summary
Introduced
02/02/2026
02/02/2026
In Committee
02/02/2026
02/02/2026
Crossed Over
Passed
Dead
Introduced Session
Potential new amendment
2026 Legislative Measures
Bill Summary
The statement includes a measure digest written in compliance with applicable readability standards. Digest: Tells a local public body to give a report to the state when there is an information se- curity incident. Prescribes what must be in the report. (Flesch Readability Score: 63.4). Requires a local government, local service district or special government body to notify and submit a report to the State Chief Information Officer within 48 hours of an information security incident or ransomware incident. Prescribes the information that a public body is required to report. Directs the State Chief Information Officer to establish a reporting system that allows a public body to submit a notification or report in a timely, secure and confidential manner. Directs the State Chief Information Officer to create a webpage to provide instructions on how to provide notification and submit a report. Requires the State Chief Information Officer to provide an annual report to the Governor and the Joint Legislative Committee on Information Management and Technology on the information security incidents and ransomware incidents reported for the preceding year. Exempts information security incident or ransomware incident reports from disclosure under public records laws and allows for the sharing of information under certain circumstances. Becomes operative July 1, 2026. Declares an emergency, effective on passage.
AI Summary
This bill requires local public bodies, which include local governments, local service districts, and special government bodies, to report any "information security incident" (a substantial event impacting the confidentiality, integrity, or availability of their computer systems and data, or disrupting their operations) or "ransomware incident" (a security incident where data is encrypted or made unavailable to demand a ransom) to the State Chief Information Officer within 48 hours of discovery. The report must detail the actions taken to address the incident. The State Chief Information Officer will establish a secure system for these reports, create a webpage with instructions, and provide an annual report to the Governor and a legislative committee on the incidents. Reports submitted under this bill are confidential and exempt from public records laws, though the State Chief Information Officer can share information with specific entities like law enforcement or cybersecurity centers. The bill becomes effective on July 1, 2026, with provisions for the State Chief Information Officer to prepare for its implementation beforehand, and it is declared an emergency measure, meaning it takes effect immediately upon passage.
Committee Categories
Business and Industry
Sponsors (0)
No sponsors listed
Last Action
Joint Information Management and Technology Work Session (08:00:00 2/13/2026 HR G) (on 02/13/2026)
Official Document
bill text
bill summary
Loading...
bill summary
Loading...
bill summary
Loading...