Bill Text


PDF |Add To My Favorites |Track Bill | print page

AB-2320 Personal information: contractors: cyber insurance.(2019-2020)

SHARE THIS:share this bill in Facebookshare this bill in Twitter
Date Published: 02/14/2020 09:00 PM
AB2320:v99#DOCUMENT


CALIFORNIA LEGISLATURE— 2019–2020 REGULAR SESSION

Assembly Bill
No. 2320


Introduced by Assembly Member Chau

February 14, 2020


An act to add Chapter 2.3 (commencing with Section 10600) to Part 2 of Division 2 of the Public Contract Code, relating to state contracts.


LEGISLATIVE COUNSEL'S DIGEST


AB 2320, as introduced, Chau. Personal information: contractors: cyber insurance.
Existing law, the Information Practices Act of 1977 (IPA), requires an agency, as defined, to maintain and disclose personal information in accordance with specified conditions and limitations to ensure the security and confidentiality of the personal information.
Existing law regulates contracts for goods and services entered into by state agencies. Specified violations of provisions in a state contract is a crime.
This bill would require a contract with a contractor doing business with a state agency to require that the contractor maintain cyber insurance if the contractor receives or has access to records containing personal information protected under the IPA.
By expanding the scope of existing crimes, this bill would impose a state-mandated local program.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that no reimbursement is required by this act for a specified reason.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: YES   Local Program: YES  

The people of the State of California do enact as follows:


SECTION 1.

 Chapter 2.3 (commencing with Section 10600) is added to Part 2 of Division 2 of the Public Contract Code, to read:
CHAPTER  2.3. Contractors: Cyber Insurance

10600.
 For purposes of this chapter, the following definitions apply:
(a) “Agency” has the same meaning as in subdivision (b) of Section 1798.3 of the Civil Code.
(b) “Contractor” means an individual, business, or other entity doing business with an agency.
(c) “Personal information” has the same meaning as in subdivision (a) of Section 1798.3 of the Civil Code.
(d) “Record” has the same meaning as in subdivision (g) of Section 1798.3 of the Civil Code.

10601.
 If the contract contemplates that, in the course of doing business with an agency, a contractor will receive or have access to records containing personal information protected under the Information Practices Act of 1977 (Title 1.8 (commencing with Section 1798) of Part 4 of Division 3 of the Civil Code), the contract shall require the contractor to carry cyber insurance sufficient to cover all losses resulting from potential unlawful access to or disclosure of personal information, in an amount determined by the contracting agency.

SEC. 2.

 No reimbursement is required by this act pursuant to Section 6 of Article XIII B of the California Constitution because the only costs that may be incurred by a local agency or school district will be incurred because this act creates a new crime or infraction, eliminates a crime or infraction, or changes the penalty for a crime or infraction, within the meaning of Section 17556 of the Government Code, or changes the definition of a crime within the meaning of Section 6 of Article XIII B of the California Constitution.