The COVID-19 pandemic caused disruption and major shifts in the way government and businesses operated in the past year. Cybersecurity risks increased due to the sudden move to a remote workforce that often had fewer and less robust security measures in place. Cybercriminals found ways to take advantage of these conditions and of people's fears related to the coronavirus.
Recent unprecedented cyberattacks, such as the Solarwinds incident, which breached many company and federal and state government systems, also have kept cybersecurity a priority for many state lawmakers.
At least 45 states and Puerto Rico introduced or considered more than 250 bills or resolutions that deal significantly with cybersecurity. Some of the issues seeing the most legislative activity include measures:
States are also addressing cyber threats through appropriations. Not all cybersecurity appropriations are listed here, although significant funding or funding for specific statewide mandates or state projects may be listed.
At least 35 states enacted bills in 2021 (indicated in boldface in list below); Louisiana and Virginia adopted resolutions providing for cybersecurity studies.
Other related security issues include election security (see NCSL's Elections database) and cybersecurity threats to the energy infrastructure and other critical infrastructure (see NCSL's Energy Program resources). Other NCSL resources address related topics such as security breach laws and legislation, privacy and other issues.
AK H.B. 3
Status: Pending–carryover
Relates to the definition of disaster.
AL S.B. 165
Status: Failed–adjourned
Public records, Alabama Public Records Act created, method of request for public records and manner of appeal, established, Office of Public Access Counselor, established, Sections 36-12-40, 36-12-41 repealed.
AL SJR 124
Status: Enacted
Recognizes Cybersecurity Awareness Month in October 2021.
AZ S.B. 1159
Status: Failed–adjourned
Relates to technical correction, relates to electromagnetic pulse preparedness.
AR S.B. 149
Status: Enacted
Amends the Fair Mortgage Lending Act. Provides that a mortgage broker, mortgage banker, or mortgage servicer required to be licensed shall establish, implement, update, and enforce written physical security and cybersecurity policies and procedures reasonably designed to ensure the confidentiality, integrity, and availability of physical and electronic records and information.
AR E.O. 12
Creates the state Cyber Advisory Council.
CA A.B. 128
Status: Enacted
Makes appropriations for the support of state government for the 2021-22 fiscal year, including $2,000,000 to be used to establish and operate the Office of Elections Cybersecurity. Activities performed by the Office of Elections Cybersecurity are intended to be specific to elections and shall be designed so as to minimize overlap and in coordination with statewide cybersecurity efforts performed by the California Cybersecurity Integration Center. Also appropriates up to $925,000 for the California Cybersecurity Integration Center. Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals, safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, economic stability, and national security. Appropriates $10,000,000 to address deferred maintenance projects that represent critical infrastructure deficiencies.
CA A.B. 327
Status: Pending (cybersecurity provisions below were amended out in current version)
Add the California Privacy Protection Agency as one of the organizations whose representatives comprise the California Cybersecurity Integration Center. Declare that its provisions further the purposes and intent of the California Privacy Rights Act of 2020.
CA A.B. 581
Status: Pending
Requires all state agencies, as generally defined, to review and implement specified National Institute of Standards and Technology (NIST) guidelines for, among other things, reporting, coordinating, publishing, and receiving information about a security vulnerability relating to information systems and the resolution thereof, no later than July 1, 2022.
CA A.B. 809
Status: Pending
Requires state agencies not covered by the policies and procedures issued by the Office of Information Security within the Department of Technology to adopt and implement information security and privacy policies, standards, and procedures based upon standards issued by the National Institute of Standards and Technology and the Federal Information Processing Standards.
CA A.B. 953
Status: Pending
Requires the Department of Fish and Wildlife to separately track and account for all revenues collected under the above filing fee provision and all costs incurred in its role as a responsible agency or trustee agency under the California Environmental Quality Act.
CA A.B. 1352
Status: Pending
Authorizes the Military Department, at the request of a local educational agency, to perform an independent security assessment of the local educational agency, or an individual schoolsite under its jurisdiction, the cost of which to be funded by the local educational agency, as specified.
CA A.B. 1403
Status: Pending
Relates to emergency services. Includes a deenergization event, defined as a planned power outage, as specified, within those conditions constituting a state of emergency and a local emergency.
CA S.B. 52
Status: Enacted
Expands the definition of sudden and severe energy shortage to include a deenergization event, defined as a planned power outage, as specified, and would make a deenergization event one of those conditions constituting a state of emergency and a local emergency.
CA S.B. 468
Status: Pending
Includes an electromagnetic pulse attack among those conditions constituting a state of emergency or local emergency.
CO H.B.1236
Status: Enacted
Concerns the modification of certain statutory provisions to reflect the current state information technology environment. Provides that the Colorado cybersecurity council may develop a whole-of-state cybersecurity approach for the state and for local governments, including the coordination and setting of strategic statewide cybersecurity goals, roadmaps, and best practices. The council also may review the need to conduct risk assessments of local government systems and providing additional cybersecurity services to local governments.
CT H.B. 5868
Status: Failed
Requires an online listing of all cyberattacks or data breaches in the state, establishes a central location that lists all cyberattacks or data breaches in the state.
CT H.B. 6161
Status: Failed
Creates a tax safe harbor for business entities adopting a recognizable best practice cybersecurity plan.
CT H.B. 6391
Status: Enacted
Concerns the Insurance Department's recommendations regarding the general statutes.
CT H.B. 6607
Status: Enacted
Incentivizes the adoption of cybersecurity standards for businesses by allowing businesses that adopt certain cybersecurity framework to plead an affirmative defense to any cause of action that alleges that a failure to implement reasonable cybersecurity controls resulted in a data breach concerning personal or restricted information.
CT S.B. 4
Status: Failed
Requires the Public Utilities Regulatory Authority to apply net neutrality principles to broadband Internet access service providers and enforce such principles with civil penalties, directs the authority to conduct studies on cybersecurity and data privacy laws in the state, extends the crime of stalking in the second degree to certain electronic disclosures of personal identifiable information without consent.
CT S.B. 719
Status: Failed
Establishes a task force to study and develop recommendations concerning protection from, and prevention of, cyber attacks.
CT S.B. 720
Status: Failed
Concerns data privacy, net neutrality, cyber security and fairness in data usage in the new age of a digital workforce, protects the economy and online learning from data breaches and limits on broadband usage.
FL H 971
Status: Failed
Relates to public records, relates to consumer data privacy, provides exemption from public records requirements for information relating to investigations by Department of Legal Affairs and law enforcement agencies of certain data privacy violations, provides for future review and repeal, provides statement of public necessity.
FL H.B. 1137
Status: Enacted
Relates to information technology procurement, requires Department of Management Services (DMS) to establish project management and oversight standards for state agency compliance and perform project oversight on it projects, requires department to issue request for quotes to vendors approved to provide commodities or services, requires Department of Management Services (DMS) to prequalify firms and individuals to provide services on state term contract.
FL H.B. 1297
Status: Enacted
Relates to cybersecurity, requires audit plans of inspector general to include certain information, revises provisions to replace references to it and computer security with references to cybersecurity, provides and revises requirements for Department of Management Services, acting through State Digital Service, creates State Cybersecurity Advisory Council within Department of Management Services, provides purpose of council.
FL H.B. 5001
Status: Failed
Relates to General Appropriations Act, provides moneys for annual period beginning specified date, and ending specified date, and supplemental appropriations for period ending specified date, to pay salaries and other expenses, capital outlay-buildings and other improvements, and for other specified purposes of various agencies of state government.
FL S.B. 1448
Status: Failed
Relates to Information Technology Procurement, requires the Department of Management Services, through the Florida Digital Service, to establish certain project management and oversight standards for state agency compliance, requiring the department to perform project oversight on information technology projects that have total project costs of a certain amount or more.
FL S.B. 1900
Status: Failed
Relates to cybersecurity, requires certain audit plans of an inspector general to include certain information, revises provisions to replace references to information technology security and computer security with references to cybersecurity, provides that certain employees shall be assigned to selected exempt service, creates the Florida Cybersecurity Advisory Council within the Department of Management Services.
FL S.B. 7064
Status: Failed
Relates to public records/investigations by the department of legal affairs; provides an exemption from public records requirements for information relating to investigations by the Department of Legal Affairs and law enforcement agencies of certain data privacy violations; provides for future legislative review and repeal of the exemption; provides a statement of public necessity.
FL S.B. 7074
Status: Enacted
Relates to public records or social media platform activities, provides a public records exemption for information received by the Attorney General pursuant to an investigation by the Attorney General or a law enforcement agency into certain social media platform activities, provides a public records exemption for information received by the Department of Legal Affairs pursuant to an investigation by the department.
GA H.B. 134
Status: Enacted
Relates to open and public meetings, so as to exclude meetings relating to cybersecurity contracting and planning from open meeting requirements, relates to inspection of public records, so as to provide an exemption for certain documents relating to cybersecurity plans and systems, provides for related matters, provides for an effective date, repeals conflicting laws.
GA H.B. 156
Status: Enacted
Relates to military, emergency management, and veterans affairs, so as to provide for additional powers and duties related to homeland security and the military, facilitates the sharing of information and reporting of cyber attacks, requires governmental agencies and utilities to report any cyber attacks to the director of emergency management and homeland security, provides for certain reports and records related to cyber attacks to be exempt from public disclosure, relates to workforce development.
GA H.B. 159
Status: Pending–carryover
Relates to military, emergency management, and veterans affairs, so as to establish the State Cybersecurity Review Board, provides for membership and duties of the board, provides for definitions, requires the board, in conjunction with the Georgia Technology Authority, to establish cybersecurity training for employees of all state agencies, provides for adverse employment action if such training is not completed.
GA H.B. 260
Status: Pending–carryover
Relates to selling and other trade practices, so as to provide for legislative findings, provides standards for cybersecurity programs to protect businesses from liability, provides for affirmative defenses for data breaches of private information, provides for related matters, provides for an effective date, repeals conflicting laws.
GA S.B. 52
Status: Pending–carryover
Relates to selling and other trade practices, so as to provide for legislative findings, provides standards for cybersecurity programs to protect businesses from liability, provides for affirmative defenses for data breaches of private information, provides for related matters, provides for an effective date, repeals conflicting laws.
HI H.B. 454
Status: Pending–carryover
Establishes an income tax credit for investment in qualified businesses that develop cybersecurity and artificial intelligence.
HI H.B. 739
Status: Pending–carryover
Requires manufacturers of connected devices to equip the devices with reasonable security features regarding information collected, unauthorized access, or the destruction or use of the devices.
HI H.B. 946
Status: Pending–carryover
(Governor Bill Package) Adopts the national conference of insurance commissioners' insurance data security model law to establish insurance data security standards for state insurance licensees.
HI H.B. 957
Status: Pending–carryover
(Governor Bill Package) Establishes the Hawaii state fusion center as a program under the office of homeland security as described in chapter 128a, Hawaii Revised Statutes, establishes the position of Hawaii state fusion center director.
HI S.B. 1002
Status: Pending–carryover
Requires manufacturers of connected devices to equip the devices with reasonable security features regarding information collected, unauthorized access, or the destruction or use of the devices.
HI S.B. 1100
Status: Enacted
(Governor Bill Package) Enacts the National Association of Insurance Commissioners' Insurance Data Security Model Law to establish insurance data security standards for Hawaii insurance licensees.
HI S.B. 1111
Status: Pending–carryover
(Governor Bill Package) Establishes the state fusion center as a program under the Office of Homeland Security, establishes the position of state state fusion center director who shall be state funded responsible to the Director of Homeland Security and accountable to manage the operations of the center.
IA D 1335
Status: Pending–carryover
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the commissioner of insurance, makes penalties applicable, includes effective date provisions.
IA H.B. 719
Status: Enacted
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.
IA H.B. 861
Status: Enacted
Relates to appropriations to the justice system, gambling regulatory fees, and creating a bureau of cyber-crime, establishing a department of corrections survivor benefits fund, and including effective date and retroactive applicability provisions.
IA HSB 198
Status: Pending–carryover
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.
IA S.B. 553
Status: Failed
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.
IA SSB 1190
Status: Pending–carryover
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.
ID H.B. 147
Status: Failed
Enacts the Insurance Data Security Act, establishes provisions regarding an information security program, provides for investigation and notice of a cybersecurity event, provides that the director of the department of insurance will have the power to examine and investigate certain matters, provides for confidentiality and sharing of documents, materials, and other information, provides exceptions, provides that the chapter does not create a private cause of action, provides for penalties.
IL H.B. 1588
Status: Pending
Amends the Information Security Improvement Act, makes a technical change in a section concerning the short title.
IL H.B. 2869
Status: Pending
Amends the Local Records Act, provides that a unit of local government, acting through its governing board, may authorize the use of technology to execute its duties, or assist in the execution of certain portions of public duties, where those technologies utilize commonly accepted methods of data storage and cybersecurity, and the unit of local government otherwise continues adherence to the Local Records Act.
IL H.B. 3030
Status: Pending
Creates the Cybersecurity Compliance Act, creates an affirmative defense for every covered entity that creates, maintains, and complies with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of either personal information or both personal information and restricted information and that reasonably conforms to an industry-recognized cybersecurity framework, prescribes requirements for the cybersecurity program.
IL H.B. 3040
Status: Pending
Creates the Insurance Data Security Act, requires any person licensed, authorized to operate, or registered as an insurer in accordance with the insurance Laws of this State to conduct a risk assessment of cybersecurity threats, implement appropriate security measures, and no less than annually assess the effectiveness of the safeguards' key controls, systems, and procedures.
IL H.B. 3204
Status: Pending
Amends the Information Security Improvement Act, makes a technical change in a section concerning the short title.
IL H.B. 3523
Status: Enacted
Amends the Emergency Management Agency Act, expands the definition of disaster to include a cyber attack.
IL H.B. 3731
Status: Pending
Amends the Department of Innovation and Technology Act, requires the Department of Innovation and Technology to work to ensure the security of the social media and Internet presence of state elected officials and state agencies and, to the extent possible, reserve the use of State government online accounts, whether social media or email, for use only by state officials, state agencies, and employees thereof, to prevent false personation, provides for the adoption of rules, defines false personation.
IL H.B. 4074
Status: Pending
Creates the Consumers and Climate First Act, provides that it is the policy of the state to transition to 100% clean energy by 2050, amends the Governmental Ethics Act, expands the information required to be provided on a statement of economic interests to include employment by a public utility, amends the Enterprise Zone Act, expands, in provisions relating to High Impact Businesses, the definition of new electric generating facility to include a new utility scale solar power facility.
IL H.B. 4152
Status: Pending
Amends the School Code to require a school district to report a cyber security attack to the State Board of Education as soon as school personnel determine that a breach of the school district's computer system or network has occurred, amends various Acts relating to the governance of public universities and community colleges in Illinois to require a public university or community college district to report a cyber security attack to the Department of Innovation and Technology as soon as school person.
IL S.B. 350
Status: Pending
Amends the Freedom of Information Act, exempts from disclosure risk and vulnerability assessments, security measures, schedules, certifications, and response policies or plans that are designed to detect, defend against, prevent, or respond to potential cyber attacks upon the state's or an election authority's network systems, or records that the disclosure of which would, in any way, constitute a risk to the proper administration of elections or voter registration.
IL S.B. 825
Status: Enacted
Amends the Election Code, relates to cybersecurity, requires each election authority maintaining a website to begin utilizing a .gov website address and a .gov electronic mail address for each employee.
IL S.B. 2506
Status: Pending
Amends the Local Records Act, provides that a unit of local government, acting through its governing board, may authorize the use of technology to execute its duties, or assist in the execution of certain portions of public duties, where those technologies utilize commonly accepted methods of data storage and cybersecurity, and the unit of local government otherwise continues adherence to the Local Records Act.
IL S.B. 2896
Status: Pending
Creates the Consumers and Climate First Act, provides that it is the policy of the state to transition to 100% clean energy by 2050, amends the Governmental Ethics Act, expands the information required to be provided on a statement of economic interests to include employment by a public utility, amends the Enterprise Zone Act, expands, in provisions relating to High Impact Businesses, the definition of new electric generating facility to include a new utility scale solar power facility.
IN H.B. 1169
Status: Enacted
Relates to cybersecurity incidents, requires the office of technology to maintain a repository of cybersecurity incidents, provides that a state agency and a political subdivision shall report any cybersecurity incident to the office without unreasonable delay and not later than two business days after discovery of the cybersecurity incident in a format prescribed by the chief information officer, allows the office of technology to assist a state agency with certain issues concerning information technology.
KS H.B. 2292
Status: Pending–carryover
Creates exemptions in the Open Records Act for cyber security assessments, plans and vulnerabilities.
KS H.B. 2390
Status: Enacted
Makes permanent certain exceptions to the disclosure of public records under the Open Records Act.
KS S.B. 250
Status: Pending–carryover
Amends the state Cybersecurity Act, requires security training for all state agencies, provides for certain information to be provided to the Joint Committee on Information Technology.
LA H.B. 128
Status: Enacted
Provides relative to the powers and duties of the Cash Management Review Board with respect to financial security and cybersecurity plans and procedures adopted by state agencies, including the assessment and deployment of such plans and procedures.
LA H.B. 373
Status: Enacted
Establishes an exception to public records requirements for certain information by the Secretary of State.
LA H.B. 417
Status: Failed–adjourned
(Constitutional Amendment) Revises Article VII of the Constitution of Louisiana.
LA H.B. 508
Status: Failed–adjourned
Dedicates funds to the State Cybersecurity and Information Technology Fund.
LA H.B. 607
Status: Enacted
Directs the joint legislative committee on technology and cybersecurity to examine and consider potential regulatory structures for network installers and cybersecurity providers operating in the state.
LA HCR 108
Status: Adopted
Directs the Department of Economic Development to study and report on cyber-related issues.
LA S.B. 15
Status: Enacted
Relates to purchase of telecommunication and video equipment or services by all state agencies.
MA H.B. 107
Status: Pending
Regulates privacy and technology in education.
MA H.B. 122
Status: Pending
Relates to cyber procurement insurance.
MA H.B. 349
Status: Pending
Relates to the security of personal financial information.
MA H.B. 3132
Status: Pending
Establishes a task force to study the need for increased cyber security within government agencies.
MA H.B. 3133
Status: Pending
Relates to cybersecurity standards in state contracts or procurements.
MA S.B. 55
Status: Pending
Relates to cyber crime prevention in schools.
MA S.B. 2088
Status: Pending
Establishes a Cybersecurity Control and Review Commission.
MA HD 573
Status: Pending
Ensures cyber security in the Commonwealth.
MA HD 582
Status: Pending
Relates to cybersecurity standards in government procurements.
MA HD 2720
Status: Pending
Relates to cyber procurement insurance.
MA SD 399
Status: Pending
Establishes a Cybersecurity Control and Review Commission.
MA SD 2327
Status: Pending
Relates to cyber crime prevention in schools.
MA S.B. 51
Status: Pending
Creates an office of data protection, cybersecurity, and privacy.
MD H.B. 38
Status: Failed–adjourned
Relates to the Department of Information Technology.
MD H.B. 148
Status: Failed–adjourned
Relates to the Personal Information Protection Act.
MD H.B. 425
Status: Enacted
Prohibits a person from committing a certain prohibited act with the intent to interrupt or impair the functioning of a health care facility or a public school, prohibits a person from knowingly possessing certain ransomware with the intent to use the ransomware for purposes of introduction into a computer, network or system of another person, alters and establishes certain penalties, authorizes a victim of a certain offense to bring a civil action for damages against a certain person.
MD H.B. 587
Status: Failed–adjourned
Requires each unit of State government to submit a certain report related to information technology and cybersecurity to the Department of Information Technology on or before a certain date each year, establishes the required contents of certain reports, requires the Department to compile and analyze certain information and report to each unit of State government and the General Assembly certain information and recommendations by a certain date of each year.
MD H.B. 717
Status: Failed–adjourned
Provides for the target per pupil foundation amount in fiscal year 2022, requires each county board of education to use not less than 7% of the target per pupil foundation amount to provide certain technology resources to students, authorizes a local school system, at the end of each fiscal year, to hold unused funds in a special fund to be used in a subsequent fiscal year, requires a county board that allocates certain funding to follow certain information technology security standards.
MD H.B. 824
Status: Failed–adjourned
Requires the State Department of Education, the Behavioral Health Administration within the Maryland Department of Health, the Maryland Center for School Safety, and the Department of Information Technology jointly to develop and publish a cyber safety guide and training course on safe Internet, social media, and technology usage for certain students, parents, and school employees to be implemented beginning in the 2022-2023 school year, requires the guide to be posted on certain websites.
MD H.B. 879
Status: Failed–adjourned
Establishes the Cybersecurity Coordination and Operations Office within the Maryland Emergency Management Agency to help improve statewide cybersecurity readiness and response, requires the Director of MEMA to appoint an Executive Director as head of the Office, requires the Office to be provided with sufficient staff to perform the Office's functions.
MD H.B. 1129
Status: Failed–adjourned
Requires the Department of Information Technology, in coordination with the Maryland Cybersecurity Council, to develop criteria for the certification of certain cybersecurity training programs for use by State and local government employees required to complete cybersecurity training each year, certify at least 20 programs, review and update certain certification standards at certain times, and maintain a list of all certified programs on its website.
MD H.B. 1306
Status: Failed–adjourned
Alters the duties of the Maryland Cybersecurity Council to include monitoring and evaluating certain election security measures and high-speed Internet access in the State, requires the Council to make recommendations concerning any legislative changes considered necessary by the Council to address election security and high-speed Internet access.
MD S.B. 49
Status: Enacted
Relates to cybersecurity. Requires the Secretary of Information Technology to advise and oversee a consistent cybersecurity strategy for certain units of state government. Requires the Secretary to advise and consult with the Legislative and Judicial branches of state government regarding a cybersecurity strategy. Requires the Secretary to develop guidance on consistent cybersecurity strategies for certain political subdivisions of the state.
MD S.B. 69
Status: Failed–adjourned
Relates to the emergency management agency.
MD S.B. 112
Status: Failed–adjourned
Relates to the Personal Information Protection Act.
MD S.B. 160
Status: Enacted
Relates to the Cybersecurity Investment Incentive Tax Credit Program.
MD S.B. 231
Status: Failed–adjourned
Relates to cyber safety guide and training course.
MD S.B. 348
Status: Failed
Relates to information technology.
MD S.B. 351
Status: Failed–adjourned
Relates to protection of information.
MD S.B. 623
Status: Enacted
Prohibits a person from committing a certain prohibited act with the intent to interrupt or impair the functioning of a health care facility or a public school, prohibits a person from knowingly possessing certain ransomware with the intent to use the ransomware to restrict access by authorized persons and demanding payment to remove the ransomware, authorizes a victim of a certain offense to bring a civil action for damages against a certain person.
MD S.B. 734
Status: Failed–adjourned
Requires the Department of Information Technology to issue certain standards and guidelines for units of State government for the appropriate use and management of certain Internet of Things devices under certain circumstances, requires the Department to review and revise its standards and guidelines at least once every 5 years to ensure that they are at least as comprehensive as the standards and guidelines adopted by the Director of NIST.
MD S.B. 770
Status: Failed–adjourned
Provides for the target per pupil foundation amount in fiscal year 2022, requires each county board of education to use not less than 7% of the target per pupil foundation amount to provide certain technology resources to students, authorizes a local school system, at the end of each fiscal year, to hold unused funds in a special fund to be used in a subsequent fiscal year, requires a county board that allocates certain funding to follow certain information technology security standards.
MD S.B. 873
Status: Failed–adjourned
Requires the Department of Information Technology, in coordination with the Maryland Cybersecurity Council, to develop criteria for the certification of certain cybersecurity training programs for use by State and local government employees required to complete cybersecurity training each year, certify at least 20 programs, review and update certain certification standards at certain times, and maintain a list of all certified programs on its website.
MD S.B. 902
Status: Failed–adjourned
Establishes the Cyber Workforce Program in the Partnership for Workforce Quality Program, provides for the purpose of the Cyber Program, requires the Secretary of Commerce to direct the Cyber Program, requires the Secretary to establish certain criteria and priorities for assistance under the Cyber Program, requires the Secretary to submit a certain report on the operation and performance of the Cyber Program.
MD S.B. 917
Status: Failed–adjourned
Requires each unit of State government and certain local agencies to submit a certain report related to information technology and cybersecurity to the Department of Information Technology on or before September 1 each year, establishes the required contents of certain reports, requires the Department to compile and analyze certain information and report to each unit of State government and the General Assembly certain information and recommendations by December 31 each year.
MD S.B. 943
Status: Enacted
Relates to University of Maryland Strategic Partnership Act of 2016.
ME H.B. 17
Status: Enacted
Enacts the Maine Insurance Data Security Act, establishes standards for information security programs based on ongoing risk assessment for protecting consumers' personal information, establishes requirements for the investigation of and notification to the Superintendent of Insurance regarding cybersecurity events.
ME H.B. 672
Status: Enacted
Protects data privacy and security in elections, proposes to protect data privacy and security in elections.
ME LR 114
Status: Pending
Enacts the Maine Insurance Data Security Act.
ME LR 1607
Status: Pending
Protects data privacy and security in elections.
ME S.B. 577 a
Status: Enacted
Provides allocations for the distribution of state fiscal recovery funds. Provides funding to tackle the highest-risk areas identified by an external program review, including formalizing a business continuity plan for the State's information technology and setting a framework for providing leadership to state agencies in business continuity planning. This one-time funding for cybersecurity will augment the proposed General Fund appropriation request and provide the resources needed to tackle some of the highest-risk areas, including business continuity planning and workforce enhancements. Provides funding to support and maintain the State's cybersecurity program and investments.
ME E.O. 3
Establishes the state of Maine Cybersecurity Advisory Council.
MI H.B. 5036
Status: Pending
Provides technology, management, and budget department to create resources concerning digital literacy and cyber safety on public website to House Communications and Technology Committee.
MI S.B. 520
Status: Pending
Provides technology, management, and budget department to create resources concerning digital literacy and cyber safety on public website.
MI S.B. 672
Status: Pending
Provides for an affirmative defense for covered entities with cybersecurity programs under certain circumstances.
MN H.B. 6
Status: Enacted
(Special session) Relates to commerce, establishes a biennial budget for Department of Commerce, Public Utilities Commission, and energy activities, modifies various provisions governing insurance, modifies provisions governing collections agencies and debt Buyers, modifies and adds consumer protections, establishes and modifies provisions governing energy, renewable energy, and utility regulation, provides for certain salary increases, makes technical changes, establishes penalties, requires reports, appropriates money.
MN S.B. 19
Status: Failed–adjourned
(Special session)Relates to commerce, establishes a biennial budget for Department of Commerce, Public Utilities Commission, and energy activities, modifies various provisions governing insurance, modifies provisions governing collections agencies and debt Buyers, modifies and adds consumer protections, establishes and modifies provisions governing energy, renewable energy, and utility regulation, provides for certain salary increases, makes technical changes, establishes penalties, requires reports, appropriates money.
MN H.B. 66
Status: Pending–carryover
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments.
MN H.B. 1031
Status: Failed
Relates to commerce, establishes a biennial budget for Department of Commerce and energy activities, modifies various provisions governing and administered by the Department of Commerce, establishes a prescription drug affordability board and related regulations, modifies various provisions governing insurance.
MN H.B. 1913
Status: Pending–carryover
Relates to insurance, establishes an Insurance Data Security Law.
MN S.B. 972
Status: Pending–carryover
Relates to commerce, establishes a biennial budget for Department of Commerce and energy activities, modifies various provisions governing and administered by the Department of Commerce, establishes a prescription drug affordability board and related regulations, modifies various provisions governing insurance, establishes a student loan borrower bill of rights, modifies and adding consumer protections, modifies provisions governing collections agencies and debt buyers.
MN S.B. 1174
Status: Pending–carryover
Relates to state government, establishes a Legislative Commission on Cybersecurity, provides legislative appointments, proposes coding for new law.
MN S.B. 1606
Status: Failed
Relates to insurance, establishes an Insurance Data Security Law.
MN S.B. 1846
Status: Pending–carryover
Relates to commerce, modifies various provisions governing or administered by the Department of Commerce, modifies allowance of reinsurance credit, establishes an insurance data security law, makes technical changes.
MO H.B. 1204
Status: Failed–adjourned
Establishes the Missouri Cybersecurity Commission.
MO S.B. 49
Status: Enacted
Relates to public safety, modifies provisions relating to licensure as a boat dealer, modifies provisions relating to certain vessel registration and fees, adds restrictions for certain vessel anchorage at docks, provides a penalty, establishes the Missouri Cybersecurity Commission within the Department of Public Safety.
MO S.B. 674
Status: Pending
Relates to grants to employers for the purpose of enhancing cybersecurity.
MS H.B. 633
Status: Enacted
Creates the Mississippi Computer Science and Cyber Education Equality Act, authorizes and directs the Mississippi Department of Education to implement a mandatory k 12 computer science curriculum based on the Mississippi College and Career Readiness Standards for computer science, which includes instruction in, but not limited to, computational thinking, cyber related, programming, cyber security, data science, robotics and other computer science and cyber related content.
MS S.B. 2678
Status: Failed
Creates the Mississippi Computer Science and Cyber Education Equality Act, authorizes and directs the Mississippi Department of Education to implement a mandatory K 12 computer science curriculum based on the state college and career readiness standards for computer science which includes instruction in, but not limited to, computational thinking, computer programming, cyber security, data science, robotics and other computer science and cyber related content.
MS E.O. 1
Creates a Task Force on State Cybersecurity, directs the Task Force to develop recommendations and proposals to identify vulnerabilities of systems, staffing, training and technologies with state agencies.
MT H.B. 10
Status: Enacted
Revises laws related to Information Technology Capital Projects, appropriates money for Information Technology Capital Projects for the biennium ending a specified date, provides for matters relating to the appropriations, provides for a transfer of funds from the general fund to the Long-Range Information Technology Program Account, provides for the development and acquisition of new information technology systems for the specified agencies.
MT H.B. 530
Status: Enacted
Requires the Secretary of State to adopt rules defining and governing election security; requires election security assessments by the Secretary of State and county election administrations; establishes that security assessments are confidential information; establishes reporting requirements; directs the Secretary of State to adopt rules prohibiting certain persons from receiving pecuniary benefits with respect to certain ballot activities; provides for penaltieS.
MT H.B. 614
Status: Enacted
Revises the workforce development provisions of the Health and Economic Livelihood Partnership act, establishes allowable uses of workforce development funding, requires contracting for training and education programs, extends rulemaking authority.
MT E.O. 13
Continues the Montana Information Security Advisory Council.
NV BDR 63
Status: Failed–adjourned
Revises provisions relating to cyber security.
NH H.B. 137
Status: Failed
Exempts certain statewide standards and protocols relative to information technology, networks, telephony, and cyber security developed by the department of information technology from a specified rulemaking.
NH H.B. 425
Status: Enacted
Establishes certain technical committees and a cybersecurity advisory committee in the Department of Information Technology.
NH H.B. 487
Status: Failed
Establishes an information technology supply chain risk authority.
NH H.B. 1277
Status: Pending
Defines cybersecurity incident and requires that political subdivisions report such incidents to the department of information technology.
NH LSR 546
Status: Pending
Establishes the position of chief information security officer and deputy chief information security officer in the department of information technology.
NH LSR 643
Status: Failed
Relates to cyber security incident reporting and recommended cyber security standards for political subdivisions.
NJ A.B. 442
Status: Pending
Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks.
NJ A.B. 1378
Status: Pending
Directs New Jersey Cyber security and Communications Integration Cell to develop cyber security prevention best practices and awareness materials for consumers in this state.
NJ A.B. 1396
Status: Pending
Concerns information security standards and guidelines for state and local government.
NJ A.B. 1654
Status: Pending
Requires state, county, and municipal employees and certain state contractors to complete cybersecurity awareness training.
NJ A.B. 2083
Status: Pending
Establishes the crime of cyber interference, defined as tampering or interfering with any software, computer, cell phone, or any other electronic device, with the purpose to harass another.
NJ A.B. 2852
Status: Pending
Directs state Cybersecurity and Communications Integration Cell, Office of Information Technology, and state Big Data Alliance to develop advanced cyberinfrastucture strategic plan.
NJ A.B. 3308
Status: Pending
Clarifies the crime of unlawful access concerning certain password protected communications in electronic storage.
NJ A.B. 3684
Status: Pending
Requires state employees to receive best cybersecurity practices.
NJ A.B. 3834
Status: Pending
Concerns debarment of contractors for conviction of certain computer-related crimes.
NJ A.B. 3984
Status: Pending
Creates affirmative defense for certain breaches of security.
NJ A.B. 4825
Status: Pending
Revises cybersecurity, asset management, and related reporting requirements in Water Quality Accountability Act.
NJ A.B. 6018
Status: Pending
Requires each principal department in Executive Branch and each State college to conduct review of department's or college's cybersecurity infrastructure and make recommendations.
NJ A.B. 6098
Status: Pending
Requires businesses in financial, essential infrastructure, and health care industries to report cybersecurity incidents.
NJ A.B. 6101
Status: Pending
Establishes cybersecurity employment grant program for qualified businesses.
NJ A.B. 6102
Status: Pending
Requires businesses in financial, essential infrastructure, and health care industries to develop cybersecurity plans.
NJ A.B. 6103
Status: Pending
Requires instruction on cybersecurity in grades nine through 12, requires Office of Secretary of Higher Education to develop cybersecurity model curricula, establishes loan redemption programs for individuals in certain cybersecurity occupations.
NJ A.B. 6104
Status: Pending
Requires municipalities, counties, and school districts to report cybersecurity incidents.
NJ A.B. 6178
Status: Pending
Requires public agencies report cybersecurity incidents to New Jersey Office of Homeland Security and Preparedness.
NJ AJR 40
Status: Pending
Urges Secretary of State to assure Legislature and public that State's electoral system is protected from foreign computer hackers.
NJ AJR 66
Status: Pending
Establishes Technology Task Force.
NJ AJR 153
Status: Pending
Designates October of each year as Cyber Security Awareness Month.
NJ AJR 248
Status: Pending
Establishes state Cybersecurity Task Force.
NJ S.B. 343
Status: Pending
Directs the state Cybersecurity and Communications Integration Cell, Office of Information Technology, and the state Big Data Alliance to develop an advanced cyberinfrastucture strategic plan.
NJ S.B. 647
Status: Enacted
Revises cybersecurity, asset management, and related reporting requirements in Water Quality Accountability Act.
NJ S.B. 1233
Status: Pending
Requires certain persons and business entities to maintain comprehensive information security program.
NJ S.B. 1619
Status: Pending
Clarifies crime of unlawful access concerning certain password protected communications in electronic storage.
NJ S.B. 2155
Status: Pending
Requires Economic Development Authority to establish program offering low interest loan to certain financial institutions and personal data businesses to protect business's information technology system from customer personal information disclosure.
NJ S.B. 3062
Status: Pending
Creates affirmative defense for certain breaches of security.
NJ S.B. 3325
Status: Pending
Establishes the New Jersey Information Technology Commission.
NJ S.B. 3897
Status: Pending
Requires each principal department in Executive Branch and each State college to conduct review of department's or college's cybersecurity infrastructure and make recommendations.
NJ S.B. 4035
Status: Pending
Requires businesses in financial, essential infrastructure, and health care industries to develop cybersecurity plans.
NJ S.B. 4036
Status: Pending
Requires businesses in financial, essential infrastructure, and health care industries to report cybersecurity incidents.
NJ S.B. 4037
Status: Pending
Requires municipalities, counties, and school districts to report cybersecurity incidents.
NJ S.B. 4038
Status: Pending
Establishes cybersecurity employment grant program for qualified businesses.
NJ S.B. 4039
Status: Pending
Requires instruction on cybersecurity in grades nine through 12, requires Office of Secretary of Higher Education to develop cybersecurity model curricula, establishes loan redemption programs for individuals in certain cybersecurity occupations.
NJ S.B. 4278
Status: Pending
Requires public agencies report cybersecurity incidents to State Office of Homeland Security and Preparedness.
NJ SJR 127
Status: Pending
Establishes State Cybersecurity Task Force.
NM H.B. 70
Status: Failed–adjourned
Relates to domestic terrorism, defines "denial of service attack", defines "school", "community center", "place of worship" and "public accommodation", creates the crimes of terrorism, cyberterrorism, possessing a terroristic weapon and making a terroristic threat, provides penalties, provides for concurrent jurisdiction of crimes under the antiterrorism act, requires information sharing and reporting.
NY A.B. 535
Status: Pending
Enacts the New York Grid Modernization Act to address the aging infrastructure, establishes the grid modernization program, defines terms, creates the smart grid advisory council, makes related changes. Provides for cyber security systems to protect customer financial information and data relating to personal electrical usage.
NY A.B. 749
Status: Pending
Authorizes continuing care retirement communities to adopt a written cybersecurity policy, requires such policies to be self-certified and approved by the superintendent.
NY A.B. 3847
Status: Pending
Establishes the crime of disruption of an online public meeting when a person with intent to cause public inconvenience, annoyance or alarm, without lawful authority, and acting through a computer service, he or she disturbs any lawful assembly or meeting of persons open to the public conducted through a computer service, makes such crime a class B misdemeanor.
NY A.B. 3900
Status: Pending
Establishes a commission to study the European Union's general protection data regulation and the current state of cybersecurity in the state.
NY A.B. 4490
Status: Pending
Enacts the "computer spyware protection act", prohibits the installation, transmission and use of computer software that collects personally identifiable information, authorizes the Attorney General to bring a civil action against any person who violates any provision of this section, seeks damages ranging from one thousand dollars to one million dollars.
NY A.B. 4567
Status: Pending
Establishes the School District Cyber Crime Prevention Services Program to provide school districts with information on strategies, best practices and programs offering training and assistance in the prevention of cyber crimes in school districts or otherwise affecting school districts, provides further that information on eligibility and applications for financial assistance be made available to school districts.
NY A.B. 4581
Status: Pending
Establishes the misdemeanor of interfering in the election process by electronic means.
NY A.B. 4640
Status: Pending
Requires the Department of Education to provide annual notifications to school districts to combat cyber crime.
NY A.B. 4892
Status: Pending
Creates the crime of cyberterrorism and calculating damages caused by computer tampering, cyberterrorism shall be a class B felony.
NY A.B. 6984
Status: Pending
Establishes civilian cyber security reserve Forces within the New York state militia to be capable of being expanded and trained to educate and protect state, county, and local government entities, critical infrastructure, including election systems, businesses and citizens of the state from cyber attacks, makes related provisions.
NY A.B. 7983
Status: Pending
Relates to computer-related crimes. Creates the crimes of unlawful disruption of computer services in the first and second degree, unlawful computer access assistance in the first and second degree, unauthorized use of internet domain name or profile, and unlawful introduction of a computer contaminant, allows for a civil action for compensatory damages for victims of such crimes.
NY S.B. 118
Status: Pending
Establishes the misdemeanor of interfering in the election process by electronic means.
NY S.B. 348
Status: Pending
Requires the Department of Education to provide annual notifications to school districts to combat cyber crime.
NY S.B. 349
Status: Pending
Establishes the school district cyber crime prevention services program.
NY S.B. 2087
Status: Pending
Amends the Tax Law, relates to a business tax credit for purchase of data breach insurance.
NY S.B. 2652
Status: Pending
Amends the State Technology Law, requires governmental entities to implement multifactor authentication for local and remote network access.
NY S.B. 3213
Status: Pending
Directs that state agencies require that procurement of personal computing goods, services and solutions meet the National Institute of Standards and Technology Cybersecurity Framework.
NY S.B. 5186
Status: Pending
Relates to computer-related crimes, creates the crimes of unlawful disruption of computer services in the first and second degree, unlawful computer access assistance in the first and second degree, unauthorized use of internet domain name or profile, and unlawful introduction of a computer contaminant, allows for a civil action for compensatory damages for victims of such crimes.
NY S.B. 5410
Status: Pending
Elevates all computer tampering offenses by one degree in severity.
NY S.B. 6068
Status: Pending
Establishes a commission to study the European Union's general protection data regulation and the current state of cybersecurity in the state.
NY S.B. 6154
Status: Pending
Creates a Cyber Security Enhancement Fund to be used for the purpose of upgrading cyber security in local governments, including but not limited to, villages, towns and cities with a population of one million or less, restricts the use of taxpayer moneys in paying ransoms in response to ransomware attacks.
NY S.B. 6806
Status: Pending
Prohibits governmental entities, business entities and health care entities from paying a ransom in the event of a cyber incident or a cyber ransom or ransomware attack.
NY S.B. 7312
Status: Pending
Enacts the "Critical Infrastructure Standards and Procedures (CRISP) Act."
NC H.B. 813
Status: Pending
Prohibits any state agency, unit of local government, or public authority from paying a ransom in connection with a cybersecurity incident and clarifies the reporting of cybersecurity incidents to the department of information technology.
NC S.B. 621
Status: Pending
Appropriates additional funds to support a dedicated North Carolina Defense Cyber Office in the NC Military Business Center.
NC S.B. 105
Status: Enacted
Prohibits state agencies or local government entities from submitting payment or otherwise communicating with an entity that us making a ransomware demand. Makes base budget appropriations for current operations of state agencies, departments, and institutions. (art. 84)
ND D 198
Status: Failed–adjourned
Relates to cybersecurity incident reporting requirements.
ND H.B. 1064
Status: Failed
Relates to the powers and duties of the information technology department.
ND H.B. 1314
Status: Enacted
Relates to cybersecurity incident reporting requirements.
ND H.B. 1417
Status: Enacted
Relates to the Powers and duties of the information technology department.
ND S.B. 2075
Status: Enacted
Relates to third party software access to insurance policy information.
OH H.B. 116
Status: Pending
Enacts the Computer Crimes Act.
OH H.B. 230
Status: Pending
Regards the state's information technology systems and shared services, makes an appropriation. Creates a biannual advisory committee on state information and technology and a cybersecurity and fraud advisory board to examine and make recommendations on the state's information technology systems and services, including cybersecurity.
OH H.B. 432
Status: Pending
Amends section 1347.12, enacts section 125.184 of the Revised Code regarding data breaches on state agency computer systems. Requires the state chief information officer to conduct an examination of each state agency to assess the risk of a breach of the security of the system of that state agency.
OK H.B. 1759
Status: Enacted
Relates to crimes and punishments, relates to the Oklahoma Computer Crimes Act, modifies definition, defines term, expands scope of certain prohibited acts, makes certain acts unlawful, provides construing provision, provides an effective date.
OR S.B. 293
Status: To Governor
Directs office of State Chief Information Officer to develop recommendations related to elevating consideration of privacy, confidentiality and data security measures in state government enterprise and shared information technology services, and to submit recommendations in report to certain interim committees of Legislative Assembly by specified date.
PA H.B. 40
Status: Pending
Establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the joint cybersecurity oversight committee, imposes duties on the office of information technology, provides for administration of statewide radio network, imposes penalties.
PA S.B. 482
Status: Pending
Establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee, imposes duties on the Office of Information Technology, provides for administration of Statewide Radio Network, imposes penalties.
PA H.B. 1362
Status: Pending
Provides for Cybersecurity Coordination Board.
PA H.B. 1397
Status: Pending
Amends the Public Utility Confidential Security Information Disclosure Protection Act, provides for procedures for submitting, challenging and protecting confidential security information, for applicability to other law and for prohibition.
PA S.B. 597
Status: Pending
Provides for water and wastewater asset management plans. Relates to the development of cybersecurity system plans.
PA S.B. 696
Status: Pending
Prohibits employees of the Commonwealth from using nonsecured Internet connections, provides for Commonwealth policy and for entities subject to the Health Insurance Portability and Accountability Act.
PA S.B. 726
Status: Pending
Provides for the offense of ransomware, imposes duties on the Office of Administration.
RI H.B. 5200
Status: Pending
Adopts the National Association of Insurance Commissioners Cybersecurity Act which establishes the current cybersecurity standard for insurers doing business in this state.
RI H.B. 6042
Status: Pending
Authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity.
RI S.B. 340
Status: Pending
Establishes that manufacturers of devices capable of connecting to the Internet equip the devices with reasonable security features.
RI S.B. 835
Status: Pending
Authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity.
TN H.B. 766
Status: Enacted
Establishes the exclusive standards for data security, licensees' investigations of cybersecurity events, and licensees' notification of cybersecurity events to the commissioner and affected consumers; provides that a licensee is a person, as defined, and does not include a purchasing group or risk retention group chartered and licensed in another state or a person acting as an assuming insurer and domiciled in another state or jurisdiction.
TN H.B. 925
Status: Enacted
Requires the state-level safety team to include cybersecurity policies and procedures in the template safety plan that Local Education Agencies must adopt as part of their comprehensive district-wide and building-level school safety plans.
TN S.B. 725
Status: Pending–carryover–substituted on Senate floor by H 766
Establishes the exclusive standards for data security, licensees' investigations of cybersecurity events, and licensees' notification of cybersecurity events to the commissioner and affected consumers; provides that a licensee is a person, as defined, and does not include a purchasing group or risk retention group chartered and licensed in another state or a person acting as an assuming insurer and domiciled in another state or jurisdiction.
TN S.B. 1211
Status: Enacted
Clarifies that wireless communication includes text messages sent and received on smart devices for purposes of the Anti-Phishing Act.
TN S.B. 1425
Status: Pending–carryover
Requires the state-level safety team to include cybersecurity policies and procedures in the template safety plan that Local Education Agencies must adopt as part of their comprehensive district-wide and building-level school safety plans.
TX H.B. 2
Status: Enacted
Relates to making supplemental appropriations and reductions in appropriations and giving direction and adjustment authority regarding appropriations.
TX H.B. 244
Status: Failed -adjourned
Relates to the establishment of a grant program for promoting computer science certification and professional development in coding, technology applications, and computer science for public school teachers.
TX H.B. 307
Status: Failed
(Special session 1) Relates to state agency and local government security incident procedures.
TX H.B. 1118
Status: Enacted
Relates to state agency and local government compliance with cybersecurity training requirements.
TX H.B. 1180
Status: Failed–adjourned
Relates to the creation of the Fiscal Risk Management Commission.
TX H.B. 2065
Status: Failed–adjourned
Relates to the composition of the cybersecurity council.
TX H.B. 2066
Status: Failed–adjourned
Relates to emergency management for cybersecurity events threatening this state.
TX H.B. 2160
Status: Failed–adjourned
Relates to requiring the Department of Information Resources to conduct a study concerning the cybersecurity of small businesses.
TX H.B. 3298
Status: Failed–adjourned
Relates to computer science and technology applications in public schools, including the essential knowledge and skills of the technology applications curriculum, the establishment of a computer science strategic advisory committee, and the establishment of a computer science and technology applications professional development grant program for public school teachers.
TX H.B. 3390
Status: Enacted
Relates to the purchase of cybersecurity insurance coverage by the State Department of Transportation.
TX H.B. 3743
Status: Failed–adjourned
Relates to cybersecurity and privacy regarding distance learning in public schools and prohibiting ransomware payments by certain governmental entities.
TX H.B. 3791
Status: Failed–adjourned
Relates to the Powers and duties of the State Electric Grid Security and Emergency Preparedness Advisory Council.
TX H.B. 3792
Status: Failed–adjourned
Relates to protecting the population of the state, its environment, and its most vulnerable communities, promoting the resilience of the electric grid and certain municipalities.
TX H.B. 3892
Status: Failed–adjourned
Relates to matters concerning governmental entities, including cybersecurity, governmental efficiencies, information resources, and emergency planning.
TX H.B. 4018
Status: Enacted
relates to legislative oversight and funding of improvement and modernization projects for state agency information resource
TX H.B. 4071
Status: Failed–adjourned
Relates to the requirements for the purchase of endpoint devices by a state agency.
TX H.B. 4196
Status: Failed–adjourned
Relates to the development by the Public Utility Commission of the state of physical security and cybersecurity practices for certain utilities.
TX H.B. 4256
Status: Failed–adjourned
Relates to the duties and oversight of the Department of Public Safety's office of inspector general regarding the use of cyber technology and activity.
TX H.B. 4395
Status: Failed–adjourned
Relates to state and local governments requirements to report security incidents to the Department of Information Resources.
TX H.B. 4397
Status: Failed–adjourned
Relates to a cybersecurity monitor for certain electric utilities.
TX S.B. 345
Status: Failed–adjourned
Relates to state agency and local government compliance with cybersecurity training requirements.
TX S.B. 475
Status: Enacted
Relates to state agency and local government information security, including establishment of the state risk and authorization management program and the State volunteer incident response team, authorizes fees.
TX S.B. 851
Status: Enacted
Relates to the composition of the cybersecurity council.
TX S.B. 1367
Status: Enacted
Relates to the regulation of commercial property and casualty insurance and insurance for certain large risks.
TX S.B. 1606
Status: Failed–adjourned
Relates to protecting the population of the state, its environment, and its most vulnerable communities, promoting the resilience of the electric grid and certain municipalities.
TX S.B. 1696
Status: Enacted
Relates to establishing a system for the sharing of information regarding cyber attacks or other cybersecurity incidents occurring in schools in this state.
TX S.B. 1908
Status: Failed–adjourned
Relates to the purchase of cybersecurity insurance coverage by the State Department of Transportation.
TX S.B. 2116
Status: Enacted
Relates to prohibiting contracts or other agreements with certain foreign-owned companies in connection with critical infrastructure in this state.
TX S.B. 2134
Status: Failed–adjourned
Relates to certain standardization in cybersecurity degree programs offered by public institutions of higher education.
TX S.B. 2135
Status: Failed–adjourned
Relates to pathways to assist students in transitioning from high school to postsecondary education in cybersecurity.
TX S.B. 2231
Status: Failed–adjourned
Relates to the resilience of the electric grid and certain municipalities.
TX H.B. 145
Status: Failed–adjourned
(Special session 1) Relates to emergency management for cybersecurity events threatening this state.
TX H.B. 307
Status: Failed–adjourned
(Special session 1) Relates to state agency and local government security incident procedures.
TX S.B. 28
Status: Failed–adjourned
(Special session 1) Relates to the resilience of the electric grid and certain municipalities.
TX H.B. 202
Status: Failed–adjourned
(Special session 2) Relates to emergency management for cybersecurity events threatening this state.
TX S.B. 1
Status: Enacted
(Special session 2) Relates to election integrity and security, including by preventing fraud in the conduct of elections in this state, increases criminal penalties, creates criminal offenses, provides civil penalties.
TX S.B. 28
Status: Failed–adjourned
(Special session 2) Relates to the resilience of the electric grid and certain municipalities.
UT H.B. 80
Status: Enacted
Creates affirmative defenses to certain causes of action arising out of a breach of system security.
VA H.B. 30
Status: Enacted
Relates to the Budget Bill, provides for all appropriations of the Budget submitted by the Governor, provides a portion of revenues for upcoming biennium.
VA H.B. 322
Status: Failed – adjourned
Relates to Virginia Information Technologies Agency, relates to Cybersecurity Advisory Council created, relates to report, creates the Cybersecurity Advisory Council to assist the Chief Information Officer (CIO) of the Virginia Information Technologies Agency with the development of policies, standards, and guidelines for assessing security risks, determining appropriate security measures, and performing security audits of government electronic information, provides that make recommendations to the CIO.
VA H.B. 524
Status: Failed
Relates to the register of volunteer cybersecurity and information technology professionals, directs the Secretary of Administration to establish a register of cybersecurity and information technology professionals interested in volunteering to assist localities and school divisions, in collaborating on workforce development, and in providing mentorship opportunities.
VA H.B. 852
Status: Enacted
Relates to the Information Technologies Agency, requires the Chief Information Officer of the Information Technologies Agency to develop and annually update a curriculum and materials for training all state employees in information security awareness and in proper procedures for detecting, assessing, reporting, and addressing information security threats.
VA H.B. 957
Status: Failed
Relates to Virginia Cyber Initiative Act, directs the Virginia Information Technologies Agency to work with public and private institutions of higher education, state agencies, and businesses in the Commonwealth to develop a cyber alliance, to be known as the Virginia Cyber Initiative, to reduce cyber risks and encourage economic development in the cybersecurity field.
VA H.B. 1082
Status: Enacted
Amends the Emergency Services and Disaster Law, defines cyber incident for purposes of the Law as an event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, and physical or virtual infrastructure controlled by computers or information systems., makes technical corrections.
VA H.B. 1334
Status: Enacted
Establishes standards for insurance data security, for the investigation of a cybersecurity event, and for the notification to the Commissioner of Insurance and affected consumers of a cybersecurity event, requires insurers to develop, implement, and maintain a comprehensive written information security program based on an assessment of its risk that contains administrative, technical, and physical safeguards.
VA H.B. 1800
Status: Enacted
Relates to Budget Bill, amends the 2020 Special Session I Acts of Assembly. Includes funds to implement a training curriculum for state employees on best practices for cyber security.
VA HJR 23
Status: Failed
Relates to study, relates to Department of Elections, relates to use of blockchain technology to protect voter records and election results, relates to report, requests the Department of Elections to conduct a study to determine the kinds of blockchain technology that could be used to secure voter records and election results, determine the costs and benefits of using such technology as compared to traditional registration and election security measures, and make recommendations.
VA HJR 64
Status: Adopted
Requests the Information Technologies Agency to study the Commonwealth's susceptibility, preparedness, and ability to respond to ransomware attacks, provides that in conducting its study, the Agency shall assess the Commonwealth's susceptibility to ransomware attacks at the state and local levels of government.
VA S.B. 378
Status: Enacted
Relates to computer trespass, relates to penalty, expands the crime of computer trespass to provide that the prohibited actions that constitute computer trespass are criminalized if done through intentionally deceptive means and without authority, specifies that a computer hardware or software provider, an interactive computer service, or a telecommunications or cable operator does not have to provide notice of its activities to a computer user that a reasonable computer user should expect may occur.
VA S.B. 641
Status: Failed – adjourned
Relates to civil action, relates to sale of personal data, requires a person that disseminates, obtains, maintains, or collects personal data about a consumer for a fee to implement security practices to protect the confidentiality of a consumer's personal data, obtain express consent of a parent of a minor before selling the personal data of such minor, provide access to consumers to their own personal data that is held by the entity, and refrain from maintaining or selling data.
VA S.B. 1003
Status: Enacted
Relates to computer crimes, provides that any person, who, without the intent to receive any direct or indirect benefit, maliciously sends an electronically transmitted communication containing a false representation intended to cause another person to spend money, and such false representation causes such person to spend money, is guilty of a Class 1 misdemeanor.
VT H.B. 274
Status: Pending–carryover
Relates to consumer protection and collection of consumer information.
VT H.B. 304
Status: Pending–carryover
Relates to creating the crime of extortion by introducing ransomware.
VT H.B. 431
Status: Enacted
Relates to miscellaneous energy subjects. Provides that records relating to a regulated utility's cybersecurity program, assessments, and plans, including all reports, summaries, compilations, analyses, notes, or other cybersecurity information are not public records.
VT H.B. 439
Status: Enacted
Makes appropriations in support of government for the fiscal year. Provides that the Secretary shall prepare and submit a strategic plan for information technology and cybersecurity, concurrent with the Governor's annual budget request required under 32 V.S.A. Section 306. Provides funding to the Agency of Digital Services cybersecurity – core infrastructure replacement and router replacements for public safety connections to the municipalities.
WA H.B. 1068
Status: Enacted
Exempts election security information from public records disclosure.
WA H.B. 1190
Status: Pending – carryover
Fosters economic growth in Washington by supporting emerging businesses in the new space economy.
WA S.B. 5092
Status: Enacted
Makes 2021-2023 fiscal biennium operating appropriations.
WA S.B. 5432
Status: Enacted
Concerns cybersecurity and data sharing in Washington state government.
WI A.B. 147
Status: Pending
Imposes requirements related to insurance data cybersecurity, grants rule making authority.
WI S.B. 160
Status: Enacted
Imposes requirements related to insurance data cybersecurity, grants rule making authority.
WV H.B. 2763
Status: Enacted
Creates cyber incident reporting.
WV H.B. 2925
Status: Failed – adjourned
Relates to data disposal protection.
WY S.B. 132
Status: Failed
Relates to the legislature, requires the joint corporations, elections and political subdivisions interim committee to study emergency preparedness and energy distribution in the event of a disruption of federal government operations, requires a report, provides for an effective date.
PR HR 468
Status: Pending
Orders the House Committee on Finance and Budget to carry out an investigation into the cyber attack caused by ransomware in 2017, causing a state of emergency in the Department of the Treasury.
PR S.B. 118
Status: Pending
Amends Law 20 of 2017, the Law of the Department of Security, in order to add functions and powers to the Office of Security Information Management, which are essential to really achieve the implementation of the system interoperability of communications and that it has a proper and accurate operation.
LexisNexis Terms and Conditions
We are the nation’s most respected bipartisan organization providing states support, ideas, connections and a strong voice on Capitol Hill.
7700 East First Place
Denver, CO 80230
Tel: 303-364-7700 | Fax: 303-364-7800
444 North Capitol Street, N.W., Suite 515
Washington, D.C. 20001
Tel: 202-624-5400 | Fax: 202-737-1069