| Old | New | Differences | |
|---|---|---|---|
| 1 | - | ||
| 1 | + | CALIFORNIA LEGISLATURE 20212022 REGULAR SESSION Assembly Bill No. 327Introduced by Assembly Member KileyJanuary 26, 2021 An act to amend Section 8586.5 of the Government Code, relating to state government. LEGISLATIVE COUNSEL'S DIGESTAB 327, as introduced, Kiley. California Cybersecurity Integration Center: representatives: California Privacy Protection Agency.Existing law establishes the California Cybersecurity Integration Center (Cal-CSIC) within the Office of Emergency Services, the primary mission of which is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or computer networks in the state. Existing law requires Cal-CSIC to be comprised of representatives from, among others, the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the Military Department, the Office of the Attorney General, the California Health and Human Services Agency, and the California Utilities Emergency Association. Existing law, the California Consumer Privacy Act of 2018, grants a consumer various rights with regard to the consumers personal information retained by a business. Existing law, the California Privacy Rights Act of 2020, an initiative measure, establishes the California Privacy Protection Agency to implement and enforce the California Consumer Privacy Act. Existing law requires the agency to perform specified functions, including cooperating with other agencies with jurisdiction over privacy laws and with data processing authorities in the state to ensure consistent application of privacy protections. This bill would add the California Privacy Protection Agency as one of the organizations whose representatives comprise the California Cybersecurity Integration Center.This bill would declare that its provisions further the purposes and intent of the California Privacy Rights Act of 2020. Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO Bill TextThe people of the State of California do enact as follows:SECTION 1. Section 8586.5 of the Government Code is amended to read:8586.5. (a) The Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Centers primary mission is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from the following organizations:(1) The Office of Emergency Services.(2) The Office of Information Security.(3) The State Threat Assessment Center.(4) The Department of the California Highway Patrol.(5) The Military Department.(6) The Office of the Attorney General.(7) The California Health and Human Services Agency.(8) The California Utilities Emergency Association.(9) The California Privacy Protection Agency. (9)(10) The California State University.(10)(11) The University of California.(11)(12) The California Community Colleges.(12)(13) The United States Department of Homeland Security.(13)(14) The United States Federal Bureau of Investigation.(14)(15) The United States Secret Service.(15)(16) The United States Coast Guard.(16)(17) Other members as designated by the Director of Emergency Services.(b) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall provide warnings of cyberattacks to government agencies and nongovernmental partners, coordinate information sharing among these entities, assess risks to critical infrastructure and information technology networks, prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks, enable cross-sector coordination and sharing of recommended best practices and security measures, and support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(c) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall be developed to improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy shall also strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(d) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also assist law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented in the California Cybersecurity Integration Center.(e) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals, safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, economic stability, and national security.SEC. 2. The Legislature finds and declares that this act furthers the purposes and intent of the California Privacy Rights Act of 2020 by ensuring consumers rights, including the constitutional right to privacy, are protected in the California Cybersecurity Integration Centers planning as it aims to reduce the likelihood and severity of cyber incidents in the state. | |
| 2 | 2 | ||
| 3 | - | ||
| 3 | + | CALIFORNIA LEGISLATURE 20212022 REGULAR SESSION Assembly Bill No. 327Introduced by Assembly Member KileyJanuary 26, 2021 An act to amend Section 8586.5 of the Government Code, relating to state government. LEGISLATIVE COUNSEL'S DIGESTAB 327, as introduced, Kiley. California Cybersecurity Integration Center: representatives: California Privacy Protection Agency.Existing law establishes the California Cybersecurity Integration Center (Cal-CSIC) within the Office of Emergency Services, the primary mission of which is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or computer networks in the state. Existing law requires Cal-CSIC to be comprised of representatives from, among others, the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the Military Department, the Office of the Attorney General, the California Health and Human Services Agency, and the California Utilities Emergency Association. Existing law, the California Consumer Privacy Act of 2018, grants a consumer various rights with regard to the consumers personal information retained by a business. Existing law, the California Privacy Rights Act of 2020, an initiative measure, establishes the California Privacy Protection Agency to implement and enforce the California Consumer Privacy Act. Existing law requires the agency to perform specified functions, including cooperating with other agencies with jurisdiction over privacy laws and with data processing authorities in the state to ensure consistent application of privacy protections. This bill would add the California Privacy Protection Agency as one of the organizations whose representatives comprise the California Cybersecurity Integration Center.This bill would declare that its provisions further the purposes and intent of the California Privacy Rights Act of 2020. Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO | |
| 4 | 4 | ||
| 5 | - | Amended IN Assembly April 14, 2021 | |
| 6 | 5 | ||
| 7 | - | Amended IN Assembly April 14, 2021 | |
| 6 | + | ||
| 7 | + | ||
| 8 | 8 | ||
| 9 | 9 | CALIFORNIA LEGISLATURE 20212022 REGULAR SESSION | |
| 10 | 10 | ||
| 11 | 11 | Assembly Bill | |
| 12 | 12 | ||
| 13 | 13 | No. 327 | |
| 14 | 14 | ||
| 15 | 15 | Introduced by Assembly Member KileyJanuary 26, 2021 | |
| 16 | 16 | ||
| 17 | 17 | Introduced by Assembly Member Kiley | |
| 18 | 18 | January 26, 2021 | |
| 19 | 19 | ||
| 20 | - | An act to amend Section 8586.5 | |
| 20 | + | An act to amend Section 8586.5 of the Government Code, relating to state government. | |
| 21 | 21 | ||
| 22 | 22 | LEGISLATIVE COUNSEL'S DIGEST | |
| 23 | 23 | ||
| 24 | 24 | ## LEGISLATIVE COUNSEL'S DIGEST | |
| 25 | 25 | ||
| 26 | - | AB 327, as | |
| 26 | + | AB 327, as introduced, Kiley. California Cybersecurity Integration Center: representatives: California Privacy Protection Agency. | |
| 27 | 27 | ||
| 28 | - | Existing law regulates the disclosure of personal information related to, among others, social security numbers, business records, drivers license numbers, medical information, and credit reporting information. Existing law prohibits discrimination against a person on certain characteristics, including, among others, disability, medical condition, and genetic information, as specified. Existing law also prohibits compelling a person in any state, county, city, or other local civil, criminal, administrative, legislative, or other proceedings to identify or provide identifying characteristics that would identify any individual who is the subject of an HIV test, except as specified.Existing federal law, the Federal Food, Drug, and Cosmetic Act, authorizes the United States Secretary of Health and Human Services to authorize the introduction into interstate commerce of a drug, device, or biological product, including, among others, a vaccine, intended for use in an actual or potential emergency if the Secretary has made a declaration that the circumstances exist justifying that authorization on the basis of a determination by the Secretary that there is a public health emergency, or a significant potential for a public health emergency, as specified. On February 4, 2020, the Secretary determined there was such a public health emergency involving the novel coronavirus that causes the illness Coronavirus Disease 2019 (COVID-19). On the basis of that determination, the Secretary on March 27, 2020, declared that circumstances exist justifying the authorization of emergency use of drugs and biological products during the COVID-19 pandemic. Since December 11, 2020, the federal Food and Drug Administration, under authority delegated to it by the Secretary, has issued emergency use authorizations for 3 vaccines for the prevention of COVID-19.This bill would prohibit state agencies, local governments, and any other state governmental authority from adopting or enforcing any order, ordinance, policy, regulation, rule, or similar measure that requires an individual to provide, as a condition of receiving any service or entering any place, documentation regarding the individuals vaccination status for any COVID-19 vaccine administered under an emergency use authorization. By prohibiting local governments from adopting or enforcing such measures, this bill would impose a state-mandated local program.The bill would prohibit any public or private entity that receives or is awarded state funds through any means, as specified, from requiring a member of the public to provide, as a condition of receipt of any service or entrance to any place, documentation regarding the persons vaccination status for any COVID-19 vaccine administered under an emergency use authorization.The bill would make related findings and declarations.The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.This bill would provide that, if the Commission on State Mandates determines that the bill contains costs mandated by the state, reimbursement for those costs shall be made pursuant to the statutory provisions noted above.Existing law establishes the California Cybersecurity Integration Center (Cal-CSIC) within the Office of Emergency Services, the primary mission of which is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or computer networks in the state. Existing law requires Cal-CSIC to be comprised of representatives from, among others, the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the Military Department, the Office of the Attorney General, the California Health and Human Services Agency, and the California Utilities Emergency Association. Existing law, the California Consumer Privacy Act of 2018, grants a consumer various rights with regard to the consumers personal information retained by a business. Existing law, the California Privacy Rights Act of 2020, an initiative measure, establishes the California Privacy Protection Agency to implement and enforce the California Consumer Privacy Act. Existing law requires the agency to perform specified functions, including cooperating with other agencies with jurisdiction over privacy laws and with data processing authorities in the state to ensure consistent application of privacy protections.This bill would add the California Privacy Protection Agency as one of the organizations whose representatives comprise the California Cybersecurity Integration Center.This bill would declare that its provisions further the purposes and intent of the California Privacy Rights Act of 2020. | |
| 29 | - | ||
| 30 | - | Existing law regulates the disclosure of personal information related to, among others, social security numbers, business records, drivers license numbers, medical information, and credit reporting information. Existing law prohibits discrimination against a person on certain characteristics, including, among others, disability, medical condition, and genetic information, as specified. Existing law also prohibits compelling a person in any state, county, city, or other local civil, criminal, administrative, legislative, or other proceedings to identify or provide identifying characteristics that would identify any individual who is the subject of an HIV test, except as specified. | |
| 31 | - | ||
| 32 | - | Existing federal law, the Federal Food, Drug, and Cosmetic Act, authorizes the United States Secretary of Health and Human Services to authorize the introduction into interstate commerce of a drug, device, or biological product, including, among others, a vaccine, intended for use in an actual or potential emergency if the Secretary has made a declaration that the circumstances exist justifying that authorization on the basis of a determination by the Secretary that there is a public health emergency, or a significant potential for a public health emergency, as specified. On February 4, 2020, the Secretary determined there was such a public health emergency involving the novel coronavirus that causes the illness Coronavirus Disease 2019 (COVID-19). On the basis of that determination, the Secretary on March 27, 2020, declared that circumstances exist justifying the authorization of emergency use of drugs and biological products during the COVID-19 pandemic. Since December 11, 2020, the federal Food and Drug Administration, under authority delegated to it by the Secretary, has issued emergency use authorizations for 3 vaccines for the prevention of COVID-19. | |
| 33 | - | ||
| 34 | - | This bill would prohibit state agencies, local governments, and any other state governmental authority from adopting or enforcing any order, ordinance, policy, regulation, rule, or similar measure that requires an individual to provide, as a condition of receiving any service or entering any place, documentation regarding the individuals vaccination status for any COVID-19 vaccine administered under an emergency use authorization. By prohibiting local governments from adopting or enforcing such measures, this bill would impose a state-mandated local program. | |
| 35 | - | ||
| 36 | - | The bill would prohibit any public or private entity that receives or is awarded state funds through any means, as specified, from requiring a member of the public to provide, as a condition of receipt of any service or entrance to any place, documentation regarding the persons vaccination status for any COVID-19 vaccine administered under an emergency use authorization. | |
| 37 | - | ||
| 38 | - | The bill would make related findings and declarations. | |
| 39 | - | ||
| 40 | - | The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement. | |
| 41 | - | ||
| 42 | - | This bill would provide that, if the Commission on State Mandates determines that the bill contains costs mandated by the state, reimbursement for those costs shall be made pursuant to the statutory provisions noted above. | |
| 28 | + | Existing law establishes the California Cybersecurity Integration Center (Cal-CSIC) within the Office of Emergency Services, the primary mission of which is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or computer networks in the state. Existing law requires Cal-CSIC to be comprised of representatives from, among others, the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the Military Department, the Office of the Attorney General, the California Health and Human Services Agency, and the California Utilities Emergency Association. Existing law, the California Consumer Privacy Act of 2018, grants a consumer various rights with regard to the consumers personal information retained by a business. Existing law, the California Privacy Rights Act of 2020, an initiative measure, establishes the California Privacy Protection Agency to implement and enforce the California Consumer Privacy Act. Existing law requires the agency to perform specified functions, including cooperating with other agencies with jurisdiction over privacy laws and with data processing authorities in the state to ensure consistent application of privacy protections. This bill would add the California Privacy Protection Agency as one of the organizations whose representatives comprise the California Cybersecurity Integration Center.This bill would declare that its provisions further the purposes and intent of the California Privacy Rights Act of 2020. | |
| 43 | 29 | ||
| 44 | 30 | Existing law establishes the California Cybersecurity Integration Center (Cal-CSIC) within the Office of Emergency Services, the primary mission of which is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or computer networks in the state. Existing law requires Cal-CSIC to be comprised of representatives from, among others, the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the Military Department, the Office of the Attorney General, the California Health and Human Services Agency, and the California Utilities Emergency Association. | |
| 45 | 31 | ||
| 46 | - | ||
| 47 | - | ||
| 48 | 32 | Existing law, the California Consumer Privacy Act of 2018, grants a consumer various rights with regard to the consumers personal information retained by a business. Existing law, the California Privacy Rights Act of 2020, an initiative measure, establishes the California Privacy Protection Agency to implement and enforce the California Consumer Privacy Act. Existing law requires the agency to perform specified functions, including cooperating with other agencies with jurisdiction over privacy laws and with data processing authorities in the state to ensure consistent application of privacy protections. | |
| 49 | - | ||
| 50 | - | ||
| 51 | 33 | ||
| 52 | 34 | This bill would add the California Privacy Protection Agency as one of the organizations whose representatives comprise the California Cybersecurity Integration Center. | |
| 53 | 35 | ||
| 54 | - | ||
| 55 | - | ||
| 56 | 36 | This bill would declare that its provisions further the purposes and intent of the California Privacy Rights Act of 2020. | |
| 57 | - | ||
| 58 | - | ||
| 59 | 37 | ||
| 60 | 38 | ## Digest Key | |
| 61 | 39 | ||
| 62 | 40 | ## Bill Text | |
| 63 | 41 | ||
| 64 | - | The people of the State of California do enact as follows:SECTION 1. | |
| 42 | + | The people of the State of California do enact as follows:SECTION 1. Section 8586.5 of the Government Code is amended to read:8586.5. (a) The Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Centers primary mission is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from the following organizations:(1) The Office of Emergency Services.(2) The Office of Information Security.(3) The State Threat Assessment Center.(4) The Department of the California Highway Patrol.(5) The Military Department.(6) The Office of the Attorney General.(7) The California Health and Human Services Agency.(8) The California Utilities Emergency Association.(9) The California Privacy Protection Agency. (9)(10) The California State University.(10)(11) The University of California.(11)(12) The California Community Colleges.(12)(13) The United States Department of Homeland Security.(13)(14) The United States Federal Bureau of Investigation.(14)(15) The United States Secret Service.(15)(16) The United States Coast Guard.(16)(17) Other members as designated by the Director of Emergency Services.(b) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall provide warnings of cyberattacks to government agencies and nongovernmental partners, coordinate information sharing among these entities, assess risks to critical infrastructure and information technology networks, prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks, enable cross-sector coordination and sharing of recommended best practices and security measures, and support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(c) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall be developed to improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy shall also strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(d) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also assist law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented in the California Cybersecurity Integration Center.(e) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals, safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, economic stability, and national security.SEC. 2. The Legislature finds and declares that this act furthers the purposes and intent of the California Privacy Rights Act of 2020 by ensuring consumers rights, including the constitutional right to privacy, are protected in the California Cybersecurity Integration Centers planning as it aims to reduce the likelihood and severity of cyber incidents in the state. | |
| 65 | 43 | ||
| 66 | 44 | The people of the State of California do enact as follows: | |
| 67 | 45 | ||
| 68 | 46 | ## The people of the State of California do enact as follows: | |
| 69 | 47 | ||
| 70 | - | SECTION 1. | |
| 48 | + | SECTION 1. Section 8586.5 of the Government Code is amended to read:8586.5. (a) The Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Centers primary mission is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from the following organizations:(1) The Office of Emergency Services.(2) The Office of Information Security.(3) The State Threat Assessment Center.(4) The Department of the California Highway Patrol.(5) The Military Department.(6) The Office of the Attorney General.(7) The California Health and Human Services Agency.(8) The California Utilities Emergency Association.(9) The California Privacy Protection Agency. (9)(10) The California State University.(10)(11) The University of California.(11)(12) The California Community Colleges.(12)(13) The United States Department of Homeland Security.(13)(14) The United States Federal Bureau of Investigation.(14)(15) The United States Secret Service.(15)(16) The United States Coast Guard.(16)(17) Other members as designated by the Director of Emergency Services.(b) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall provide warnings of cyberattacks to government agencies and nongovernmental partners, coordinate information sharing among these entities, assess risks to critical infrastructure and information technology networks, prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks, enable cross-sector coordination and sharing of recommended best practices and security measures, and support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(c) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall be developed to improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy shall also strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(d) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also assist law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented in the California Cybersecurity Integration Center.(e) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals, safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, economic stability, and national security. | |
| 71 | 49 | ||
| 72 | - | SECTION 1. The Legislature finds and declares the following:(a) The Federal Food, Drug, and Cosmetic Act provision authorizing the emergency use authorization of vaccines expressly recognizes that each individual has the option to accept or refuse administration of the product under an emergency use authorization.(b) As of April 8, 2021, California has administered over 21 million COVID-19 vaccines.(c) Vaccination status is private health information and no governmental entity should compel disclosure.(d) The United States Constitution does not authorize the federal government to mandate nationwide vaccine passports for COVID-19. | |
| 73 | - | ||
| 74 | - | SECTION 1. The Legislature finds and declares the following: | |
| 50 | + | SECTION 1. Section 8586.5 of the Government Code is amended to read: | |
| 75 | 51 | ||
| 76 | 52 | ### SECTION 1. | |
| 77 | 53 | ||
| 78 | - | (a) The | |
| 54 | + | 8586.5. (a) The Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Centers primary mission is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from the following organizations:(1) The Office of Emergency Services.(2) The Office of Information Security.(3) The State Threat Assessment Center.(4) The Department of the California Highway Patrol.(5) The Military Department.(6) The Office of the Attorney General.(7) The California Health and Human Services Agency.(8) The California Utilities Emergency Association.(9) The California Privacy Protection Agency. (9)(10) The California State University.(10)(11) The University of California.(11)(12) The California Community Colleges.(12)(13) The United States Department of Homeland Security.(13)(14) The United States Federal Bureau of Investigation.(14)(15) The United States Secret Service.(15)(16) The United States Coast Guard.(16)(17) Other members as designated by the Director of Emergency Services.(b) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall provide warnings of cyberattacks to government agencies and nongovernmental partners, coordinate information sharing among these entities, assess risks to critical infrastructure and information technology networks, prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks, enable cross-sector coordination and sharing of recommended best practices and security measures, and support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(c) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall be developed to improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy shall also strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(d) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also assist law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented in the California Cybersecurity Integration Center.(e) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals, safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, economic stability, and national security. | |
| 79 | 55 | ||
| 80 | - | (b) | |
| 56 | + | 8586.5. (a) The Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Centers primary mission is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from the following organizations:(1) The Office of Emergency Services.(2) The Office of Information Security.(3) The State Threat Assessment Center.(4) The Department of the California Highway Patrol.(5) The Military Department.(6) The Office of the Attorney General.(7) The California Health and Human Services Agency.(8) The California Utilities Emergency Association.(9) The California Privacy Protection Agency. (9)(10) The California State University.(10)(11) The University of California.(11)(12) The California Community Colleges.(12)(13) The United States Department of Homeland Security.(13)(14) The United States Federal Bureau of Investigation.(14)(15) The United States Secret Service.(15)(16) The United States Coast Guard.(16)(17) Other members as designated by the Director of Emergency Services.(b) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall provide warnings of cyberattacks to government agencies and nongovernmental partners, coordinate information sharing among these entities, assess risks to critical infrastructure and information technology networks, prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks, enable cross-sector coordination and sharing of recommended best practices and security measures, and support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(c) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall be developed to improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy shall also strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(d) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also assist law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented in the California Cybersecurity Integration Center.(e) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals, safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, economic stability, and national security. | |
| 81 | 57 | ||
| 82 | - | (c) Vaccination status is private health information and no governmental entity should compel disclosure. | |
| 83 | - | ||
| 84 | - | (d) The United States Constitution does not authorize the federal government to mandate nationwide vaccine passports for COVID-19. | |
| 85 | - | ||
| 86 | - | SEC. 2. Chapter 3.28 (commencing with Section 6218.8) is added to Division 7 of Title 1 of the Government Code, to read: CHAPTER 3.28. Prohibitions on COVID-19 Vaccination Status Disclosure Requirements6218.8. (a) State agencies, local governments, and any other governmental authority shall not adopt or enforce any order, ordinance, policy, regulation, rule, or similar measure that requires an individual to provide as a condition of receiving any service or entering any place, documentation regarding the individuals vaccination status for any COVID-19 vaccine administered under an emergency use authorization.(b) Any public or private entity that receives or is awarded state funds through any means, including, but not limited to, grants, contracts, or loans, shall not require a member of the public to provide, as a condition of receipt of any service or entrance to any place, documentation regarding the persons vaccination status for any COVID-19 vaccine administered under an emergency use authorization. | |
| 87 | - | ||
| 88 | - | SEC. 2. Chapter 3.28 (commencing with Section 6218.8) is added to Division 7 of Title 1 of the Government Code, to read: | |
| 89 | - | ||
| 90 | - | ### SEC. 2. | |
| 91 | - | ||
| 92 | - | CHAPTER 3.28. Prohibitions on COVID-19 Vaccination Status Disclosure Requirements6218.8. (a) State agencies, local governments, and any other governmental authority shall not adopt or enforce any order, ordinance, policy, regulation, rule, or similar measure that requires an individual to provide as a condition of receiving any service or entering any place, documentation regarding the individuals vaccination status for any COVID-19 vaccine administered under an emergency use authorization.(b) Any public or private entity that receives or is awarded state funds through any means, including, but not limited to, grants, contracts, or loans, shall not require a member of the public to provide, as a condition of receipt of any service or entrance to any place, documentation regarding the persons vaccination status for any COVID-19 vaccine administered under an emergency use authorization. | |
| 93 | - | ||
| 94 | - | CHAPTER 3.28. Prohibitions on COVID-19 Vaccination Status Disclosure Requirements6218.8. (a) State agencies, local governments, and any other governmental authority shall not adopt or enforce any order, ordinance, policy, regulation, rule, or similar measure that requires an individual to provide as a condition of receiving any service or entering any place, documentation regarding the individuals vaccination status for any COVID-19 vaccine administered under an emergency use authorization.(b) Any public or private entity that receives or is awarded state funds through any means, including, but not limited to, grants, contracts, or loans, shall not require a member of the public to provide, as a condition of receipt of any service or entrance to any place, documentation regarding the persons vaccination status for any COVID-19 vaccine administered under an emergency use authorization. | |
| 95 | - | ||
| 96 | - | CHAPTER 3.28. Prohibitions on COVID-19 Vaccination Status Disclosure Requirements | |
| 97 | - | ||
| 98 | - | CHAPTER 3.28. Prohibitions on COVID-19 Vaccination Status Disclosure Requirements | |
| 99 | - | ||
| 100 | - | 6218.8. (a) State agencies, local governments, and any other governmental authority shall not adopt or enforce any order, ordinance, policy, regulation, rule, or similar measure that requires an individual to provide as a condition of receiving any service or entering any place, documentation regarding the individuals vaccination status for any COVID-19 vaccine administered under an emergency use authorization.(b) Any public or private entity that receives or is awarded state funds through any means, including, but not limited to, grants, contracts, or loans, shall not require a member of the public to provide, as a condition of receipt of any service or entrance to any place, documentation regarding the persons vaccination status for any COVID-19 vaccine administered under an emergency use authorization. | |
| 58 | + | 8586.5. (a) The Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Centers primary mission is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from the following organizations:(1) The Office of Emergency Services.(2) The Office of Information Security.(3) The State Threat Assessment Center.(4) The Department of the California Highway Patrol.(5) The Military Department.(6) The Office of the Attorney General.(7) The California Health and Human Services Agency.(8) The California Utilities Emergency Association.(9) The California Privacy Protection Agency. (9)(10) The California State University.(10)(11) The University of California.(11)(12) The California Community Colleges.(12)(13) The United States Department of Homeland Security.(13)(14) The United States Federal Bureau of Investigation.(14)(15) The United States Secret Service.(15)(16) The United States Coast Guard.(16)(17) Other members as designated by the Director of Emergency Services.(b) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall provide warnings of cyberattacks to government agencies and nongovernmental partners, coordinate information sharing among these entities, assess risks to critical infrastructure and information technology networks, prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks, enable cross-sector coordination and sharing of recommended best practices and security measures, and support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(c) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall be developed to improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy shall also strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(d) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also assist law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented in the California Cybersecurity Integration Center.(e) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals, safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, economic stability, and national security. | |
| 101 | 59 | ||
| 102 | 60 | ||
| 103 | 61 | ||
| 104 | - | 6218.8. (a) State agencies, local governments, and any other governmental authority shall not adopt or enforce any order, ordinance, policy, regulation, rule, or similar measure that requires an individual to provide as a condition of receiving any service or entering any place, documentation regarding the individuals vaccination status for any COVID-19 vaccine administered under an emergency use authorization. | |
| 105 | - | ||
| 106 | - | (b) Any public or private entity that receives or is awarded state funds through any means, including, but not limited to, grants, contracts, or loans, shall not require a member of the public to provide, as a condition of receipt of any service or entrance to any place, documentation regarding the persons vaccination status for any COVID-19 vaccine administered under an emergency use authorization. | |
| 107 | - | ||
| 108 | - | SEC. 3. If the Commission on State Mandates determines that this act contains costs mandated by the state, reimbursement to local agencies and school districts for those costs shall be made pursuant to Part 7 (commencing with Section 17500) of Division 4 of Title 2 of the Government Code. | |
| 109 | - | ||
| 110 | - | SEC. 3. If the Commission on State Mandates determines that this act contains costs mandated by the state, reimbursement to local agencies and school districts for those costs shall be made pursuant to Part 7 (commencing with Section 17500) of Division 4 of Title 2 of the Government Code. | |
| 111 | - | ||
| 112 | - | SEC. 3. If the Commission on State Mandates determines that this act contains costs mandated by the state, reimbursement to local agencies and school districts for those costs shall be made pursuant to Part 7 (commencing with Section 17500) of Division 4 of Title 2 of the Government Code. | |
| 113 | - | ||
| 114 | - | ### SEC. 3. | |
| 115 | - | ||
| 116 | - | ||
| 117 | - | ||
| 118 | - | ||
| 119 | - | ||
| 120 | - | (a)The Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Centers primary mission is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from the following organizations: | |
| 121 | - | ||
| 122 | - | ||
| 62 | + | 8586.5. (a) The Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Centers primary mission is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from the following organizations: | |
| 123 | 63 | ||
| 124 | 64 | (1) The Office of Emergency Services. | |
| 125 | 65 | ||
| 126 | - | ||
| 127 | - | ||
| 128 | 66 | (2) The Office of Information Security. | |
| 129 | - | ||
| 130 | - | ||
| 131 | 67 | ||
| 132 | 68 | (3) The State Threat Assessment Center. | |
| 133 | 69 | ||
| 134 | - | ||
| 135 | - | ||
| 136 | 70 | (4) The Department of the California Highway Patrol. | |
| 137 | - | ||
| 138 | - | ||
| 139 | 71 | ||
| 140 | 72 | (5) The Military Department. | |
| 141 | 73 | ||
| 142 | - | ||
| 143 | - | ||
| 144 | 74 | (6) The Office of the Attorney General. | |
| 145 | - | ||
| 146 | - | ||
| 147 | 75 | ||
| 148 | 76 | (7) The California Health and Human Services Agency. | |
| 149 | 77 | ||
| 150 | - | ||
| 151 | - | ||
| 152 | 78 | (8) The California Utilities Emergency Association. | |
| 153 | 79 | ||
| 80 | + | (9) The California Privacy Protection Agency. | |
| 154 | 81 | ||
| 155 | - | ||
| 156 | - | (9)The California Privacy Protection Agency. | |
| 82 | + | (9) | |
| 157 | 83 | ||
| 158 | 84 | ||
| 159 | 85 | ||
| 160 | 86 | (10) The California State University. | |
| 161 | 87 | ||
| 88 | + | (10) | |
| 89 | + | ||
| 162 | 90 | ||
| 163 | 91 | ||
| 164 | 92 | (11) The University of California. | |
| 93 | + | ||
| 94 | + | (11) | |
| 165 | 95 | ||
| 166 | 96 | ||
| 167 | 97 | ||
| 168 | 98 | (12) The California Community Colleges. | |
| 169 | 99 | ||
| 100 | + | (12) | |
| 101 | + | ||
| 170 | 102 | ||
| 171 | 103 | ||
| 172 | 104 | (13) The United States Department of Homeland Security. | |
| 105 | + | ||
| 106 | + | (13) | |
| 173 | 107 | ||
| 174 | 108 | ||
| 175 | 109 | ||
| 176 | 110 | (14) The United States Federal Bureau of Investigation. | |
| 177 | 111 | ||
| 112 | + | (14) | |
| 113 | + | ||
| 178 | 114 | ||
| 179 | 115 | ||
| 180 | 116 | (15) The United States Secret Service. | |
| 117 | + | ||
| 118 | + | (15) | |
| 181 | 119 | ||
| 182 | 120 | ||
| 183 | 121 | ||
| 184 | 122 | (16) The United States Coast Guard. | |
| 185 | 123 | ||
| 124 | + | (16) | |
| 125 | + | ||
| 186 | 126 | ||
| 187 | 127 | ||
| 188 | 128 | (17) Other members as designated by the Director of Emergency Services. | |
| 189 | 129 | ||
| 190 | - | ||
| 191 | - | ||
| 192 | 130 | (b) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall provide warnings of cyberattacks to government agencies and nongovernmental partners, coordinate information sharing among these entities, assess risks to critical infrastructure and information technology networks, prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks, enable cross-sector coordination and sharing of recommended best practices and security measures, and support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments. | |
| 193 | - | ||
| 194 | - | ||
| 195 | 131 | ||
| 196 | 132 | (c) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall be developed to improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy shall also strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education. | |
| 197 | 133 | ||
| 198 | - | ||
| 199 | - | ||
| 200 | 134 | (d) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also assist law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented in the California Cybersecurity Integration Center. | |
| 201 | - | ||
| 202 | - | ||
| 203 | 135 | ||
| 204 | 136 | (e) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals, safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, economic stability, and national security. | |
| 205 | 137 | ||
| 138 | + | SEC. 2. The Legislature finds and declares that this act furthers the purposes and intent of the California Privacy Rights Act of 2020 by ensuring consumers rights, including the constitutional right to privacy, are protected in the California Cybersecurity Integration Centers planning as it aims to reduce the likelihood and severity of cyber incidents in the state. | |
| 206 | 139 | ||
| 140 | + | SEC. 2. The Legislature finds and declares that this act furthers the purposes and intent of the California Privacy Rights Act of 2020 by ensuring consumers rights, including the constitutional right to privacy, are protected in the California Cybersecurity Integration Centers planning as it aims to reduce the likelihood and severity of cyber incidents in the state. | |
| 207 | 141 | ||
| 142 | + | SEC. 2. The Legislature finds and declares that this act furthers the purposes and intent of the California Privacy Rights Act of 2020 by ensuring consumers rights, including the constitutional right to privacy, are protected in the California Cybersecurity Integration Centers planning as it aims to reduce the likelihood and severity of cyber incidents in the state. | |
| 208 | 143 | ||
| 209 | - | ||
| 210 | - | The Legislature finds and declares that this act furthers the purposes and intent of the California Privacy Rights Act of 2020 by ensuring consumers rights, including the constitutional right to privacy, are protected in the California Cybersecurity Integration Centers planning as it aims to reduce the likelihood and severity of cyber incidents in the state. | |
| 144 | + | ### SEC. 2. |