Updated on by
State of Local Cybercrime / Internet Crime Laws & Legislation in the United States
2018 Cybersecurity Legislation Catalog
Provided by SCARS|ANALYTICS Division
The following is a catalog of cybercrime / cybersecurity laws activity by states and territories in 2018.
SCARS State Law Support Against Cybercrime / Cybersecurity Score:
With the U.S. House of Representatives in parallisys, it becomes the States to move the cybercrime legal agenda forward. However, it is very much a mixed bag.
- AZ EO 3
Creates the State Cybersecurity Team; relates to securing information online and protecting citizens; relates to the continuous advisement to the Governor on cybersecurity issues; advises on federal resources available to combat cybersecurity threats; establishes a team with specific members appointed by the Governor.
- CA A 1678
Status: Enacted, Chap. 2018-96
Requires the Secretary of State to adopt regulations describing best practices for storage and security of voter registration information received by an applicant. Requires a person or entity who has received voter registration information pursuant to an application to disclose a breach in the security of the storage of the information to the Secretary of State. Makes it a misdemeanor to distribute misleading or false information to a voter.
- CA A 1859
Status: Enacted, Chap. 2018-532
Requires a consumer credit reporting agency that owns, licenses, or maintains personal information about a state resident, or an entity that has a contract with a consumer credit reporting agency and maintains personal information on behalf of a reporting agency that poses a significant risk to a breach in the system, to take certain measures to protect that data. Provides for civil action to recover damages, civil penalties, and attorney’s fees.
- CA A 1906
Status: Enacted, Chap. 2018-860
Requires a manufacturer that sells or offers to sell a connected device in California to equip the connected device with a reasonable security feature or features appropriate to the nature and function of the device that is designed to protect the device from unauthorized remote access or use. Provide that equipping a connected device with a means for authentication outside a local area network is deemed a reasonable security feature if it meets certain requirements.
- CA A 2225
Status: Enacted, Chap. 2018-535
Requires the Secretary of State, in consultation with the Department of Technology, to approve and adopt appropriate uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media. Requires that cloud computing to be defined by the Department of Technology based on industry-recognized standards. Imposes certain requirements on a cloud computing storage service used by agencies.
- CA A 2678
Requires a computerized data security breach notification provided to an affected person, if the breach exposed or may have exposed specified personal information, to include, among other things, notice that the affected person may elect to place a security freeze on his or her credit report. Provides that if the person or business was the source of the breach, an explanation of how a security freeze differs from the identity theft prevention and mitigation services is required.
- CA A 2748
Requires the Office of Information Security in the Department of Technology, the Office of Emergency Services, and the State Military Department to establish a pilot program to conduct, or require to be conducted, an independent security assessment of election infrastructure in counties that voluntarily choose to participate in the pilot program. Requires the transmission of the complete results of security assessments to the elections official of the relevant county.
- CA A 2812
Creates the Office of Local Cloud Migration and Digital Innovation in the Department of Technology. Requires the Office to promote the use of technologies including cloud based computing and data storage that will assist local agencies in their efforts to further transparency, efficiency, disaster preparedness and response, and general accessibility to the public. Requires the Office to partner with private industry and the nonprofit community to maximize the assistance provided to local agencies.
- CA A 2813
Status: Enacted. Chap. 2018-768
Establishes in statute the California Cybersecurity Integration Center within the Office of Emergency Services to reduce the likelihood and severity of cyber incidents that could damage California’s economy, its critical infrastructure, or public and private sector computer networks in the state.
- CA A 3075
Status: Enacted. Chap. 2018-241
Creates within the Secretary of State the Office of Elections Cybersecurity to coordinate efforts between the Secretary of State and local elections officials to reduce the likelihood and severity of cyber incidents that could interfere with the security or integrity of elections in the state.
- CA A 3193
Status: Status: Failed–adjourned.
Revises an implementation requirement to provide that all state agencies must implement and comply with the policies and procedures issued by the State Chief Information Officer.