Several measures have come before lawmakers in the past, including setting baseline security controls for state agencies and providing identify theft protection. Other bills seek to bring technology to California’s roads, facilitate high-speed Internet and ban local taxation of video streaming services.
Here's Part 2 of our look at some of the key bills before the Legislature: (We published Part 1 yesterday.)
Security
- Legislation scheduled for a hearing next week would require a review of information security technologies at state agencies in a bid to protect digital data stored by the state. AB 531 directs the Department of Technology’s Office of Information Security to conduct that review by April 2018. Bill author Assemblywoman Jacqui Irwin, D-Thousand Oaks, says the review is needed because the state holds a tremendous amount of sensitive data that must be protected. Her bill would require the Office of Information Security to determine if there are sufficient policies, standards and procedures in place to protect critical government information and prevent the unauthorized disclosure of sensitive digital content. The bill is scheduled for an April 18 hearing before the Assembly Privacy and Consumer Protection Committee.
- A second Assembly committee intends to weigh in on whether lawmakers should codify into law Gov. Jerry Brown’s cybersecurity center. AB-1306 by Jay Obernolte, R-Big Bear, would set in statue the existence of the California Cybersecurity Integration Center (Cal-CSIC) at the Office of Emergency Services, which Brown created in a 2015 executive order. Obernolte’s bill would also authorize the Director of Emergency Services to administer, authorize and allocate federal homeland security grant funding. The Assembly Privacy and Consumer Protection Committee approved the bill on a 9-1 vote last month. It is scheduled for an April 19 hearing before the Assembly Governmental Organization Committee. A similar bill stalled last year in the Assembly Appropriations Committee.
- Assemblyman Brian Dahle, R-Bieber, has hit the pause button on legislation that would require the director of the Department of Technology to develop, tailor and review baseline security controls for the state. AB 650 would prohibit state agencies from using baseline security controls that fall below industry standards published by the National Institute of Standards and Technology for federal information systems and organizations. Lawmakers last year rejected similar legislation after the Department of Technology pointed out that it already follows the NIST standards, as do all state entities. However, the standards are not codified in state law. Dahle canceled a recent hearing for his bill, and a Dahle spokesman said the assemblyman has turned his bill into a two-year bill — meaning it may not come before a panel until next year.
- Lawmakers on the Assembly Privacy and Consumer Protection Committee think the state ought to provide identity theft protection if personal data held by the government is compromised. But the price tag could be hundreds of millions of dollars — a fact the Assembly Appropriations Committee will consider when AB 241 comes before the panel. In fact, a recent staff analysis, notes a breach of just a quarter of the driver license records at the Department of Motor Vehicles, for example, would cost the state more than $1 billion to provide identity theft prevention and mitigation services. The bill by Assemblyman Matt Dababneh, D-Encino, is similar to one the lawmakers failed to get past the appropriations panel in 2015.
- Legislation moving through the Assembly would make prescription opioid data more available to physicians and pharmacists. AB 40 by Assemblyman Miguel Santiago, D-Los Angeles, would require the state Department of Justice to create an electronic history of controlled substances that have been dispensed to an individual based on data contained in its prescription drug database known as the Controlled Substance Utilization Review and Evaluation System, or CURES. It would also allow an outside health information technology system to integrate and submit queries to the database. The Assembly Business and Professions Committee approved the bill on a unanimous vote earlier this month. It is scheduled for an April 25 hearing in Assembly Public Safety Committee.
- The state Department of Justice would be charged with administering and overseeing any shared gang database used by California law enforcement agencies under a bill scheduled before the Assembly Public Safety Committee. AB 90 would require the department to issue regulations governing the use, operation, and oversight of any shared gang database, including establishing requirements for entering and reviewing gang designations, the retention period for listed gangs, the criteria for identifying gang members, and the definitions of offenses consistent with gang activity. The bill would also require the department to develop and implement standardized periodic training for users who enter and access data in the shared gang database. The bill by Shirley N. Weber, D-San Diego, is scheduled for an April 18 hearing.
- Determined to remain an environmental leader on climate change, state lawmakers say California must continue its first-in-the-nation database on sea level rise. Two Assembly committees have approved AB 184 and it now awaits a vote before the full Assembly. State law requires the Natural Resources Agency to update and post a Planning for Sea Level Rise Database, which describes steps being taken throughout the state to prepare for, and adapt to, sea level rise. The database sunsets January 1, 2018. The bill by Marc Berman, D-Palo Alto, would make the database permanent. The Assembly Natural Resources approved the bill by a 9-1 vote in March. The Assembly Appropriations followed with a 13-4 vote earlier this month.
- When a county makes an electronic format of an official record, it is required by state law to use a truncated Social Security number to protect an individual’s personal sensitive information. However, that requirement does not apply to records before 1980. SB 184 by Sen. Mike Morrell, R-Rancho Cucamonga, would authorize county recorders to create electronic copes and truncate Social Security numbers for those early records. The bill contains an urgency clause and would take effect immediately should Gov. Jerry Brown sign it. The Senate approved the measure by a 39-0 vote and it now awaits Assembly action.
