Bill Text


Bill PDF |Add To My Favorites | print page

AB-2326 School cybersecurity.(2019-2020)

SHARE THIS: share this bill in Facebook share this bill in Twitter
Date Published: 05/01/2020 09:00 PM
AB2326:v98#DOCUMENT

Amended  IN  Assembly  May 04, 2020

CALIFORNIA LEGISLATURE— 2019–2020 REGULAR SESSION

Assembly Bill
No. 2326


Introduced by Assembly Member Salas

February 14, 2020


An act to add Article 8.5 (commencing with Section 35265) to Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code, relating to school security.


LEGISLATIVE COUNSEL'S DIGEST


AB 2326, as amended, Salas. School cybersecurity.

Existing law authorizes the governing board of a school district to establish a security department under the supervision of a chief of security as designated by, and under the direction of, the superintendent of the school district.

Existing law prohibits a school district from permitting access to pupil records to a person without written parental consent or under judicial order except as authorized by specified state and federal law.
Existing law requires the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center with a primary mission to reduce the likelihood and severity of cyber incidents that could damage California’s economy, its critical infrastructure, or public and private sector computer networks in our state.

This bill would state the intent of the Legislature to enact future legislation relating to school cybersecurity.

This bill would require a local educational agency, as defined, to report any cyberattack, as defined, to the California Cybersecurity Integration Center and to designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center. The bill would require the cybersecurity coordinator to notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed. The bill would require the California Cybersecurity Integration Center to establish a database that tracks reports of cyberattacks submitted by local educational agencies and require the California Cybersecurity Integration Center to annually report to the Legislature on the state of cybersecurity in the state’s local educational agencies, with recommendations for any improvements.
By imposing new duties on local educational agencies, the bill would constitute a state-mandated local program.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that, if the Commission on State Mandates determines that the bill contains costs mandated by the state, reimbursement for those costs shall be made pursuant to the statutory provisions noted above.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: NOYES   Local Program: NOYES  

The people of the State of California do enact as follows:


SECTION 1.

 Article 8.5 (commencing with Section 35265) is added to Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code, to read:
Article  8.5. Cybersecurity

35265.
 For purposes of this article, the following definitions apply:
(a) “Cyberattack” means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer system, or computer network.
(b) “Local educational agency” means the governing body of a school district, county board of education, or state special school.

35266.
 (a) A local educational agency shall report any cyberattack to the California Cybersecurity Integration Center, established by the Office of Emergency Services pursuant to Section 8586.5 of the Government Code.
(b) (1) A local educational agency shall designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center.
(2) The cybersecurity coordinator of a local educational agency shall notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed.
(c) (1) The California Cybersecurity Integration Center shall establish a database that tracks reports of cyberattacks submitted by local educational agencies pursuant to this section. By July 1, 2021, and by each July 1 thereafter, the California Cybersecurity Integration Center shall report to the Legislature on the state of cybersecurity in the state’s local educational agencies, with recommendations for any improvements.
(2) A report to be submitted pursuant to paragraph (1) shall be submitted in compliance with Section 9795 of the Government Code.

SEC. 2.

 If the Commission on State Mandates determines that this act contains costs mandated by the state, reimbursement to local agencies and school districts for those costs shall be made pursuant to Part 7 (commencing with Section 17500) of Division 4 of Title 2 of the Government Code.
SECTION 1.

It is the intent of the Legislature to enact future legislation relating to school cybersecurity.