STATE OF NEW YORK ________________________________________________________________________ 7907 IN SENATE January 3, 2024 ___________ Introduced by Sens. PARKER, SEPULVEDA -- read twice and ordered printed, and when printed to be committed to the Committee on Internet and Technology AN ACT establishing a commission to study the European Union's general protection data regulation and the current state of cyber security in the state The People of the State of New York, represented in Senate and Assem- bly, do enact as follows: 1 Section 1. a. The office of information technology services, in 2 consultation with, and using data collected by, the state board of 3 elections, shall establish a commission to study the European Union's 4 general protection data regulation and the current state of cyber secu- 5 rity in the state, to develop legislation to protect people's online 6 personal information. 7 b. Such commission shall consist of eleven members to be appointed by 8 the director of the office of information technology services. Such 9 members shall have knowledge of and expertise in cyber security, tele- 10 communications, internet service delivery, public protection, computer 11 systems and/or computer networks. 12 c. Such commission shall investigate, discuss and make recommendations 13 concerning cyber security issues using the European Union's general 14 protection data regulation as a model involving both the public and 15 private sectors and the necessary steps New York state should take to 16 protect: 17 i. critical cyber infrastructure; 18 ii. financial systems; 19 iii. telecommunications networks; 20 iv. electrical grids; 21 v. security systems; 22 vi. first responder systems and infrastructure; 23 vii. physical infrastructure systems; 24 viii. transportation systems; and 25 ix. any additional sectors of state government and the private sector 26 as the commission deems necessary. EXPLANATION--Matter in italics (underscored) is new; matter in brackets [] is old law to be omitted. LBD06219-01-3S. 7907 2 1 d. The purpose of such commission shall be to promote the development 2 of innovative, actionable policies to ensure that New York state is in 3 the forefront of personal cyber security defense. 4 e. The members of such commission shall receive no compensation for 5 their services, but may receive actual and necessary expenses, and shall 6 not be disqualified for holding any other public office or employment by 7 means of their service as a member of the commission. 8 f. Such commission shall be entitled to request and receive, and shall 9 be provided with, such facilities, resources and data of any agency, 10 department, division, board, bureau, commission, or public authority of 11 the state, as they may reasonably request, to properly carry out their 12 powers, duties and purpose. 13 § 2. No later than one year after the effective date of this act, the 14 office of information technology services shall submit to the governor 15 and the legislature a report regarding the European Union's general 16 protection data regulation and the current state of cyber security in 17 the state. 18 § 3. The office of information technology services shall evaluate such 19 data with the assistance of experts in: 20 a. European Union cyber security; 21 b. voter fraud; 22 c. New York state cyber security; 23 d. cybercrime; and 24 e. hacking. 25 § 4. This act shall take effect immediately.