STAND. COM. REP. NO. 739

Honolulu, Hawaii

RE:    S.B. No. 1162

       S.D. 2

Honorable Shan S. Tsutsui

President of the Senate

Twenty-Sixth State Legislature

Regular Session of 2011

State of Hawaii

Sir:

     Your Committee on Ways and Means, to which was referred S.B. No. 1162, S.D. 1, entitled:

"A BILL FOR AN ACT RELATING TO SECURITY BREACHES OF PERSONAL INFORMATION,"

begs leave to report as follows:

     The purpose and intent of this measure is to improve the safeguards afforded to persons whose personal information is compromised by a security breach of a government agency.

     More specifically this measure:

     (1)  Requires government agencies that maintain personal information systems to develop mandatory training programs for personnel who have access to disclosures of personal information;

     (2)  Requires reports of security breaches to be submitted to the Information Privacy and Security Council;

     (3)  Requires the Information Privacy and Security Council to coordinate the implementation of guidelines by government agencies, and makes the Comptroller or State Chief Information Officer the chair of the council; and

     (4)  Appropriates moneys for the council, a specialist and coordinator positions in statewide network security, and security tools, maintenance, and licenses, including software and enhanced web applications.

     Your Committee received comments in support of this measure from Christopher Stathis, Support Services Department Head, The Judiciary, State of Hawaii.

     Your Committee received comments on this measure from Bruce A. Coppa, Comptroller, Department of Accounting and General Services; and Mihoko Ito, Consumer Data Industry Association.

     Your Committee finds that recent high profile security breaches of government agencies have revealed a need to strengthen the safeguards related to maintenance of personal records.  This measure will address many of the deficiencies in the current system.

     Your Committee has amended this measure by:

     (1)  Changing the effective date to July 1, 2050, to facilitate further discussion on the issue; and

     (2)  Making technical, nonsubstantive amendments for the purposes of clarity and consistency.

     As affirmed by the record of votes of the members of your Committee on Ways and Means that is attached to this report, your Committee is in accord with the intent and purpose of S.B. No. 1162, S.D. 1, as amended herein, and recommends that it pass Third Reading in the form attached hereto as S.B. No. 1162, S.D. 2.

Respectfully submitted on behalf of the members of the Committee on Ways and Means,