The following technology-related bill will be heard in the Assembly Privacy and Consumer Protection Committee on Tuesday, March 21st at 1:30 pm. Watch committee hearings live.
Assembly Bill 302: Department of Technology: high-risk automated decision systems: inventory.
Would require the Department of Technology to conduct, on or before September 1, 2024, a comprehensive inventory of all high-risk automated decision systems, as defined, that have been proposed for use, development, or procurement by, or are being used, developed, or procured by, state agencies. The bill would require the comprehensive inventory to include a description of, among other things, the categories of data and personal information the automated decision system uses to make its decisions. On or before January 1, 2025, the bill would require the department to submit a report of the above-described comprehensive inventory to the Legislature.
Assembly Bill 740: Department of General Services: drone cybersecurity.
Would require the Department of General Services, in consultation with the Chief of the Office of Information Security, to adopt rules and regulations, by January 1, 2025, to ensure that each unmanned aircraft and unmanned aircraft system used by a government entity, as defined, in part, to include local governmental entities, for any purpose meets appropriate safeguards to ensure the confidentiality, integrity, and availability of any data collected, transmitted, or stored by that unmanned aircraft or unmanned aircraft system, as specified; and to specify requirements for a comprehensive plan to be adopted by a government entity to discontinue the use of noncompliant aircraft and systems, as specified. This bill would, beginning on the date the department adopts the rules and regulations, authorize a government entity to use unmanned aircraft or unmanned aircraft systems it did not previously use only if that aircraft or system complies with those rules and regulations. The bill would, by July 1, 2025, require a government entity that uses a noncompliant aircraft or system to submit to the department a comprehensive plan for discontinuing its use, as specified.
Assembly Bill 749: State agencies: information security: uniform standards.
Current law establishes the Office of Information Security within the Department of Technology for the purpose of ensuring the confidentiality, integrity, and availability of state systems and applications and to promote and protect privacy as part of the development and operations of state systems and applications to ensure the trust of the residents of this state. The law requires state entities, as specified, to implement the policies and procedures issued by the office. The law additionally authorizes the office, under direction of the chief, to conduct, or require to be conducted, an independent security assessment of every state agency, department, or office, as specified. State agencies must certify, by February 1 annually, to the President pro Tempore of the Senate and the Speaker of the Assembly that the agency is in compliance with all adopted policies, standards, and procedures and to include a plan of action and milestones, as specified. This bill would require, by January 1, 2025, every state agency, as defined, to implement specified actions relating to data, hardware, software, internal systems, and essential third-party software, including multifactor authentication for access to all systems and data owned, managed, maintained, or utilized by or on behalf of the state agency. The bill would require state agencies to implement Zero Trust architecture, as defined, and prioritize the use of solutions that comply with, are authorized by, or align to federal guidelines, programs, and frameworks.