieta, would require an agency that “owns or licenses” data with residents’ personal information (PI) to reveal any security breach after notifying residents whose PI, encrypted or not, may have been “acquired” by someone unauthorized. Agencies that maintain data with PI they don’t own must also notify owners or licensees of that information, of any security breaches if the PI may have been “acquired” by someone unauthorized. The bill has been referred to the Assembly Committee on Privacy and Consumer Protection for review.
- SB 892, introduced Jan. 31 by Sen. Melissa Hurtado, D-Sanger, would require “companies and cooperatives” in food and ag to do more to make themselves secure from cyber attacks – and would empower the state to make sure this happens. Specifically, it would require the California Governor’s Office of Emergency Services (Cal OES) to “develop, propose and adopt reporting requirements applicable to companies and cooperatives in the food and agriculture industry if they identify a significant and verified cyber threat or active cyber attack.” It would also require “a water and wastewater systems sector entity serving more than 3,300 people” to report its federally mandated risk assessments and emergency response plan to the California Cybersecurity Integration Center (Cal-CSIC), the California Department of Water Resources and the State Water Resources Control Board. Cal-CSIC would have to report to the Legislature by Jan. 1, 2024, “a strategic, multiyear outreach plan for state agencies to increase awareness and interest in cybersecurity in the food and agriculture sector and the water and wastewater sector.” Cal-CSIC would also have to evaluate and report on the options to offer those entities “grants or alternative forms of funding to improve cybersecurity preparedness” – and possible avenues to incentivize cybersecurity preparedness that don’t require funding.