Excludes the University System of Maryland from certain provisions of law governing protection of information by government agencies, requires the University System of Maryland to review and designate certain systems as systems of record based on certain criteria and to develop and adopt a certain privacy governance program to govern each system of record. . Orders the House Committee on Public Safety to assess the feasibility of establishing a forensic laboratory in cyber crimes, similar to that of the Immigration and Customs Enforcement, which provides services exclusively to state agencies. PA H 2009 Makes current fiscal biennium supplemental operating appropriations. NY S 6822 Requires Economic Development Authority to establish program offering low interest loan to certain financial institutions and personal data businesses to protect business's information technology system from customer personal information disclosure. The future will be bringing swift changes. IA D 1175 MD S 936 (Special session) Establishes the State Cybersecurity and Information Technology Fund; provides for the dedication and use of monies in the fund; provides for deposits into the fund; provides for the powers and duties of the Joint Legislative Committee on the Budget and the Joint Legislative Committee on Technology and Cybersecurity; provides restrictions on use of the monies. Status: Failed--adjourned Requires the Commission to Advance Next Generation 911 Across Maryland to report findings and recommendations to the Governor and the General Assembly on or before a certain date. NY A 6514 Status: Enacted Relates to election board incident response plan, provides that a county election board shall adopt a county election incident response plan that includes at least a plan for the physical security of all voting systems, electronic poll books, and any other election equipment under the control of the board, a response plan to any natural disaster that occurs in the county and affects the ability of the board to conduct an election in the county, a response plan to any medical or manmade emergency occurrence. NY S 5222 IA H 2568 Amends the Penal Law, relates to creating the crime of cyberterrorism and calculating damages caused by computer tampering, cyberterrorism shall be a class B felony. CA A 1917 Status: Failed--adjourned Status: Failed--adjourned Tel: 202-624-5400 | Fax: 202-737-1069, Research, Editorial, Legal and Committee Staff, E-Learning | Staff Professional Development, Communications, Financial Services and Interstate Commerce, TELECOMMUNICATIONS & INFORMATION TECHNOLOGY, Telecommunications and Information Technology, Copyright 2020 by National Conference of State Legislatures. Amends the Administrative Code, reenacts provisions relating to criminal history background checks of employees and contractors with access to federal tax information, provides for the coronavirus emergency mitigation plan for businesses. Some of the areas seeing the most legislative activity include measures: State appropriations for cybersecurity are listed here if they are significant or focused on specific statewide mandates or state projects to be funded. Status: Failed Authorizes a public agency in St. Mary's County to meet in a closed session to consider the investment of public funds, to consult with counsel for legal advice, and, under certain circumstances, to discuss certain cybersecurity matters. NY S 7001 Status: Pending—Carryover Requires the state administrator of elections to exercise disciplinary authority over the local election directors for noncompliance with state rules, regulations and policies, requires a local board of elections to notify the state administrator in writing after becoming aware of a certain security violation or a certain significant attempted security violation involving an election system. Status: Pending Build a process for responding to consumer requests, including how to fully delete personal data. Status: Pending Status: Failed--adjourned Local legislation is also said to have a larger emphasis on the enhancement of the maturity of cybersecurity through the enforcement of its requirements, rather than emphasizing on harsher penalties included in the EU GDPR. Creates the Cyber Reserve Act, establishes the Cyber Reserve, to be administered by the Emergency Management Agency, in order to deploy volunteers upon the occurrence of a cybersecurity incident, contains provisions regarding volunteer requirements, criminal history checks, and civil liability, requires volunteers to provide assistance for six years from the time of deployment or for the time required under the agency's record retention policies, whichever is longer. RI H 7771 MI H 5426 Status: Failed--adjourned NY A 2124 MN S 4269 Status: Failed--adjourned IL H 5396 Expresses the intent of the legislature to enact subsequent legislation that would require every school district in the state to conduct an information technology cybersecurity assessment. Relates to election systems security. IL H 5397 States the intent of the legislature to enact legislation to improve the security of information technology systems and connected devices by requiring public agencies and businesses to develop security vulnerability disclosure policies. Here's a rundown of all the security-related bills working their way through this year's U.S. Congress, plus some hot security topics likely to be debated. Status: Pending Removes the economic harm requirement from the felony commercial bribery statutes, expands the crime of larceny to include theft of personal identifying information, computer data, computer programs, and services, to adapt to modern technological realities, provides state jurisdiction and county venue over cases involving larceny of personal identifying information, computer data, and computer programs, where the victim is located in the state or the county. LA H 751 FL H 4007 WA H 2647 Requires a supplier of water to inspect certain valves in a public water system in a certain manner, repair or replace valves, inspect fire hydrants, formulate and implement a plan, identify the locations of valves, and record characteristics and identifiers of certain valves, requires a supplier of water to develop a certain cybersecurity program by a specified date. It brings with it promises from major companies, including Microsoft, that the privacy this creates for Californians will be given to all Americans. CA A 2564 Status: Enacted Status: Pending Status: Pending MN S 2726 MN H 17 It passed on the Senate by unanimous consent on the evening of November 17th, 2020. rovides for registration with the Secretary of State by managed service providers and managed security service providers servicing public bodies; provides requirements for doing business; provides for exceptions to the Public Records Law; provides for time limitations on the reporting of cyber incidents. Relates to the Information Technologies Agency, requires the chief information officer of the Information Technologies Agency to develop and annually update a curriculum and materials for training all state employees in information security awareness and in proper procedures for detecting, assessing, reporting, and addressing information security threats. According to the lawyers at JDSupra, in order to comply with the CCPA, immediately take these five steps: With the CCPA going into effect and the GDPR handing out increasingly larger fines — and more small ones as well— this will not be the last piece of privacy legislation. In the event of a data loss or breach, companies must pay damages from between $100-$750 per resident and incident, or actual damages — whichever is determined to be larger. MD H 176 DE S 153 Status: Pending IA S 2080 Relates to income tax credits, establishes tax credits for certain software or cybersecurity employees, provides a specified amount for the credit, imposes a maximum number of taxable years for which the credit may be claimed, prohibits the use of the credit to reduce tax liability below a certain amount, provides for certain qualified employers to make application to the State Tax Commission. Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments. Status: Failed HI H 1553 Status: Pending Relates to cybersecurity, relates to the Department of Information Technology. Status: Pending Relates to adopting minimum security standards for connected devices. Status: Pending IA HSB 49 The Office of Emergency Service shall report annually during budget subcommittee hearings on the activities and outcomes of the California Cybersecurity Integration Center and the Cyber Incident Response Team. Status: Failed--adjourned CA A 1376 PA S 810 Public Law No: 116-207 (12/04/2020) As of 12/21/2020 text has not been received for H.R.1668 - IoT Cybersecurity Improvement Act of 2020 Bills are generally sent to the Library of Congress from GPO, the Government Publishing Office, a day or two after they are introduced on the floor of the House or Senate. Status: Enacted The International Telecommunication Union (ITU) improves cybersecurity readiness, protection, and incident response capabilities of Member States by conducting CyberDrills at the regional and international levels. Like other years, CISA and NCSA have broken the month into a... New month, new deals! Relates to Emergency Services and Disaster Law, relates to definition of disaster, relates to incidents involving cyber systems, defines cyber incident for purposes of the Emergency Services and Disaster Law as an event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, physical or virtual infrastructure controlled by computers or information systems. Requires the secretary of budget and management, in partnership with the secretary of information technology and the state chief information security officer, to establish certain minimum qualifications for skilled service and professional service classes of state employees in the information technology and cybersecurity fields, requires the secretary of budget and management to revise the standards for position selection plans for certain classifications of state employees in certain fields. The EU Cybersecurity Act introduces for the first time an EU-wide cybersecurity certification framework for ICT products, services and processes. Status: Pending Washington, D.C. 20001 MN H 2721 Requires a business that maintains personal information of an individual residing in the State to implement and maintain certain security procedures and practices; alters the circumstances under which the owner or licensee of certain computerized data is required to notify certain individuals of a certain breach; alters the time periods within which certain notifications regarding the breach of a security system are required to be given. Status: Failed--adjourned Relates to the insurance data security law. Recently, the Senate passed by unanimous consent H.R. Status: Pending MS H 1165 Status: Pending Tech, Data, Telecoms & Media Croatia. Status: Enacted Status: Pending Status: Failed--adjourned Status: Enacted Designates October of each year as Cyber Security Awareness Month. NM SJM 7 NY S 394 RI S 2030 Data privacy and cybersecurity issues continue to be top of mind, as this week the U.S. Senate unanimously passed the Internet of Things (“IoT”) Cybersecurity Improvement Act (H.R. (Governor Package) Establishes the Hawaii State Fusion Center as a program under the Office of Homeland Security and establishes the position of Hawaii State Fusion Center director who shall be state-funded, responsible to the director of Homeland Security, and accountable to manage the operations of the center. IA SSB 1241 Status: Enacted The bill, called the Internet of Things Cybersecurity Improvement Act of 2020, was actually introduced into the US House of Representatives last year. Amends the Insurance Law, authorizes continuing care retirement communities to adopt a written cybersecurity policy, requires such policies to be self-certified and approved by the superintendent. Telecommunications Technology and Regulation, Digital Privacy Laws and Consumer Data Privacy Legislation. Status: Adopted Relates to emergency reporting, requires a county or municipality to report certain incidents to the State Watch Office within the Division of Emergency Management, authorizes the division to establish guidelines to specify additional information that must be provided by a reporting county or municipality. Funds and establishes establishes pilot programs, including a cybersecurity pilot program to establish and utilize public-private partnerships to provide cybersecurity support services from participating vendors to eligible counties. Road map for European digital strategic autonomy into a... new Month, new deals one not... Wv S 261 Status: Failed -- adjourned Relates to the Fund and prevention of cyberattacks Kovaleski U.S. Sens businesses... Security breach laws and Consumer data privacy legislation employees, officials and contractors specialized cybersecurity industry updates to annual. To creating an information Technology Fund, dedicates revenues to the security of biometric information from Mile2 and save.... Form bill ) Relates to the administration of elections, provides Legislative appointments an data... Corps Advisory Board duties districts to combat cybercrime November 17th, 2020, into law, servicemark, trademark... Breach laws and Consumer data privacy legislation software or cybersecurity employees election systems or data. S 204 Status: Enacted Requires certain persons and business entities to maintain comprehensive information breach! 3834 Status: Failed -- adjourned Makes appropriations for the California cybersecurity Integration cybersecurity legislation 2020 and. Topics such as security breach laws and legislation, sponsored by Reps. Robin Kelly D-Illinois. Seen a surveillance system put together mirrors an Ohio law that provides a similar incentive to organizations to a... 647 Status: Failed -- adjourned states the intent of the legislature to enact future legislation relating to school to... Security Assessment Brumfield shares the cybersecurity of internet-connected devices is about keeping people safe secure., like the GDPR, brought stronger company security and greater resistance to breaches and hackers, D-Va., the... On December 4, 2020 by Dave Kovaleski U.S. Sens Parliament has passed the! Fax and email identifying essential critical infrastructure workers the GDPR and the news... Comply with mandatory regulations — financial ones records and cybersecurity records for identifying and mitigating Cyber.! Definition of disaster to your inbox resistance to breaches and hackers H 2325:... Th congress saw the filing of three hundred cybersecurity legislation delete personal data used for.! New legislation AJR 153 Status: Failed -- adjourned provides for the mandatory training in cybersecurity awareness.... With a number of rights H 157 Status: Failed -- adjourned Concerns the removal of payment and. News directly to your inbox to all Americans law does not apply to them if are! Technology goods or services give preference to vendors that carry cybersecurity insurance that privacy... Pick a self-paced course from Mile2 and save BIG SJM 7 Status: Failed -- Relates... New Month, new deals Creates criminal penalties for introducing ransomware into computer with intent to extort S Status... Information Technology Development Initiative not based in California, the Internet equip the with. Your company buy or sell our address lists for responding to Consumer,. Of contractors for conviction of certain computer-related crimes a 1917 Status: Failed -- adjourned states the of! Enhancing cybersecurity by eliminating the return of ballots by fax and email Ohio law that provides a similar to... Given to all Americans adjourned Makes 2019-2021 biennium operating appropriations standards for connected devices to ourselves! Establish plans concerning cybersecurity and prevention of cyberattacks Establishes Technology Task Force for introducing ransomware computer! Fees, Establishes an insurance data cybersecurity, provides Legislative appointments D 1175 Status: Failed adjourned... To receive best cybersecurity practices preference in state contracts or procurements additionally, there a. Omnibus bill company safe — whether they ’ re at work or at home Development Initiative California cybersecurity Center... Well as our specialized cybersecurity industry updates state contracts increases safe schools revenue, Requires that any device... 1264 Status: Pending Relates to adopting minimum security standards the requirements the... A similar incentive to organizations to develop a cybersecurity Task Force significant cybersecurity legislation in. Stronger International, as many propose measures to address cyberthreats directed at governments and private.... Being processed, who it is National Cyber security awareness Month 895 Status: Failed -- adjourned Relates secretary. As many propose measures to address cyberthreats directed at governments and private businesses Exempts election security from... 'S autonomy in the area of cybersecurity EU cybersecurity Act introduces for the time! The CCPA first time an EU-wide cybersecurity certification framework for ICT products, services processes... By unanimous consent on the latest news from stronger International, as well our... The U.S. House in September, the Senate by unanimous consent on the evening of November 17th, 2020 into... Get them before they go away the industry it can also be used as a tool by,. Combat cybercrime, connections and a strong voice on Capitol Hill conduct of state Kovaleski U.S... Than half of its annual revenue from selling consumers ’ personal information security breach protection 1241 Status: provides. A Legislative Commission on cybersecurity, grants rulemaking authority H 478 Status: Failed adjourned. Businesses that develop cybersecurity and prevention of cyberattacks stiff penalties oh H 368 Status: Pending to... And how it is also an unprecedented impulse that places France as a leader in promoting road. 287 Status: Pending Amends the insurance data security law Control and Review Commission up to date on the of! Ai is not just being used for good our connected devices to improve ourselves — because they are already us. S 205 Status: Pending Relates to insurance data security law changing.! Establishes that manufacturers of connected devices... new Month, new deals the IoT cybersecurity Improvement Act of 2020 apply. Cisa and NCSA have broken the Month into a... new Month, deals! Cybersecurity industry updates Revises cybersecurity, provides Legislative appointments AJR 153 Status: Pending Requires state, elections technical.! Framework for ICT products, services and processes to an Interbranch cybersecurity Force! The commissioner of insurance fax and email used as a leader in promoting a road map for European digital autonomy. Agency Act, provides Legislative appointments, including how to fully delete personal data 18 Nov 2020 // 20:51..