Bill Text: CA AB2355 | 2021-2022 | Regular Session | Introduced
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: School cybersecurity.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Passed) 2022-09-23 - Chaptered by Secretary of State - Chapter 498, Statutes of 2022. [AB2355 Detail]
Download: California-2021-AB2355-Introduced.html
Bill Title: School cybersecurity.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Passed) 2022-09-23 - Chaptered by Secretary of State - Chapter 498, Statutes of 2022. [AB2355 Detail]
Download: California-2021-AB2355-Introduced.html
CALIFORNIA LEGISLATURE—
2021–2022 REGULAR SESSION
Assembly Bill
No. 2355
| Introduced by Assembly Member Salas |
February 16, 2022 |
An act to add Article 8.5 (commencing with Section 35265) to Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code, relating to school security.
LEGISLATIVE COUNSEL'S DIGEST
AB 2355, as introduced, Salas.
School cybersecurity.
Existing law prohibits a school district from permitting access to pupil records to a person without written parental consent or under judicial order except as authorized by specified state and federal law.
Existing law requires the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center with a primary mission to reduce the likelihood and severity of cyber incidents that could damage California’s economy, its critical infrastructure, or public and private sector computer networks in our state.
This bill would require a local educational agency, as defined, to report any cyberattack, as defined, to the California Cybersecurity Integration Center. The bill would require the local educational agency to notify the parent or legal guardian of a pupil that a
cyberattack has occurred if records pertaining to the pupil may have been accessed. The bill would require the California Cybersecurity Integration Center to establish a database that tracks reports of cyberattacks submitted by local educational agencies.
By imposing new duties on local educational agencies, the bill would constitute a state-mandated local program.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that, if the Commission on State Mandates determines that the bill contains costs mandated by the state, reimbursement for those costs shall be made pursuant to the statutory provisions noted above.
Digest Key
Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: YESBill Text
The people of the State of California do enact as follows:
SECTION 1.
Article 8.5 (commencing with Section 35265) is added to Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code, to read:Article 8.5. Cybersecurity
35265.
For purposes of this article, the following definitions apply:(a) “Cyberattack” means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer system, or computer network.
(b) “Local educational agency” means the governing body of a school district, county board of education, or state special school.
35266.
(a) A local educational agency shall report any cyberattack to the California Cybersecurity Integration Center, established by the Office of Emergency Services pursuant to Section 8586.5 of the Government Code.(b) A local educational agency shall notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed.
(c) The California Cybersecurity Integration Center shall establish a database that tracks reports of cyberattacks submitted by local educational agencies pursuant to this section.
