| Old | New | Differences | |
|---|---|---|---|
| 1 | - | ||
| 1 | + | Amended IN Senate September 06, 2017 Amended IN Assembly April 20, 2017 CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION Assembly Bill No. 531Introduced by Assembly Member IrwinFebruary 13, 2017 An act to add Section 11549.2 to the Government Code, relating to information security. LEGISLATIVE COUNSEL'S DIGESTAB 531, as amended, Irwin. Office of Information Security: information security technologies.Existing law establishes the Office of Information Security within the Department of Technology, under the supervision of the Chief of the Office of Information Security, and requires the chief to establish an information security program. Existing law authorizes the office to conduct, or require to be conducted, an independent security assessment of any state agency, department, or office, the cost of which is to be funded by the state agency, department, or office being assessed.This bill would require the office, on or before January July 1, 2019, to review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content, as defined, inside or outside the firewall of state agencies. The bill would require the office, following the review, to develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content of a state agency.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO Bill TextThe people of the State of California do enact as follows:SECTION 1. Section 11549.2 is added to the Government Code, to read:11549.2. (a) In addition to the information security program responsibilities established in Section 11549.3, on or before January July 1, 2019, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies. Digital content may include, but is not limited to: common desktop applications such as word processing, presentations, and spreadsheets; portable document format (PDF); computer-aided design (CAD); photographs; and videos.(b) Following the review pursuant to subdivision (a), the office shall develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of the sensitive digital content of a state agency.(c) Nothing in this section shall be construed to affect the application of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).(d) For purposes of this section, digital content may include, but is not limited to, any of the following:(1) Common desktop applications, including word processing, presentations, and spreadsheets.(2) Portable document format (PDF).(3) Computer-aided design.(4) Photographs.(5) Videos. | |
| 2 | 2 | ||
| 3 | - | ||
| 3 | + | Amended IN Senate September 06, 2017 Amended IN Assembly April 20, 2017 CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION Assembly Bill No. 531Introduced by Assembly Member IrwinFebruary 13, 2017 An act to add Section 11549.2 to the Government Code, relating to information security. LEGISLATIVE COUNSEL'S DIGESTAB 531, as amended, Irwin. Office of Information Security: information security technologies.Existing law establishes the Office of Information Security within the Department of Technology, under the supervision of the Chief of the Office of Information Security, and requires the chief to establish an information security program. Existing law authorizes the office to conduct, or require to be conducted, an independent security assessment of any state agency, department, or office, the cost of which is to be funded by the state agency, department, or office being assessed.This bill would require the office, on or before January July 1, 2019, to review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content, as defined, inside or outside the firewall of state agencies. The bill would require the office, following the review, to develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content of a state agency.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO | |
| 4 | 4 | ||
| 5 | - | ||
| 5 | + | Amended IN Senate September 06, 2017 Amended IN Assembly April 20, 2017 | |
| 6 | 6 | ||
| 7 | - | Enrolled September 15, 2017 | |
| 8 | - | Passed IN Senate September 11, 2017 | |
| 9 | - | Passed IN Assembly September 13, 2017 | |
| 10 | 7 | Amended IN Senate September 06, 2017 | |
| 11 | 8 | Amended IN Assembly April 20, 2017 | |
| 12 | 9 | ||
| 13 | 10 | CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION | |
| 14 | 11 | ||
| 15 | 12 | Assembly Bill No. 531 | |
| 16 | 13 | ||
| 17 | 14 | Introduced by Assembly Member IrwinFebruary 13, 2017 | |
| 18 | 15 | ||
| 19 | 16 | Introduced by Assembly Member Irwin | |
| 20 | 17 | February 13, 2017 | |
| 21 | 18 | ||
| 22 | 19 | An act to add Section 11549.2 to the Government Code, relating to information security. | |
| 23 | 20 | ||
| 24 | 21 | LEGISLATIVE COUNSEL'S DIGEST | |
| 25 | 22 | ||
| 26 | 23 | ## LEGISLATIVE COUNSEL'S DIGEST | |
| 27 | 24 | ||
| 28 | - | AB 531, Irwin. Office of Information Security: information security technologies. | |
| 25 | + | AB 531, as amended, Irwin. Office of Information Security: information security technologies. | |
| 29 | 26 | ||
| 30 | - | Existing law establishes the Office of Information Security within the Department of Technology, under the supervision of the Chief of the Office of Information Security, and requires the chief to establish an information security program. Existing law authorizes the office to conduct, or require to be conducted, an independent security assessment of any state agency, department, or office, the cost of which is to be funded by the state agency, department, or office being assessed.This bill would require the office, on or before July 1, 2019, to review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content, as defined, inside or outside the firewall of state agencies. The bill would require the office, following the review, to develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content of a state agency. | |
| 27 | + | Existing law establishes the Office of Information Security within the Department of Technology, under the supervision of the Chief of the Office of Information Security, and requires the chief to establish an information security program. Existing law authorizes the office to conduct, or require to be conducted, an independent security assessment of any state agency, department, or office, the cost of which is to be funded by the state agency, department, or office being assessed.This bill would require the office, on or before January July 1, 2019, to review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content, as defined, inside or outside the firewall of state agencies. The bill would require the office, following the review, to develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content of a state agency. | |
| 31 | 28 | ||
| 32 | 29 | Existing law establishes the Office of Information Security within the Department of Technology, under the supervision of the Chief of the Office of Information Security, and requires the chief to establish an information security program. Existing law authorizes the office to conduct, or require to be conducted, an independent security assessment of any state agency, department, or office, the cost of which is to be funded by the state agency, department, or office being assessed. | |
| 33 | 30 | ||
| 34 | - | This bill would require the office, on or before July 1, 2019, to review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content, as defined, inside or outside the firewall of state agencies. The bill would require the office, following the review, to develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content of a state agency. | |
| 31 | + | This bill would require the office, on or before January July 1, 2019, to review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content, as defined, inside or outside the firewall of state agencies. The bill would require the office, following the review, to develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content of a state agency. | |
| 35 | 32 | ||
| 36 | 33 | ## Digest Key | |
| 37 | 34 | ||
| 38 | 35 | ## Bill Text | |
| 39 | 36 | ||
| 40 | - | The people of the State of California do enact as follows:SECTION 1. Section 11549.2 is added to the Government Code, to read:11549.2. (a) In addition to the information security program responsibilities established in Section 11549.3, on or before July 1, 2019, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies.(b) Following the review pursuant to subdivision (a), the office shall develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of the sensitive digital content of a state agency.(c) Nothing in this section shall be construed to affect the application of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).(d) For purposes of this section, digital content may include, but is not limited to, any of the following:(1) Common desktop applications, including word processing, presentations, and spreadsheets.(2) Portable document format (PDF).(3) Computer-aided design.(4) Photographs.(5) Videos. | |
| 37 | + | The people of the State of California do enact as follows:SECTION 1. Section 11549.2 is added to the Government Code, to read:11549.2. (a) In addition to the information security program responsibilities established in Section 11549.3, on or before January July 1, 2019, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies. Digital content may include, but is not limited to: common desktop applications such as word processing, presentations, and spreadsheets; portable document format (PDF); computer-aided design (CAD); photographs; and videos.(b) Following the review pursuant to subdivision (a), the office shall develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of the sensitive digital content of a state agency.(c) Nothing in this section shall be construed to affect the application of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).(d) For purposes of this section, digital content may include, but is not limited to, any of the following:(1) Common desktop applications, including word processing, presentations, and spreadsheets.(2) Portable document format (PDF).(3) Computer-aided design.(4) Photographs.(5) Videos. | |
| 41 | 38 | ||
| 42 | 39 | The people of the State of California do enact as follows: | |
| 43 | 40 | ||
| 44 | 41 | ## The people of the State of California do enact as follows: | |
| 45 | 42 | ||
| 46 | - | SECTION 1. Section 11549.2 is added to the Government Code, to read:11549.2. (a) In addition to the information security program responsibilities established in Section 11549.3, on or before July 1, 2019, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies.(b) Following the review pursuant to subdivision (a), the office shall develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of the sensitive digital content of a state agency.(c) Nothing in this section shall be construed to affect the application of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).(d) For purposes of this section, digital content may include, but is not limited to, any of the following:(1) Common desktop applications, including word processing, presentations, and spreadsheets.(2) Portable document format (PDF).(3) Computer-aided design.(4) Photographs.(5) Videos. | |
| 43 | + | SECTION 1. Section 11549.2 is added to the Government Code, to read:11549.2. (a) In addition to the information security program responsibilities established in Section 11549.3, on or before January July 1, 2019, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies. Digital content may include, but is not limited to: common desktop applications such as word processing, presentations, and spreadsheets; portable document format (PDF); computer-aided design (CAD); photographs; and videos.(b) Following the review pursuant to subdivision (a), the office shall develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of the sensitive digital content of a state agency.(c) Nothing in this section shall be construed to affect the application of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).(d) For purposes of this section, digital content may include, but is not limited to, any of the following:(1) Common desktop applications, including word processing, presentations, and spreadsheets.(2) Portable document format (PDF).(3) Computer-aided design.(4) Photographs.(5) Videos. | |
| 47 | 44 | ||
| 48 | 45 | SECTION 1. Section 11549.2 is added to the Government Code, to read: | |
| 49 | 46 | ||
| 50 | 47 | ### SECTION 1. | |
| 51 | 48 | ||
| 52 | - | 11549.2. (a) In addition to the information security program responsibilities established in Section 11549.3, on or before July 1, 2019, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies.(b) Following the review pursuant to subdivision (a), the office shall develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of the sensitive digital content of a state agency.(c) Nothing in this section shall be construed to affect the application of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).(d) For purposes of this section, digital content may include, but is not limited to, any of the following:(1) Common desktop applications, including word processing, presentations, and spreadsheets.(2) Portable document format (PDF).(3) Computer-aided design.(4) Photographs.(5) Videos. | |
| 49 | + | 11549.2. (a) In addition to the information security program responsibilities established in Section 11549.3, on or before January July 1, 2019, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies. Digital content may include, but is not limited to: common desktop applications such as word processing, presentations, and spreadsheets; portable document format (PDF); computer-aided design (CAD); photographs; and videos.(b) Following the review pursuant to subdivision (a), the office shall develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of the sensitive digital content of a state agency.(c) Nothing in this section shall be construed to affect the application of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).(d) For purposes of this section, digital content may include, but is not limited to, any of the following:(1) Common desktop applications, including word processing, presentations, and spreadsheets.(2) Portable document format (PDF).(3) Computer-aided design.(4) Photographs.(5) Videos. | |
| 53 | 50 | ||
| 54 | - | 11549.2. (a) In addition to the information security program responsibilities established in Section 11549.3, on or before July 1, 2019, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies.(b) Following the review pursuant to subdivision (a), the office shall develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of the sensitive digital content of a state agency.(c) Nothing in this section shall be construed to affect the application of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).(d) For purposes of this section, digital content may include, but is not limited to, any of the following:(1) Common desktop applications, including word processing, presentations, and spreadsheets.(2) Portable document format (PDF).(3) Computer-aided design.(4) Photographs.(5) Videos. | |
| 51 | + | 11549.2. (a) In addition to the information security program responsibilities established in Section 11549.3, on or before January July 1, 2019, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies. Digital content may include, but is not limited to: common desktop applications such as word processing, presentations, and spreadsheets; portable document format (PDF); computer-aided design (CAD); photographs; and videos.(b) Following the review pursuant to subdivision (a), the office shall develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of the sensitive digital content of a state agency.(c) Nothing in this section shall be construed to affect the application of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).(d) For purposes of this section, digital content may include, but is not limited to, any of the following:(1) Common desktop applications, including word processing, presentations, and spreadsheets.(2) Portable document format (PDF).(3) Computer-aided design.(4) Photographs.(5) Videos. | |
| 55 | 52 | ||
| 56 | - | 11549.2. (a) In addition to the information security program responsibilities established in Section 11549.3, on or before July 1, 2019, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies.(b) Following the review pursuant to subdivision (a), the office shall develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of the sensitive digital content of a state agency.(c) Nothing in this section shall be construed to affect the application of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).(d) For purposes of this section, digital content may include, but is not limited to, any of the following:(1) Common desktop applications, including word processing, presentations, and spreadsheets.(2) Portable document format (PDF).(3) Computer-aided design.(4) Photographs.(5) Videos. | |
| 53 | + | 11549.2. (a) In addition to the information security program responsibilities established in Section 11549.3, on or before January July 1, 2019, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies. Digital content may include, but is not limited to: common desktop applications such as word processing, presentations, and spreadsheets; portable document format (PDF); computer-aided design (CAD); photographs; and videos.(b) Following the review pursuant to subdivision (a), the office shall develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of the sensitive digital content of a state agency.(c) Nothing in this section shall be construed to affect the application of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).(d) For purposes of this section, digital content may include, but is not limited to, any of the following:(1) Common desktop applications, including word processing, presentations, and spreadsheets.(2) Portable document format (PDF).(3) Computer-aided design.(4) Photographs.(5) Videos. | |
| 57 | 54 | ||
| 58 | 55 | ||
| 59 | 56 | ||
| 60 | - | 11549.2. (a) In addition to the information security program responsibilities established in Section 11549.3, on or before July 1, 2019, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies. | |
| 57 | + | 11549.2. (a) In addition to the information security program responsibilities established in Section 11549.3, on or before January July 1, 2019, the office shall review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content inside or outside the firewall of state agencies. Digital content may include, but is not limited to: common desktop applications such as word processing, presentations, and spreadsheets; portable document format (PDF); computer-aided design (CAD); photographs; and videos. | |
| 61 | 58 | ||
| 62 | 59 | (b) Following the review pursuant to subdivision (a), the office shall develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of the sensitive digital content of a state agency. | |
| 63 | 60 | ||
| 64 | 61 | (c) Nothing in this section shall be construed to affect the application of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1). | |
| 65 | 62 | ||
| 66 | 63 | (d) For purposes of this section, digital content may include, but is not limited to, any of the following: | |
| 67 | 64 | ||
| 68 | 65 | (1) Common desktop applications, including word processing, presentations, and spreadsheets. | |
| 69 | 66 | ||
| 70 | 67 | (2) Portable document format (PDF). | |
| 71 | 68 | ||
| 72 | 69 | (3) Computer-aided design. | |
| 73 | 70 | ||
| 74 | 71 | (4) Photographs. | |
| 75 | 72 | ||
| 76 | 73 | (5) Videos. |