CALIFORNIA LEGISLATURE 20192020 REGULAR SESSION Assembly Bill No. 2320Introduced by Assembly Member ChauFebruary 14, 2020 An act to add Chapter 2.3 (commencing with Section 10600) to Part 2 of Division 2 of the Public Contract Code, relating to state contracts. LEGISLATIVE COUNSEL'S DIGESTAB 2320, as introduced, Chau. Personal information: contractors: cyber insurance.Existing law, the Information Practices Act of 1977 (IPA), requires an agency, as defined, to maintain and disclose personal information in accordance with specified conditions and limitations to ensure the security and confidentiality of the personal information.Existing law regulates contracts for goods and services entered into by state agencies. Specified violations of provisions in a state contract is a crime.This bill would require a contract with a contractor doing business with a state agency to require that the contractor maintain cyber insurance if the contractor receives or has access to records containing personal information protected under the IPA.By expanding the scope of existing crimes, this bill would impose a state-mandated local program.The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.This bill would provide that no reimbursement is required by this act for a specified reason.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: YES Bill TextThe people of the State of California do enact as follows:SECTION 1. Chapter 2.3 (commencing with Section 10600) is added to Part 2 of Division 2 of the Public Contract Code, to read: CHAPTER 2.3. Contractors: Cyber Insurance10600. For purposes of this chapter, the following definitions apply:(a) Agency has the same meaning as in subdivision (b) of Section 1798.3 of the Civil Code.(b) Contractor means an individual, business, or other entity doing business with an agency.(c) Personal information has the same meaning as in subdivision (a) of Section 1798.3 of the Civil Code.(d) Record has the same meaning as in subdivision (g) of Section 1798.3 of the Civil Code.10601. If the contract contemplates that, in the course of doing business with an agency, a contractor will receive or have access to records containing personal information protected under the Information Practices Act of 1977 (Title 1.8 (commencing with Section 1798) of Part 4 of Division 3 of the Civil Code), the contract shall require the contractor to carry cyber insurance sufficient to cover all losses resulting from potential unlawful access to or disclosure of personal information, in an amount determined by the contracting agency.SEC. 2. No reimbursement is required by this act pursuant to Section 6 of Article XIIIB of the California Constitution because the only costs that may be incurred by a local agency or school district will be incurred because this act creates a new crime or infraction, eliminates a crime or infraction, or changes the penalty for a crime or infraction, within the meaning of Section 17556 of the Government Code, or changes the definition of a crime within the meaning of Section 6 of Article XIIIB of the California Constitution.
CALIFORNIA LEGISLATURE 20192020 REGULAR SESSION Assembly Bill No. 2320Introduced by Assembly Member ChauFebruary 14, 2020 An act to add Chapter 2.3 (commencing with Section 10600) to Part 2 of Division 2 of the Public Contract Code, relating to state contracts. LEGISLATIVE COUNSEL'S DIGESTAB 2320, as introduced, Chau. Personal information: contractors: cyber insurance.Existing law, the Information Practices Act of 1977 (IPA), requires an agency, as defined, to maintain and disclose personal information in accordance with specified conditions and limitations to ensure the security and confidentiality of the personal information.Existing law regulates contracts for goods and services entered into by state agencies. Specified violations of provisions in a state contract is a crime.This bill would require a contract with a contractor doing business with a state agency to require that the contractor maintain cyber insurance if the contractor receives or has access to records containing personal information protected under the IPA.By expanding the scope of existing crimes, this bill would impose a state-mandated local program.The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.This bill would provide that no reimbursement is required by this act for a specified reason.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: YES
CALIFORNIA LEGISLATURE 20192020 REGULAR SESSION
Assembly Bill
No. 2320
Introduced by Assembly Member ChauFebruary 14, 2020
Introduced by Assembly Member Chau
February 14, 2020
An act to add Chapter 2.3 (commencing with Section 10600) to Part 2 of Division 2 of the Public Contract Code, relating to state contracts.
LEGISLATIVE COUNSEL'S DIGEST
## LEGISLATIVE COUNSEL'S DIGEST
AB 2320, as introduced, Chau. Personal information: contractors: cyber insurance.
Existing law, the Information Practices Act of 1977 (IPA), requires an agency, as defined, to maintain and disclose personal information in accordance with specified conditions and limitations to ensure the security and confidentiality of the personal information.Existing law regulates contracts for goods and services entered into by state agencies. Specified violations of provisions in a state contract is a crime.This bill would require a contract with a contractor doing business with a state agency to require that the contractor maintain cyber insurance if the contractor receives or has access to records containing personal information protected under the IPA.By expanding the scope of existing crimes, this bill would impose a state-mandated local program.The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.This bill would provide that no reimbursement is required by this act for a specified reason.
Existing law, the Information Practices Act of 1977 (IPA), requires an agency, as defined, to maintain and disclose personal information in accordance with specified conditions and limitations to ensure the security and confidentiality of the personal information.
Existing law regulates contracts for goods and services entered into by state agencies. Specified violations of provisions in a state contract is a crime.
This bill would require a contract with a contractor doing business with a state agency to require that the contractor maintain cyber insurance if the contractor receives or has access to records containing personal information protected under the IPA.
By expanding the scope of existing crimes, this bill would impose a state-mandated local program.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that no reimbursement is required by this act for a specified reason.
## Digest Key
## Bill Text
The people of the State of California do enact as follows:SECTION 1. Chapter 2.3 (commencing with Section 10600) is added to Part 2 of Division 2 of the Public Contract Code, to read: CHAPTER 2.3. Contractors: Cyber Insurance10600. For purposes of this chapter, the following definitions apply:(a) Agency has the same meaning as in subdivision (b) of Section 1798.3 of the Civil Code.(b) Contractor means an individual, business, or other entity doing business with an agency.(c) Personal information has the same meaning as in subdivision (a) of Section 1798.3 of the Civil Code.(d) Record has the same meaning as in subdivision (g) of Section 1798.3 of the Civil Code.10601. If the contract contemplates that, in the course of doing business with an agency, a contractor will receive or have access to records containing personal information protected under the Information Practices Act of 1977 (Title 1.8 (commencing with Section 1798) of Part 4 of Division 3 of the Civil Code), the contract shall require the contractor to carry cyber insurance sufficient to cover all losses resulting from potential unlawful access to or disclosure of personal information, in an amount determined by the contracting agency.SEC. 2. No reimbursement is required by this act pursuant to Section 6 of Article XIIIB of the California Constitution because the only costs that may be incurred by a local agency or school district will be incurred because this act creates a new crime or infraction, eliminates a crime or infraction, or changes the penalty for a crime or infraction, within the meaning of Section 17556 of the Government Code, or changes the definition of a crime within the meaning of Section 6 of Article XIIIB of the California Constitution.
The people of the State of California do enact as follows:
## The people of the State of California do enact as follows:
SECTION 1. Chapter 2.3 (commencing with Section 10600) is added to Part 2 of Division 2 of the Public Contract Code, to read: CHAPTER 2.3. Contractors: Cyber Insurance10600. For purposes of this chapter, the following definitions apply:(a) Agency has the same meaning as in subdivision (b) of Section 1798.3 of the Civil Code.(b) Contractor means an individual, business, or other entity doing business with an agency.(c) Personal information has the same meaning as in subdivision (a) of Section 1798.3 of the Civil Code.(d) Record has the same meaning as in subdivision (g) of Section 1798.3 of the Civil Code.10601. If the contract contemplates that, in the course of doing business with an agency, a contractor will receive or have access to records containing personal information protected under the Information Practices Act of 1977 (Title 1.8 (commencing with Section 1798) of Part 4 of Division 3 of the Civil Code), the contract shall require the contractor to carry cyber insurance sufficient to cover all losses resulting from potential unlawful access to or disclosure of personal information, in an amount determined by the contracting agency.
SECTION 1. Chapter 2.3 (commencing with Section 10600) is added to Part 2 of Division 2 of the Public Contract Code, to read:
### SECTION 1.
CHAPTER 2.3. Contractors: Cyber Insurance10600. For purposes of this chapter, the following definitions apply:(a) Agency has the same meaning as in subdivision (b) of Section 1798.3 of the Civil Code.(b) Contractor means an individual, business, or other entity doing business with an agency.(c) Personal information has the same meaning as in subdivision (a) of Section 1798.3 of the Civil Code.(d) Record has the same meaning as in subdivision (g) of Section 1798.3 of the Civil Code.10601. If the contract contemplates that, in the course of doing business with an agency, a contractor will receive or have access to records containing personal information protected under the Information Practices Act of 1977 (Title 1.8 (commencing with Section 1798) of Part 4 of Division 3 of the Civil Code), the contract shall require the contractor to carry cyber insurance sufficient to cover all losses resulting from potential unlawful access to or disclosure of personal information, in an amount determined by the contracting agency.
CHAPTER 2.3. Contractors: Cyber Insurance10600. For purposes of this chapter, the following definitions apply:(a) Agency has the same meaning as in subdivision (b) of Section 1798.3 of the Civil Code.(b) Contractor means an individual, business, or other entity doing business with an agency.(c) Personal information has the same meaning as in subdivision (a) of Section 1798.3 of the Civil Code.(d) Record has the same meaning as in subdivision (g) of Section 1798.3 of the Civil Code.10601. If the contract contemplates that, in the course of doing business with an agency, a contractor will receive or have access to records containing personal information protected under the Information Practices Act of 1977 (Title 1.8 (commencing with Section 1798) of Part 4 of Division 3 of the Civil Code), the contract shall require the contractor to carry cyber insurance sufficient to cover all losses resulting from potential unlawful access to or disclosure of personal information, in an amount determined by the contracting agency.
CHAPTER 2.3. Contractors: Cyber Insurance
CHAPTER 2.3. Contractors: Cyber Insurance
10600. For purposes of this chapter, the following definitions apply:(a) Agency has the same meaning as in subdivision (b) of Section 1798.3 of the Civil Code.(b) Contractor means an individual, business, or other entity doing business with an agency.(c) Personal information has the same meaning as in subdivision (a) of Section 1798.3 of the Civil Code.(d) Record has the same meaning as in subdivision (g) of Section 1798.3 of the Civil Code.
10600. For purposes of this chapter, the following definitions apply:
(a) Agency has the same meaning as in subdivision (b) of Section 1798.3 of the Civil Code.
(b) Contractor means an individual, business, or other entity doing business with an agency.
(c) Personal information has the same meaning as in subdivision (a) of Section 1798.3 of the Civil Code.
(d) Record has the same meaning as in subdivision (g) of Section 1798.3 of the Civil Code.
10601. If the contract contemplates that, in the course of doing business with an agency, a contractor will receive or have access to records containing personal information protected under the Information Practices Act of 1977 (Title 1.8 (commencing with Section 1798) of Part 4 of Division 3 of the Civil Code), the contract shall require the contractor to carry cyber insurance sufficient to cover all losses resulting from potential unlawful access to or disclosure of personal information, in an amount determined by the contracting agency.
10601. If the contract contemplates that, in the course of doing business with an agency, a contractor will receive or have access to records containing personal information protected under the Information Practices Act of 1977 (Title 1.8 (commencing with Section 1798) of Part 4 of Division 3 of the Civil Code), the contract shall require the contractor to carry cyber insurance sufficient to cover all losses resulting from potential unlawful access to or disclosure of personal information, in an amount determined by the contracting agency.
SEC. 2. No reimbursement is required by this act pursuant to Section 6 of Article XIIIB of the California Constitution because the only costs that may be incurred by a local agency or school district will be incurred because this act creates a new crime or infraction, eliminates a crime or infraction, or changes the penalty for a crime or infraction, within the meaning of Section 17556 of the Government Code, or changes the definition of a crime within the meaning of Section 6 of Article XIIIB of the California Constitution.
SEC. 2. No reimbursement is required by this act pursuant to Section 6 of Article XIIIB of the California Constitution because the only costs that may be incurred by a local agency or school district will be incurred because this act creates a new crime or infraction, eliminates a crime or infraction, or changes the penalty for a crime or infraction, within the meaning of Section 17556 of the Government Code, or changes the definition of a crime within the meaning of Section 6 of Article XIIIB of the California Constitution.
SEC. 2. No reimbursement is required by this act pursuant to Section 6 of Article XIIIB of the California Constitution because the only costs that may be incurred by a local agency or school district will be incurred because this act creates a new crime or infraction, eliminates a crime or infraction, or changes the penalty for a crime or infraction, within the meaning of Section 17556 of the Government Code, or changes the definition of a crime within the meaning of Section 6 of Article XIIIB of the California Constitution.
### SEC. 2.