Last Updated on by SCARS Editorial Team

State of Local CybercrimeCybercrime Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks. / Internet Crime Laws & Legislation in the United States

2018 Cybersecurity Legislation Catalog

Provided by SCARSSCARS SCARS - Society of Citizens Against Relationship Scams Inc. A government registered crime victims' assistance & crime prevention nonprofit organization based in Miami, Florida, U.S.A. SCARS supports the victims of scams worldwide and through its partners in more than 60 countries around the world. Incorporated in 2015, its team has 30 years of continuous experience educating and supporting scam victims. Visit to learn more about SCARS.|ANALYTICS Division

The following is a catalog of cybercrime / cybersecurity laws activity by states and territories in 2018.

SCARS State Law Support Against Cybercrime / Cybersecurity Score:

SCARS U.S. Legislative Cybercrime Score: F - Fail

SCARS U.S. Legislative Cybercrime Score: F – Fail


With the U.S. House of Representatives in parallisys, it becomes the States to move the cybercrime legal agenda forward. However, it is very much a mixed bag.


  • AZ EO 3
    Creates the State Cybersecurity Team; relates to securing information online and protecting citizens; relates to the continuous advisement to the Governor on cybersecurity issues; advises on federal resources available to combat cybersecurity threats; establishes a team with specific members appointed by the Governor.


  • CA A 1678
    Status: Enacted, Chap. 2018-96
    Requires the Secretary of State to adopt regulations describing best practices for storage and security of voter registration information received by an applicant. Requires a person or entity who has received voter registration information pursuant to an application to disclose a breach in the security of the storage of the information to the Secretary of State. Makes it a misdemeanor to distribute misleading or false information to a voter.
  • CA A 1859
    Status: Enacted, Chap. 2018-532
    Requires a consumer credit reporting agency that owns, licenses, or maintains personal information about a state resident, or an entity that has a contract with a consumer credit reporting agency and maintains personal information on behalf of a reporting agency that poses a significant risk to a breach in the system, to take certain measures to protect that data. Provides for civil action to recover damages, civil penalties, and attorney’s fees.
  • CA A 1906
    Status: Enacted, Chap. 2018-860
    Requires a manufacturer that sells or offers to sell a connected device in California to equip the connected device with a reasonable security feature or features appropriate to the nature and function of the device that is designed to protect the device from unauthorized remote access or use. Provide that equipping a connected device with a means for authentication outside a local area network is deemed a reasonable security feature if it meets certain requirements.
  • CA A 2225
    Status: Enacted, Chap. 2018-535
    Requires the Secretary of State, in consultation with the Department of Technology, to approve and adopt appropriate uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media. Requires that cloud computing to be defined by the Department of Technology based on industry-recognized standards. Imposes certain requirements on a cloud computing storage service used by agencies.
  • CA A 2678
    Status: Failed-adjourned
    Requires a computerized data security breach notification provided to an affected person, if the breach exposed or may have exposed specified personal information, to include, among other things, notice that the affected person may elect to place a security freeze on his or her credit report. Provides that if the person or business was the source of the breach, an explanation of how a security freeze differs from the identity theftIdentity Theft Identity theft is when someone uses another person's personal identifying information, without their permission, to commit fraud or other crimes. In both the U.K. and the United States it is the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits, and perhaps to cause other person's loss. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources. prevention and mitigation services is require