Bill Text: NY A01729 | 2019-2020 | General Assembly | Introduced

Bill Title: Establishes a commission to study the European Union's general protection data regulation and the current state of cyber security in the state.

Spectrum: Moderate Partisan Bill (Democrat 26-4)

Status: (Introduced) 2019-01-16 - referred to governmental operations [A01729 Detail]

Download: New_York-2019-A01729-Introduced.html

                STATE OF NEW YORK
                               2019-2020 Regular Sessions
                   IN ASSEMBLY
                                    January 16, 2019
          COLTON, LAWRENCE, COOK, LIFTON, LUPARDO -- Multi-Sponsored by -- M. of
          A.    GIGLIO, SIMON, WRIGHT -- read once and referred to the Committee
          on Governmental Operations
        AN ACT establishing a commission to study the European  Union's  general
          protection  data regulation and the current state of cyber security in
          the state
          The People of the State of New York, represented in Senate and  Assem-
        bly, do enact as follows:
     1    Section  1.  a.  The  office  of  information  technology services, in
     2  consultation with, and using data  collected  by,  the  state  board  of
     3  elections,  shall  establish  a commission to study the European Union's
     4  general protection data regulation and the current state of cyber  secu-
     5  rity  in  the  state,  to develop legislation to protect people's online
     6  personal information.
     7    b. Such commission shall consist of eleven members to be appointed  by
     8  the  director  of  the  office  of information technology services. Such
     9  members shall have knowledge of and expertise in cyber  security,  tele-
    10  communications,  internet  service delivery, public protection, computer
    11  systems and/or computer networks.
    12    c. Such commission shall investigate, discuss and make recommendations
    13  concerning cyber security issues  using  the  European  Union's  general
    14  protection  data  regulation  as  a  model involving both the public and
    15  private sectors and the necessary steps New York state  should  take  to
    16  protect:
    17    i. critical cyber infrastructure;
    18    ii. financial systems;
    19    iii. telecommunications networks;
    20    iv. electrical grids;
         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.

        A. 1729                             2
     1    v. security systems;
     2    vi. first responder systems and infrastructure;
     3    vii. physical infrastructure systems;
     4    viii. transportation systems; and
     5    ix.  any additional sectors of state government and the private sector
     6  as the commission deems necessary.
     7    d. The purpose of such commission shall be to promote the  development
     8  of  innovative,  actionable policies to ensure that New York state is in
     9  the forefront of personal cyber security defense.
    10    e. The members of such commission shall receive  no  compensation  for
    11  their services, but may receive actual and necessary expenses, and shall
    12  not be disqualified for holding any other public office or employment by
    13  means of their service as a member of the commission.
    14    f. Such commission shall be entitled to request and receive, and shall
    15  be  provided  with,  such  facilities, resources and data of any agency,
    16  department, division, board, bureau, commission, or public authority  of
    17  the  state,  as they may reasonably request, to properly carry out their
    18  powers, duties and purpose.
    19    § 2. No later than one year after the effective date of this act,  the
    20  office  of  information technology services shall submit to the governor
    21  and the legislature a report  regarding  the  European  Union's  general
    22  protection  data  regulation  and the current state of cyber security in
    23  the state.
    24    § 3. The office of information technology services shall evaluate such
    25  data with the assistance of experts in:
    26    a. European Union cyber security;
    27    b. voter fraud;
    28    c. New York state cyber security;
    29    d. cybercrime; and
    30    e. hacking.
    31    § 4. This act shall take effect immediately.