Bill Text

Bill Information


Bill PDF |Add To My Favorites | print page

AB-1667 Department of Technology: California Cybersecurity Awareness and Education Council.(2023-2024)

SHARE THIS: share this bill in Facebook share this bill in Twitter
Date Published: 03/16/2023 09:00 PM
AB1667:v98#DOCUMENT

Amended  IN  Assembly  March 16, 2023

CALIFORNIA LEGISLATURE— 2023–2024 REGULAR SESSION

Assembly Bill
No. 1667


Introduced by Assembly Member Irwin

February 17, 2023


An act to add and repeal Chapter 5.9 (commencing with Section 11549.65) of Part 1 of Division 3 of Title 2 of the Government Code, relating to information security.


LEGISLATIVE COUNSEL'S DIGEST


AB 1667, as amended, Irwin. State agencies: information security. Department of Technology: California Cybersecurity Awareness and Education Council.
Existing law, the California Emergency Services Act, among other things, creates the Office of Emergency Services, which is responsible for the state’s emergency and disaster response services, as specified. Existing law requires the office to establish the California Cybersecurity Integration Center with the primary mission of reducing the likelihood and severity of cyber incidents that could damage California’s economy, its critical infrastructure, or public and private sector computer networks in the state.
Existing law establishes the Department of Technology within the Government Operations Agency, supervised by the Director of Technology, whose duties include advising the Governor on the strategic management and direction of the state’s information technology resources. Existing law establishes the Office of Information Security within the Department of Technology, with the purpose of ensuring the confidentiality, integrity, and availability of state systems and applications, and promoting and protecting privacy as part of the development and operations of state systems and applications to ensure the trust of the residents of the state.
This bill would establish the California Cybersecurity Awareness and Education Council within the Department of Technology. The bill would require the council to be composed of 15 members, to be appointed by February 1, 2024, as specified. The bill would require the council to research ways to increase cybersecurity awareness and education of students, families, and other adults, with the goal of helping people learn and use healthy cybersecurity practices, and ways to create a larger and more diverse cybersecurity-trained workforce, and would require the council to propose a strategy to engage Californians in the effort to improve cybersecurity practices and strengthen cyber infrastructure, as specified.
This bill would require the council to submit a report by July 1, 2024, that includes, among other things, approaches the state can take to raise awareness of and increase education regarding cybersecurity, including in K–12 schools, institutions of higher education, and workplaces, and ways to effectively utilize social media, marketing campaigns, and the news media to increase awareness of and distribute materials about cybersecurity, as specified.
This bill would make these provisions inoperative on February 1, 2025, and would repeal them as of January 1, 2026.

Existing law, the Information Practices Act of 1977, requires an agency, as defined, that owns or licenses computerized data that includes personal information, as defined, to disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person or whose encrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person and the encryption key or security credential was, or is reasonably believed to have been, acquired by an unauthorized person, as specified.

This bill would express the intent of the Legislature to enact legislation that would relate to the security of information maintained by state agencies.

Vote: MAJORITY   Appropriation: NO   Fiscal Committee: NOYES   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 Chapter 5.9 (commencing with Section 11549.65) is added to Part 1 of Division 3 of Title 2 of the Government Code, to read:
CHAPTER  5.9. California Cybersecurity Awareness and Education Council

11549.65.
 (a) There is in the state government, within the Department of Technology, the California Cybersecurity Awareness and Education Council.
(b) For purposes of this chapter, “council” means the California Cybersecurity Awareness and Education Council.

11549.66.
 (a) The council shall be composed of 15 members.
(b) By February 1, 2024, the President pro Tempore of the Senate, the Speaker of the Assembly, and the Governor shall each appoint five members to the council, and each are encouraged to select members that represent a wide range of stakeholders, including, but not limited to:
(1) Teachers or other K–12 public school representatives.
(2) High school students or other youth leaders.
(3) Business owners.
(4) Academic cybersecurity experts.
(5) Public safety leaders.
(6) Nonprofit organization representatives.

11549.67.
 (a) The council shall research both of the following:
(1) Ways to increase cybersecurity awareness and education of students, families, and other adults, with the goal of helping people learn and use healthy cybersecurity practices.
(2) Ways to create a larger and more diverse cybersecurity-trained workforce.
(b) The council shall propose a strategy to engage Californians in the effort to improve cybersecurity practices and strengthen cyber infrastructure. This strategy shall focus on, but shall not be limited to, both of the following:
(1) Basic cybersecurity education for individuals, families, schools, and workplaces.
(2) A public awareness campaign and education materials aimed at ensuring that more Californians become aware of the importance of cybersecurity.

11549.68.
 By July 1, 2024, the council shall deliver a report to the President pro Tempore of the Senate, the Speaker of the Assembly, the Governor, the Director of Technology, the Superintendent of Public Instruction, and the Director of Emergency Services that shall include, but not be limited to, all of the following:
(a) Approaches the state can take to raise awareness and increase education of cybersecurity, including in K–12 schools, institutions of higher education, and workplaces.
(b) Ways to effectively utilize social media, marketing campaigns, and the news media to increase awareness of and distribute materials about cybersecurity.
(c) Ways to balance amplifying existing resources and work that is already being done to promote cybersecurity awareness with creating new resources and partnerships.
(d) Ways to reach out to underrepresented populations, including, but not limited to, low-income communities and individuals who speak languages other than English.
(e) Ways in which Californians can communicate with appropriate government officials about cybersecurity concerns.
(f) Other recommendations that the council deems appropriate.

11549.69.
 This chapter shall become inoperative on February 1, 2025, and, as of January 1, 2026, is repealed.

SECTION 1.

It is the intent of the Legislature to enact legislation that would relate to the security of information maintained by state agencies.