Amended IN Assembly May 04, 2020 CALIFORNIA LEGISLATURE 20192020 REGULAR SESSION Assembly Bill No. 2326Introduced by Assembly Member SalasFebruary 14, 2020 An act to add Article 8.5 (commencing with Section 35265) to Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code, relating to school security.LEGISLATIVE COUNSEL'S DIGESTAB 2326, as amended, Salas. School cybersecurity.Existing law authorizes the governing board of a school district to establish a security department under the supervision of a chief of security as designated by, and under the direction of, the superintendent of the school district. Existing law prohibits a school district from permitting access to pupil records to a person without written parental consent or under judicial order except as authorized by specified state and federal law.Existing law requires the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center with a primary mission to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state. This bill would state the intent of the Legislature to enact future legislation relating to school cybersecurity.This bill would require a local educational agency, as defined, to report any cyberattack, as defined, to the California Cybersecurity Integration Center and to designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center. The bill would require the cybersecurity coordinator to notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed. The bill would require the California Cybersecurity Integration Center to establish a database that tracks reports of cyberattacks submitted by local educational agencies and require the California Cybersecurity Integration Center to annually report to the Legislature on the state of cybersecurity in the states local educational agencies, with recommendations for any improvements.By imposing new duties on local educational agencies, the bill would constitute a state-mandated local program.The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.This bill would provide that, if the Commission on State Mandates determines that the bill contains costs mandated by the state, reimbursement for those costs shall be made pursuant to the statutory provisions noted above.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: NOYES Local Program: NOYES Bill TextThe people of the State of California do enact as follows:SECTION 1. Article 8.5 (commencing with Section 35265) is added to Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code, to read: Article 8.5. Cybersecurity35265. For purposes of this article, the following definitions apply:(a) Cyberattack means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer system, or computer network.(b) Local educational agency means the governing body of a school district, county board of education, or state special school.35266. (a) A local educational agency shall report any cyberattack to the California Cybersecurity Integration Center, established by the Office of Emergency Services pursuant to Section 8586.5 of the Government Code.(b) (1) A local educational agency shall designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center.(2) The cybersecurity coordinator of a local educational agency shall notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed.(c) (1) The California Cybersecurity Integration Center shall establish a database that tracks reports of cyberattacks submitted by local educational agencies pursuant to this section. By July 1, 2021, and by each July 1 thereafter, the California Cybersecurity Integration Center shall report to the Legislature on the state of cybersecurity in the states local educational agencies, with recommendations for any improvements.(2) A report to be submitted pursuant to paragraph (1) shall be submitted in compliance with Section 9795 of the Government Code.SEC. 2. If the Commission on State Mandates determines that this act contains costs mandated by the state, reimbursement to local agencies and school districts for those costs shall be made pursuant to Part 7 (commencing with Section 17500) of Division 4 of Title 2 of the Government Code.SECTION 1.It is the intent of the Legislature to enact future legislation relating to school cybersecurity.
Amended IN Assembly May 04, 2020 CALIFORNIA LEGISLATURE 20192020 REGULAR SESSION Assembly Bill No. 2326Introduced by Assembly Member SalasFebruary 14, 2020 An act to add Article 8.5 (commencing with Section 35265) to Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code, relating to school security.LEGISLATIVE COUNSEL'S DIGESTAB 2326, as amended, Salas. School cybersecurity.Existing law authorizes the governing board of a school district to establish a security department under the supervision of a chief of security as designated by, and under the direction of, the superintendent of the school district. Existing law prohibits a school district from permitting access to pupil records to a person without written parental consent or under judicial order except as authorized by specified state and federal law.Existing law requires the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center with a primary mission to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state. This bill would state the intent of the Legislature to enact future legislation relating to school cybersecurity.This bill would require a local educational agency, as defined, to report any cyberattack, as defined, to the California Cybersecurity Integration Center and to designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center. The bill would require the cybersecurity coordinator to notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed. The bill would require the California Cybersecurity Integration Center to establish a database that tracks reports of cyberattacks submitted by local educational agencies and require the California Cybersecurity Integration Center to annually report to the Legislature on the state of cybersecurity in the states local educational agencies, with recommendations for any improvements.By imposing new duties on local educational agencies, the bill would constitute a state-mandated local program.The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.This bill would provide that, if the Commission on State Mandates determines that the bill contains costs mandated by the state, reimbursement for those costs shall be made pursuant to the statutory provisions noted above.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: NOYES Local Program: NOYES
Amended IN Assembly May 04, 2020
Amended IN Assembly May 04, 2020
CALIFORNIA LEGISLATURE 20192020 REGULAR SESSION
Assembly Bill
No. 2326
Introduced by Assembly Member SalasFebruary 14, 2020
Introduced by Assembly Member Salas
February 14, 2020
An act to add Article 8.5 (commencing with Section 35265) to Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code, relating to school security.
LEGISLATIVE COUNSEL'S DIGEST
## LEGISLATIVE COUNSEL'S DIGEST
AB 2326, as amended, Salas. School cybersecurity.
Existing law authorizes the governing board of a school district to establish a security department under the supervision of a chief of security as designated by, and under the direction of, the superintendent of the school district. Existing law prohibits a school district from permitting access to pupil records to a person without written parental consent or under judicial order except as authorized by specified state and federal law.Existing law requires the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center with a primary mission to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state. This bill would state the intent of the Legislature to enact future legislation relating to school cybersecurity.This bill would require a local educational agency, as defined, to report any cyberattack, as defined, to the California Cybersecurity Integration Center and to designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center. The bill would require the cybersecurity coordinator to notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed. The bill would require the California Cybersecurity Integration Center to establish a database that tracks reports of cyberattacks submitted by local educational agencies and require the California Cybersecurity Integration Center to annually report to the Legislature on the state of cybersecurity in the states local educational agencies, with recommendations for any improvements.By imposing new duties on local educational agencies, the bill would constitute a state-mandated local program.The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.This bill would provide that, if the Commission on State Mandates determines that the bill contains costs mandated by the state, reimbursement for those costs shall be made pursuant to the statutory provisions noted above.
Existing law authorizes the governing board of a school district to establish a security department under the supervision of a chief of security as designated by, and under the direction of, the superintendent of the school district.
Existing law prohibits a school district from permitting access to pupil records to a person without written parental consent or under judicial order except as authorized by specified state and federal law.
Existing law requires the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center with a primary mission to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.
This bill would state the intent of the Legislature to enact future legislation relating to school cybersecurity.
This bill would require a local educational agency, as defined, to report any cyberattack, as defined, to the California Cybersecurity Integration Center and to designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center. The bill would require the cybersecurity coordinator to notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed. The bill would require the California Cybersecurity Integration Center to establish a database that tracks reports of cyberattacks submitted by local educational agencies and require the California Cybersecurity Integration Center to annually report to the Legislature on the state of cybersecurity in the states local educational agencies, with recommendations for any improvements.
By imposing new duties on local educational agencies, the bill would constitute a state-mandated local program.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that, if the Commission on State Mandates determines that the bill contains costs mandated by the state, reimbursement for those costs shall be made pursuant to the statutory provisions noted above.
## Digest Key
## Bill Text
The people of the State of California do enact as follows:SECTION 1. Article 8.5 (commencing with Section 35265) is added to Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code, to read: Article 8.5. Cybersecurity35265. For purposes of this article, the following definitions apply:(a) Cyberattack means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer system, or computer network.(b) Local educational agency means the governing body of a school district, county board of education, or state special school.35266. (a) A local educational agency shall report any cyberattack to the California Cybersecurity Integration Center, established by the Office of Emergency Services pursuant to Section 8586.5 of the Government Code.(b) (1) A local educational agency shall designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center.(2) The cybersecurity coordinator of a local educational agency shall notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed.(c) (1) The California Cybersecurity Integration Center shall establish a database that tracks reports of cyberattacks submitted by local educational agencies pursuant to this section. By July 1, 2021, and by each July 1 thereafter, the California Cybersecurity Integration Center shall report to the Legislature on the state of cybersecurity in the states local educational agencies, with recommendations for any improvements.(2) A report to be submitted pursuant to paragraph (1) shall be submitted in compliance with Section 9795 of the Government Code.SEC. 2. If the Commission on State Mandates determines that this act contains costs mandated by the state, reimbursement to local agencies and school districts for those costs shall be made pursuant to Part 7 (commencing with Section 17500) of Division 4 of Title 2 of the Government Code.SECTION 1.It is the intent of the Legislature to enact future legislation relating to school cybersecurity.
The people of the State of California do enact as follows:
## The people of the State of California do enact as follows:
SECTION 1. Article 8.5 (commencing with Section 35265) is added to Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code, to read: Article 8.5. Cybersecurity35265. For purposes of this article, the following definitions apply:(a) Cyberattack means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer system, or computer network.(b) Local educational agency means the governing body of a school district, county board of education, or state special school.35266. (a) A local educational agency shall report any cyberattack to the California Cybersecurity Integration Center, established by the Office of Emergency Services pursuant to Section 8586.5 of the Government Code.(b) (1) A local educational agency shall designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center.(2) The cybersecurity coordinator of a local educational agency shall notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed.(c) (1) The California Cybersecurity Integration Center shall establish a database that tracks reports of cyberattacks submitted by local educational agencies pursuant to this section. By July 1, 2021, and by each July 1 thereafter, the California Cybersecurity Integration Center shall report to the Legislature on the state of cybersecurity in the states local educational agencies, with recommendations for any improvements.(2) A report to be submitted pursuant to paragraph (1) shall be submitted in compliance with Section 9795 of the Government Code.
SECTION 1. Article 8.5 (commencing with Section 35265) is added to Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code, to read:
### SECTION 1.
Article 8.5. Cybersecurity35265. For purposes of this article, the following definitions apply:(a) Cyberattack means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer system, or computer network.(b) Local educational agency means the governing body of a school district, county board of education, or state special school.35266. (a) A local educational agency shall report any cyberattack to the California Cybersecurity Integration Center, established by the Office of Emergency Services pursuant to Section 8586.5 of the Government Code.(b) (1) A local educational agency shall designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center.(2) The cybersecurity coordinator of a local educational agency shall notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed.(c) (1) The California Cybersecurity Integration Center shall establish a database that tracks reports of cyberattacks submitted by local educational agencies pursuant to this section. By July 1, 2021, and by each July 1 thereafter, the California Cybersecurity Integration Center shall report to the Legislature on the state of cybersecurity in the states local educational agencies, with recommendations for any improvements.(2) A report to be submitted pursuant to paragraph (1) shall be submitted in compliance with Section 9795 of the Government Code.
Article 8.5. Cybersecurity35265. For purposes of this article, the following definitions apply:(a) Cyberattack means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer system, or computer network.(b) Local educational agency means the governing body of a school district, county board of education, or state special school.35266. (a) A local educational agency shall report any cyberattack to the California Cybersecurity Integration Center, established by the Office of Emergency Services pursuant to Section 8586.5 of the Government Code.(b) (1) A local educational agency shall designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center.(2) The cybersecurity coordinator of a local educational agency shall notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed.(c) (1) The California Cybersecurity Integration Center shall establish a database that tracks reports of cyberattacks submitted by local educational agencies pursuant to this section. By July 1, 2021, and by each July 1 thereafter, the California Cybersecurity Integration Center shall report to the Legislature on the state of cybersecurity in the states local educational agencies, with recommendations for any improvements.(2) A report to be submitted pursuant to paragraph (1) shall be submitted in compliance with Section 9795 of the Government Code.
Article 8.5. Cybersecurity
Article 8.5. Cybersecurity
35265. For purposes of this article, the following definitions apply:(a) Cyberattack means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer system, or computer network.(b) Local educational agency means the governing body of a school district, county board of education, or state special school.
35265. For purposes of this article, the following definitions apply:
(a) Cyberattack means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer system, or computer network.
(b) Local educational agency means the governing body of a school district, county board of education, or state special school.
35266. (a) A local educational agency shall report any cyberattack to the California Cybersecurity Integration Center, established by the Office of Emergency Services pursuant to Section 8586.5 of the Government Code.(b) (1) A local educational agency shall designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center.(2) The cybersecurity coordinator of a local educational agency shall notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed.(c) (1) The California Cybersecurity Integration Center shall establish a database that tracks reports of cyberattacks submitted by local educational agencies pursuant to this section. By July 1, 2021, and by each July 1 thereafter, the California Cybersecurity Integration Center shall report to the Legislature on the state of cybersecurity in the states local educational agencies, with recommendations for any improvements.(2) A report to be submitted pursuant to paragraph (1) shall be submitted in compliance with Section 9795 of the Government Code.
35266. (a) A local educational agency shall report any cyberattack to the California Cybersecurity Integration Center, established by the Office of Emergency Services pursuant to Section 8586.5 of the Government Code.
(b) (1) A local educational agency shall designate a cybersecurity coordinator to serve as a liaison in cybersecurity matters between the local educational agency and the California Cybersecurity Integration Center.
(2) The cybersecurity coordinator of a local educational agency shall notify the parent or legal guardian of a pupil that a cyberattack has occurred if records pertaining to the pupil may have been accessed.
(c) (1) The California Cybersecurity Integration Center shall establish a database that tracks reports of cyberattacks submitted by local educational agencies pursuant to this section. By July 1, 2021, and by each July 1 thereafter, the California Cybersecurity Integration Center shall report to the Legislature on the state of cybersecurity in the states local educational agencies, with recommendations for any improvements.
(2) A report to be submitted pursuant to paragraph (1) shall be submitted in compliance with Section 9795 of the Government Code.
SEC. 2. If the Commission on State Mandates determines that this act contains costs mandated by the state, reimbursement to local agencies and school districts for those costs shall be made pursuant to Part 7 (commencing with Section 17500) of Division 4 of Title 2 of the Government Code.
SEC. 2. If the Commission on State Mandates determines that this act contains costs mandated by the state, reimbursement to local agencies and school districts for those costs shall be made pursuant to Part 7 (commencing with Section 17500) of Division 4 of Title 2 of the Government Code.
SEC. 2. If the Commission on State Mandates determines that this act contains costs mandated by the state, reimbursement to local agencies and school districts for those costs shall be made pursuant to Part 7 (commencing with Section 17500) of Division 4 of Title 2 of the Government Code.
### SEC. 2.
It is the intent of the Legislature to enact future legislation relating to school cybersecurity.