IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Proposal Seeks Protections for California’s Sensitive Digital Content

The chair of the Assembly Select Committee on Cybersecurity introduced legislation this week that would require the Office of Information Security to determine if there are sufficient policies, standards and procedures in place to protect critical government information and prevent unauthorized disclosures.

As cyberthreats continue to evolve in sophistication, one state lawmaker wants to ensure that California agencies are reviewing their security plans to protect sensitive digital content.

Assemblymember Jacqui Irwin, D-Thousand Oaks, this week introduced legislation that would require the Department of Technology’s Office of Information Security to review information security technologies at state agencies by April 2018.

“The state holds a tremendous amount of information from DMV to health records to residence status,” Irwin told Techwire in an interview. That information all needs to be protected for our health and well-being.”

Although the State Administrative Manual sets standards for data classification security, Irwin said she is concerned that not all agencies meet the requirements.

The Democrat is chair of the Assembly Select Committee on Cybersecurity, and she has spent the last two years examining California’s readiness to prevent hackers attacking critical infrastructure and accessing sensitive government information.

Her bill, AB 531, would require the Office of Information Security to determine if there are sufficient policies, standards and procedures in place to protect critical government information and prevent the unauthorized disclosure of sensitive digital content.

The office would then be required to develop a plan so that state agencies can implement any needed technology within a year. The bill specifically emphasizes that state agencies implement document-level security protections such as Digital Rights Management, an off-the-shelf technology that can be used to encrypt, analyze and continuously monitor sensitive digital content, according to the bill.

“It has become much more profitable to go after someone online than it is to break into their home,” Irwin said. “They can get bank records, Social Security records.”

Related legislation introduced this week by Assemblymember Brian Dahle, R-Bieber, would require the Department of Technology director to develop, tailor and review baseline security controls for the state.

AB 650 would prohibit state agencies from using baseline security controls that fall below industry standards published by the National Institute of Standards and Technology for federal information systems and organizations.

Lawmakers last year rejected similar legislation after the Department of Technology pointed out that it already follows the NIST standards, as do all state entities. However, the standards are not codified in state law. A spokesman for Dahle did not return an email Thursday seeking comment.