Listen To This Article - A Short Ad Pays For This Service

State of Local Cybercrime / Internet Crime Laws & Legislation in the United States

2018 Cybersecurity Legislation Catalog

Provided by SCARS|ANALYTICS Division

The following is a catalog of cybercrime / cybersecurity laws activity by states and territories in 2018.

SCARS State Law Support Against Cybercrime / Cybersecurity Score:

SCARS U.S. Legislative Cybercrime Score: F - Fail

SCARS U.S. Legislative Cybercrime Score: F – Fail

U.S. STATES

With the U.S. House of Representatives in parallisys, it becomes the States to move the cybercrime legal agenda forward. However, it is very much a mixed bag.

Arizona

  • AZ EO 3
    Creates the State Cybersecurity Team; relates to securing information online and protecting citizens; relates to the continuous advisement to the Governor on cybersecurity issues; advises on federal resources available to combat cybersecurity threats; establishes a team with specific members appointed by the Governor.

California

  • CA A 1678
    Status: Enacted, Chap. 2018-96
    Requires the Secretary of State to adopt regulations describing best practices for storage and security of voter registration information received by an applicant. Requires a person or entity who has received voter registration information pursuant to an application to disclose a breach in the security of the storage of the information to the Secretary of State. Makes it a misdemeanor to distribute misleading or false information to a voter.
  • CA A 1859
    Status: Enacted, Chap. 2018-532
    Requires a consumer credit reporting agency that owns, licenses, or maintains personal information about a state resident, or an entity that has a contract with a consumer credit reporting agency and maintains personal information on behalf of a reporting agency that poses a significant risk to a breach in the system, to take certain measures to protect that data. Provides for civil action to recover damages, civil penalties, and attorney’s fees.
  • CA A 1906
    Status: Enacted, Chap. 2018-860
    Requires a manufacturer that sells or offers to sell a connected device in California to equip the connected device with a reasonable security feature or features appropriate to the nature and function of the device that is designed to protect the device from unauthorized remote access or use. Provide that equipping a connected device with a means for authentication outside a local area network is deemed a reasonable security feature if it meets certain requirements.
  • CA A 2225
    Status: Enacted, Chap. 2018-535
    Requires the Secretary of State, in consultation with the Department of Technology, to approve and adopt appropriate uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media. Requires that cloud computing to be defined by the Department of Technology based on industry-recognized standards. Imposes certain requirements on a cloud computing storage service used by agencies.
  • CA A 2678
    Status: Failed-adjourned
    Requires a computerized data security breach notification provided to an affected person, if the breach exposed or may have exposed specified personal information, to include, among other things, notice that the affected person may elect to place a security freeze on his or her credit report. Provides that if the person or business was the source of the breach, an explanation of how a security freeze differs from the identity theft prevention and mitigation services is required.
  • CA A 2748
    Status: Failed–adjourned.
    Requires the Office of Information Security in the Department of Technology, the Office of Emergency Services, and the State Military Department to establish a pilot program to conduct, or require to be conducted, an independent security assessment of election infrastructure in counties that voluntarily choose to participate in the pilot program. Requires the transmission of the complete results of security assessments to the elections official of the relevant county.
  • CA A 2812
    Status: Failed–adjourned.
    Creates the Office of Local Cloud Migration and Digital Innovation in the Department of Technology. Requires the Office to promote the use of technologies including cloud based computing and data storage that will assist local agencies in their efforts to further transparency, efficiency, disaster preparedness and response, and general accessibility to the public. Requires the Office to partner with private industry and the nonprofit community to maximize the assistance provided to local agencies.
  • CA A 2813
    Status: Enacted. Chap. 2018-768
    Establishes in statute the California Cybersecurity Integration Center within the Office of Emergency Services to reduce the likelihood and severity of cyber incidents that could damage California’s economy, its critical infrastructure, or public and private sector computer networks in the state.
  • CA A 3075
    Status: Enacted. Chap. 2018-241
    Creates within the Secretary of State the Office of Elections Cybersecurity to coordinate efforts between the Secretary of State and local elections officials to reduce the likelihood and severity of cyber incidents that could interfere with the security or integrity of elections in the state.
  • CA A 3193
    Status: Status: Failed–adjourned.
    Revises an implementation requirement to provide that all state agencies must implement and comply with the policies and procedures issued by the State Chief Information Officer.
  • CA S 327
    Status: Enacted. Chap. 2018-886
    Requires a manufacturer of a connected device to equip such device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.
  • CA S 532
    Status: Enacted. Chap. 2018-557
    Relates to the California Emergency Services Act. Provides for adding cyberterrorism within those conditions constituting a state of emergency and a local emergency.

Colorado

  • CO E.O. 2
    Declares a disaster emergency due to the Department of Transportation cybersecurity incident in the state, authorizes deployment of the National Guard and use of the Emergency Management Assistance Compact.
  • CO E.O. 29
    Activates the National Guard for the purpose of ensuring election security.
  • CO H 1200
    Status: Enacted. Chap. 379
    Concerns cybercrime, criminalizes using a computer to engage in prostitution of a minor, criminalizing skimming payment cards, and making changes to the penalty structure for cybercrime, changes the name of the crime computer crime to cybercrime, makes soliciting, arranging, or offering to arrange a situation in which a minor may engage in prostitution, by means of using a computer, computer network, computer system, or any part thereof, a cybercrime.
  • CO S 86
    Status: Enacted. Chap. 319
    Concerns the use of cyber coding cryptology for the transmission and storage of state records, requires the Chief Information Security Officer, the Director of OIT, the Department of State, and the Department of Regulatory Agencies to take certain actions to protect state records containing trusted sensitive and confidential information from criminal, unauthorized, or inadvertent manipulation or theft, makes an appropriation.

Connecticut

  • CT S 441
    Status: Failed–adjourned.
    Concerns an inventory of the state’s cybersecurity job training pipeline, requires the Department of Economic and Community Development, in collaboration with state Innovations, Incorporated, the Department of Education, the Board of Regents for Higher Education and The University of Connecticut, to conduct an inventory of the educational resources available in the state to prepare students for careers in the cybersecurity field.

Florida

  • H.B. 755
    Status: Enacted, Chap. 60
    Relates to public records; provides an exemption from public records requirements for information obtained by persons or agencies from the First Responder Network Authority and information relating to the Nationwide Public Safety Broadband Network.
  • FL H 1127
    Status: Enacted, Chap. 65
    Relates to public records; provides an exemption from public records requirements for certain records held by the Citizens Property Insurance Corporation which identify detection, investigation, or response practices for suspected or confirmed information technology security incidents; provides retroactive application.
  • FL H 2125
    Status: Failed – Adjourned
    Relates to the Appropriations Project titled University of West Florida – Cybersecurity Support, provides an appropriation.
  • FL H 3355
    Status: Failed – Adjourned
    Relates to the Appropriations Project titled Computer Mentors Group Youth Cyber Security and effective date.
  • FL H 4045
    Status: Failed – Adjourned
    Relates to the appropriations project titled Miami Dade College, Cybersecurity Training Center, provides an appropriation.
  • FL H 5001
    Status: Enacted. Chap. 9
    Makes appropriations, provides moneys for the annual period beginning July 1, 2018, and ending June 30, 2019, and supplemental appropriations for the period ending June 30, 2018, to pay salaries, and other expenses, capital outlay for buildings, and other improvements, and for other specified purposes of the various agencies of state government.
  • FL S 1880
    Status: Failed
    Relates to public records, provides an exemption from public records requirements for certain records held by the Citizens Property Insurance Corporation which identify detection, investigation, or response practices for suspected or confirmed information technology security incidents.
  • FL S 608
    Status: Failed
    Relates to public records, establishes the Identity Theft and Fraud Protection Act, requires an agency to review information susceptible to use for purposes of identity theft or fraud before making postings to a publicly available website, prohibits an agency from posting an image or a copy of a public record containing information susceptible to use for purposes of identity theft or fraud to a publicly available website.

Georgia

  • GA S 315
    Status: Vetoed
    Relates to computer crimes, states that any person who intentionally accesses a computer or computer network with knowledge that such access is without authority shall be guilty of the crime of unauthorized computer access.
  • GA SR 318
    Status: Failed – Adjourned
    Creates the Senate Cyber Challenge Study Committee.
  • GA SR 454
    Status: Failed – Adjourned
    Creates the Senate Cyber Challenge Study Committee.
  • GA SR 929
    Status: Failed – Adjourned
    Creates the Joint Study Committee on Cyber Security Legislation.

Hawaii

  • HI H 598
    Status: Failed–adjourned.
    Authorizes the University of Hawaii to participate in and contribute funding for activities related to the development of a Hawaii cyber ecosystem and other related aspects of cyber security.
  • HI S 955
    Status: Failed–adjourned.
    Relates to homeland security, adds the fusion center as a program under the existing Office of Homeland Security, establishes the position of director of the fusion center who shall be responsible to the director of homeland security and accountable to manage the day-to-day operations of the fusion center.
  • HI H 1089
    Status: Failed–adjourned.
    Provides that the state of Hawaii, as a strategic location in the pacific, have all information necessary to guard against those who would do harm to the country and to the state, provides that the Hawaii State Fusion Center be fully staffed and supported, adds the fusion center as a program under the existing Office of Homeland Security, establishes the position of director of the fusion center who shall be responsible to the Director of Homeland Security and accountable to manage the day-to-day.
  • HI H 2078
    Status: Failed–adjourned.
    Authorizes and provides funding for the Technology Development Corporation to participate in and contribute funding for the development of a statewide cyber ecosystem and related aspects of cybersecurity.
  • HI H 2091
    Status: Failed–adjourned.
    Establishes the Hawaii State Fusion Center (Center) as a program under the Office of Homeland Security and establishes the position of Hawaii State Fusion Center Director who shall be state-funded, responsible to the Director of Homeland Security, and accountable to manage the operations of the Center.
  • HI SCR 46
    Status: Failed–adjourned.
    Requests the Office of Elections to conduct a security audit of Hawaii’s voting system.

Iowa

  • IA H 366
    Status: Failed–adjourned.
    Provides for state employee cyber security briefings for certain travel outside the country.
  • IA H 558
    Status: Failed–adjourned.
    Concerns the Office of the Chief Information Officer relating to designation of certain information technology staff, background checks, and the technology advisory council.
  • IA H 2252
    Status: Enacted. Chap. 1149
    Changes the requirements for membership on the board of examiners for voting systems, allowing one member to have been trained in cybersecurity rather than requiring training in computer programming and operations.
  • IA HSB 76
    Status: Failed–adjourned.
    Relates to public utilities and other infrastructure, includes the confidentiality of certain information relating to such infrastructure, the authority of utilities to make temporary rate changes, and presiding officers at public information meetings held for electric transmission line franchise petitions.
  • IA HSB 119
    Status: Failed–adjourned.
    Concerns the Office of the Chief Information Officer relating to designation of certain information technology staff, background checks, and the technology advisory council.
  • IA HSB 185
    Status: Failed–adjourned.
    Provides for the confidentiality of certain cyber security and critical infrastructure information developed and maintai