AB2326:v98#DOCUMENTBill Start
Amended
IN
Assembly
May 04, 2020
|
|
CALIFORNIA LEGISLATURE—
2019–2020 REGULAR SESSION
Assembly Bill
No. 2326
Introduced by Assembly Member Salas
|
February 14, 2020 |
An act to add Article 8.5 (commencing with Section 35265) to Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code, relating to school security.
LEGISLATIVE COUNSEL'S DIGEST
AB 2326, as amended, Salas.
School cybersecurity.
Existing law authorizes the governing board of a school district to establish a security department under the supervision of a chief of security as designated by, and under the direction of, the superintendent of the school district.
Existing law prohibits a school district from permitting access to pupil records to a person without written parental consent or under judicial order except as authorized by specified state and federal law.
Existing law requires the Office of Emergency Services to establish and lead the California Cybersecurity
Integration Center with a primary mission to reduce the likelihood and severity of cyber incidents that could damage California’s economy, its critical infrastructure, or public and private sector computer networks in our state.
This bill would state the intent of the Legislature to enact future legislation relating to school cybersecurity.
This bill would require a local educational agency, as defined, to report any cyberattack, as defined, to the California Cybersecurity Integration Center and to designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center. The bill would require the cybersecurity
coordinator to notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed. The bill would require the California Cybersecurity Integration Center to establish a database that tracks reports of cyberattacks submitted by local educational agencies and require the California Cybersecurity Integration Center to annually report to the Legislature on the state of cybersecurity in the state’s local educational agencies, with recommendations for any improvements.
By imposing new duties on local educational agencies, the bill would constitute a state-mandated local program.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would
provide that, if the Commission on State Mandates determines that the bill contains costs mandated by the state, reimbursement for those costs shall be made pursuant to the statutory provisions noted above.
Digest Key
Vote:
MAJORITY
Appropriation:
NO
Fiscal Committee:
NOYES
Local Program:
NOYES
Bill Text
The people of the State of California do enact as follows:
SECTION 1.
Article 8.5 (commencing with Section 35265) is added to Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code, to read:
Article
8.5. Cybersecurity
35265.
For purposes of this article, the following definitions apply:(a) “Cyberattack” means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer system, or computer network.
(b) “Local educational agency” means the governing body of a school district, county board of education, or state special school.
35266.
(a) A local educational agency shall report any cyberattack to the California Cybersecurity Integration Center, established by the Office of Emergency Services pursuant to Section 8586.5 of the Government Code.(b) (1) A local educational agency shall designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center.
(2) The cybersecurity coordinator of a local educational agency shall notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed.
(c) (1) The California Cybersecurity Integration Center shall establish a database that tracks reports of cyberattacks submitted by local educational agencies pursuant to this section. By July 1, 2021, and by each July 1 thereafter, the California Cybersecurity Integration Center shall report to the Legislature on the state of cybersecurity in the state’s local educational agencies, with recommendations for any improvements.
(2) A report to be submitted pursuant to paragraph (1) shall be submitted in compliance with Section 9795 of the Government Code.
SEC. 2.
If the Commission on State Mandates determines that this act contains costs mandated by the state, reimbursement to local agencies and school districts for those costs shall be made pursuant to Part 7 (commencing with Section 17500) of Division 4 of Title 2 of the Government Code.SECTION 1.It is the intent of the Legislature to enact future legislation relating to school cybersecurity.