2019 Regular Session ENROLLED
SENATE BILL NO. 46
BY SENATOR PEACOCK AND REPRESENTATIVES ADAMS, ARMES, BACALA,
BAGLEY, BILLIOT, TERRY BROWN, CARMODY, STEVE
CARTER, CHANEY, CREWS, FALCONER, HODGES, HOFFMANN,
HORTON, HOWARD, JENKINS, LARVADAIN, MACK, MCMAHEN,
JIM MORRIS, THOMAS AND WHITE
Prefiled pursuant to Article III, Section 2(A)(4)(b)(i) of the Constitution of Louisiana.
1 AN ACT
2 To enact Chapter 31 of Title 51 of the Louisiana Revised Statutes of 1950, to be comprised
3 of R.S. 51:2101 through 2109, relative to cybersecurity; to authorize entities to
4 monitor, share, and receive certain information relative to cyber threats; to authorize
5 certain defensive measures; to provide relative to certain security and information
6 controls; to provide for definitions; to provide for confidentiality of certain
7 information; to provide with respect to evidence; to provide with respect to data
8 breach notification; to provide for legal protections and privileges; and to provide for
9 related matters.
10 Be it enacted by the Legislature of Louisiana:
11 Section 1. Chapter 31 of Title 51 of the Louisiana Revised Statutes of 1950,
12 comprised of R.S. 51:2101 through 2109, is hereby enacted to read as follows:
13 CHAPTER 31. LOUISIANA CYBERSECURITY INF ORMATION
14 SHARING ACT
15 §2101. Short title
16 This Chapter shall be known and may be cited as the "Louisiana
17 Cybersecurity Information Sharing Act".
18 §2102. Legislative intent; federal law
19 The purpose of this Act is to provide a framework for permissive sharing
20 of cybersecurity information under Louisiana law that is consistent with and
21 does not conflict with the requirements of the federal Cybersecurity
22 Information Sharing Act of 2015, 6 U.S.C.A. §1501 et seq., except as specifically
23 provided by the provisions of this Chapter.
Page 1 of 3
Coding: Words which are struck through are deletions from existing law;
words in boldface type and underscored are additions. SB NO. 46 ENROLLED
1 §2103. Definitions
2 The terms "cyber threat indicator" and "defensive measure
3 information" have the meaning ascribed to them by 6 U.S.C. §1501 et seq.
4 §2104. Sharing of cybersecurity information; public entities
5 When sharing a cyber threat indicator or defensive measure
6 information, each natural or juridical person or public or private entity shall
7 receive the legal protections and privileges conveyed by the federal
8 Cybersecurity Information Sharing Act of 2015, 6 U.S.C. §1501 et seq., and R.S.
9 51:2106.
10 §2105. Evidence standard
11 Sharing a cyber threat indicator or defensive measure information shall
12 not constitute a waiver of any applicable privilege or protection provided
13 pursuant to the Louisiana Code of Evidence.
14 §2106. Receipt of cyber threat indicators and defensive measure information;
15 appropriate state entities
16 A. In addition to those entities identified in 6 U.S.C. §1501(3), the
17 following entities are authorized to receive cyber threat indicators and defensive
18 measure information, as an appropriate state entity, through electronic mail
19 transmission:
20 (1) The Department of Justice, office of the attorney general, Louisiana
21 Bureau of Investigation.
22 (2) The Department of Public Safety and Corrections, office of state
23 police, Louisiana State Analytical and Fusion Exchange.
24 (3) The Governor's Office of Homeland Security and Emergency
25 Preparedness.
26 B. When a natural person or private or public entity is conveying a
27 cyber threat indicator or defensive measure information by electronic mail, the
28 natural person or public or private entity shall indicate such by populating
29 "Cyber Threat Indicator" or "Cyber Defensive Measure" in the subject line of
30 the electronic mail.
Page 2 of 3
Coding: Words which are struck through are deletions from existing law;
words in boldface type and underscored are additions. SB NO. 46 ENROLLED
1 §2107. Compliance with Database Security Breach Notification Law
2 Nothing in this Chapter shall relieve a person or entity from compliance
3 with the Database Security Breach Notification Law, R. S. 51:3071 et seq.,
4 specifically including but not limited to the requirements under R.S. 51:3074.
5 §2108. Reporting
6 No state entity that receives cybersecurity information shared pursuant
7 to the provisions of this Chapter shall be subject to the reporting requirements
8 of 6 U.S.C. §1508.
9 §2109. Rulemaking authority
10 The Department of Corrections, office of state police, may, in accordance
11 with the Administrative Procedure Act, adopt all rules necessary to implement
12 the provisions of this Chapter provided that any rule promulgated does not
13 conflict with the provisions of 6 U.S.C. §1501 et seq.
PRESIDENT OF THE SENATE
SPEAKER OF THE HOUSE OF REPRESENTATIVES
GOVERNOR OF THE STATE OF LOUISIANA
APPROVED:
Page 3 of 3
Coding: Words which are struck through are deletions from existing law;
words in boldface type and underscored are additions.