2021 has seen a series of alarming cybersecurity incidences that have propelled the Biden administration to take swift action. The latter comes in the form of a robust Congressional cybersecurity agenda aimed at expanding the nation’s cybersecurity capabilities. In retrospect, 2021 saw cybersecurity take higher legislative priority, with a total of 60 bills passed during this period. Some of the most interesting of these cybersecurity laws passed in 2021 include:
Arkansas Cybersecurity Laws and Bills
The most interesting Arkansas Cybersecurity bill is the AR S.B. 149, which is an amendment of the Fair Mortgage Lending Act. The bill provides that a mortgage broker, banker, or servicer can establish, implement, update, and enforce written physical security and cybersecurity policies and procedures. This ensures the confidentiality, integrity, and availability of physical and electronic records and information. Overall, it establishes the cybersecurity policy and procedures governing the mortgage industry.
California Cybersecurity Bills
California’s Cybersecurity Bill, CA A.B. 128, provides a $2,000,000 budgetary allocation within the state’s 2021-22 fiscal year to establish and operate the Office of Elections Cybersecurity. This office is expected to minimize any overlaps and coordinate statewide cybersecurity efforts performed by the California Cybersecurity Integration Center. Additionally, the bill appropriates up to $925,000 to the integration center. As it pertains to information sharing by the California Cybersecurity Integration Center, the bill stipulates that said sharing should be done in a manner that protects the privacy and civil liberties of individuals. What’s more, this information sharing is expected to be done in a manner that safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyberattacks. Finally, the bill appropriates $10,000,000 to address deferred maintenance projects that represent critical infrastructure deficiencies.
Colorado Cybersecurity Bills
No other bill passed in 2021 captures the current state of the information technology environment better than Colorado’s CO H.B. 1236. This bill provides that the Colorado cybersecurity council may develop an all-encompassing cybersecurity approach for the state and local governments. This bill makes provisions for the coordination and setting of strategic statewide cybersecurity goals, roadmaps, and best practices. The enacted council also reviews the need to conduct risk assessments of local government systems. Then, provide additional cybersecurity services to local governments.
Florida Cybersecurity Laws and Bills
Florida has had three cybersecurity bills in 2021. The first is FL H.B. 1137 that is yet to be appended. This bill requires the Department of Management Services to establish project management and oversight standards for state agency compliance. DMS also performs project oversight, issue requests for quotes from approved vendors bidding to provide commodities or services. Finally, the department prequalifies the firms and individuals that provide services on state term contracts.
The second bill is the FL H.B. 1297 that directly relates to cybersecurity. The bill requires audit plans from the Inspector General to include certain information. It also creates the State Cybersecurity Advisory Council within the Department of Management Services that then governs said department.
The final bill is FL S.B. 7074 that relates to public records and social media platform activities. Additionally, the bill provides public records exemptions for information received by the Attorney General pursuant to an investigation by said authority. These exemptions also apply to any social media platform activities and information required by any law enforcement agency.
Hawaii Cybersecurity Bills
HI S.B 1100 is still awaiting the Governor’s signature. Still, this legislature is quite important as it pertains to cybersecurity. Specifically, it finds that the National Association of Insurance Commissioners adopted the Insurance Data Security Model Law. The latter strengthens the existing data security and consumer breach notification obligations of the licensees. Overall, this bill caters to insurance data security in case a cybersecurity event occurs.
Iowa Cybersecurity Bills
In Iowa, there have been two major cybersecurity bills. The first is IA H.B 719, which relates to standards for data security. Specifically, the bill handles the investigations and notifications of cybersecurity events. Additionally, it makes provisions for certain licenses under the jurisdiction of the Commissioner of insurance and provides the penalties applicable for individuals found to be in breach of the data security laws in place.
The second Iowa Cybersecurity bill is IA H.B 861 that relates to appropriations to the justice system. This bill delves into the gambling regulatory fees and creates a bureau of cyber crimes that is expected to handle cases of cybercrimes. It is within this same bill that funding for the department of corrections is discussed where a survivor benefits fund is created brings on board private investors too.
Illinois Cybersecurity Bills
Prior to the submission of the IL H.B 3523, the state’s definition of disaster did not include provisions of cyberthreats. With this bill, not yet appended by the Governor’s signature, the Emergency Management Agency Act expands the definition of disaster to include a cyberattack.
An additional bill is the IL S.B 825, which effectively amends the Election Code as it pertains to cybersecurity. Particularly, it requires that each election authority maintain a website to begin utilizing a .gov website address and a .gov electronic mail address for each employee for that extra level of security.
Indiana Cybersecurity Laws and Bills
Dubbed IN H.B 1169, this Indiana Cybersecurity bill relates to cybersecurity incidents. At its tenets, the bill requires the office of technology to maintain a repository of cybersecurity incidents. Additionally, it provides that a state agency and a political subdivision report any cybersecurity incident to the office without unreasonable delay and no later than two business days after discovery of the cybersecurity incident. This allows said agency provide the best possible support in the event of a cyberthreat.
Kansas Cybersecurity Bills
The 2021 Kansas Cybersecurity bill establishes criminal penalties for individuals found to have intentionally disclosed public records under the open records act. Additionally, the bill creates certain exceptions to the disclosure of the same public records. Finally, it also discloses exemptions in the open records act for cybersecurity assessments, plans, and vulnerabilities.
Louisiana Cybersecurity Bills
LA H.B 373 establishes an exception to public records requirements for certain information by the Secretary of State. On the other hand, LA H.B 128 handles the Cash Management Review Board with respect to financial security and cybersecurity plans and procedures adopted by state agencies, including the assessment and deployment of such plans and procedures.
Maryland Cybersecurity Laws and Bills
The Maryland Cybersecurity bills come at a rather appropriate juncture seeing as the Baltimore City government suffered a ransomware attack in 2019. This attack brought the entire city’s cyberinfrastructure to a halt. This affected a total of 7000 users dependent on city services. The bill, sponsored by Lee, prohibits the use of ransomware with the intention of disrupting or impairing any of the state’s infrastructure. It establishes penalties for individuals that might knowingly hack into any infrastructure. Finally, the bill authorizes the victim of certain offenses to bring a civil action for damages against a certain person.
Maine Cybersecurity Bills
Maine has successfully adopted a version of the National Association of Insurance Commissioners (NAIC) model cybersecurity law. This law saw the immediate establishment of investigation procedures, standards as it pertains to data security programs, and notification requirements for individuals authorized or registered to operate pursuant to the insurance laws within the state. In its entirety, this bill is aimed at protecting both the security and confidentiality of non-public information. Further, the risk assessment made necessary through the bill helps with identifying any threats.
Missouri Cybersecurity Bills
This bill, currently pending the Governor’s signature, makes provisions for the establishment of the Missouri Cybersecurity Commission, which will operate under the Department of Public Safety. This commission analyzes data from various state agencies, schools, and higher education institutions with the aim of identifying any risks and vulnerabilities to the state’s cyberinfrastructure. Additionally, the bill provided new rules for docks and boaters. For instance, it would be illegal for boats to anchor in a way that obstructs access to the dock. Finally, the bill modifies provisions relating to certain vessel registration and fees. Concisely, 2021 has seen the passing of a host of cybersecurity bills aimed at, among others, increasing cybersecurity funding, improving breach reporting, and investigating and regulating cryptocurrencies. These come at a time when there is a widespread outcry for better regulation of the IT space.
Remain Compliant With the New Cybersecurity Laws
At Agile IT, we stay current with all the different cybersecurity legislation passed in the different states. As our client, you are assured that our team will work with you to ensure that your cloud infrastructure meets compliance. If you are interested in having a partner that does all the heavy lifting as it pertains to compliance with state, federal, and industry-specific cybersecurity requirements, contact us today!