Bill Text: CA AB531 | 2017-2018 | Regular Session | Introduced
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Office of Information Security: information security technologies.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Vetoed) 2018-01-12 - Stricken from file. [AB531 Detail]
Download: California-2017-AB531-Introduced.html
Bill Title: Office of Information Security: information security technologies.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Vetoed) 2018-01-12 - Stricken from file. [AB531 Detail]
Download: California-2017-AB531-Introduced.html
CALIFORNIA LEGISLATURE—
2017–2018 REGULAR SESSION
| Assembly Bill | No. 531 |
| Introduced by Assembly Member Irwin |
February 13, 2017 |
An act to add Section 11549.2 to the Government Code, relating to information security.
LEGISLATIVE COUNSEL'S DIGEST
AB 531, as introduced, Irwin.
Office of Information Security: information security technologies.
Existing law establishes the Office of Information Security within the Department of Technology, under the supervision of the Chief of the Office of Information Security, and requires the chief to establish an information security program. Existing law authorizes the office to conduct, or require to be conducted, an independent security assessment of any state agency, department, or office, the cost of which is to be funded by the state agency, department, or office being assessed.
This bill would require the office, by April 1, 2018, to review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content, as defined, inside or
outside the firewall of state agencies. The bill would require the office, following the review, to develop a plan to require the implementation by state agencies, within the fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content of a state agency.
Digest Key
Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NOBill Text
The people of the State of California do enact as follows:
SECTION 1.
The Legislature finds and declares the following:(a) Physical or content security is an important and necessary component of the state’s cybersecurity plan.
(b) The Legislature has a role in the protection of sensitive and personally identifiable information and is particularly interested in methods used to secure digital content, electronic forms, and electronic documents.
(c) The Legislature is aware that existing, commercial off-the-shelf technologies such as digital rights management (DRM) can be used to encrypt, analyze, and continuously monitor sensitive digital content, documents, and information
inside and outside state content management systems. In addition, content-focused security solutions represent the only technology available to protect information after firewall security has been bypassed or compromised.
(d) Protecting information at the source, the document itself, is an absolute must for any sensitive information in today’s environment.
(e) This act is intended to ensure that state agencies implement document level security protections, including, but not limited to, DRM technology, to address cybersecurity threats.
SEC. 2.
Section 11549.2 is added to the Government Code, to read:11549.2.
(a) In addition to the information security program responsibilities established in Section 11549.3, by April 1, 2018, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies. “Digital content” may include, but is not limited to: common desktop applications such as word processing, presentations, and spreadsheets; portable document format (PDF); computer-aided design (CAD); photographs; and videos.(b) Following the review pursuant to subdivision (a),
the office shall develop a plan to require the implementation by state agencies, within the fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of the sensitive digital content of a state agency.
(c) Nothing in this section shall be construed to affect the application of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).
