Use this button to switch between dark and light mode.

Tech Week: 2021 State Cybersecurity Legislation, Biometric Data Restrictions in ME & More

March 18, 2022

Cybersecurity Big Concern for State Lawmakers in 2021

With high-profile cyberattacks like the one on Colonial Pipeline last May that caused fuel shortages in Eastern states and the targeting of public infrastructure in every state by hackers over the past couple of years, cybersecurity received considerable attention from state lawmakers last session. At least 45 state legislatures considered over 250 measures dealing significantly with the issue, according to the National Conference of State Legislatures.

One major focus of that legislation was strengthening cybersecurity governance. For instance, Minnesota established a Legislative Commission on Cybersecurity, which will review the cybersecurity practices of state agencies and make recommendations on policy changes.

States also considered legislation requiring adherence with established security standards. Those measures include several sponsored by California Assemblywoman Jacqui Irwin (D), mandating the adoption of security policies, standards and procedures recommended by the National Institute of Standards and Technology.

With research showing the vast majority of data breaches result from employee errors like responding to phishing emails, some states, including Texas and Virginia, also required regular training for state agency employees.

The reporting of cybersecurity incidents was another area of concentration for lawmakers last year, with those in Georgia, Indiana, North Dakota, Washington and West Virginia all having enacted legislation requiring state or local agencies to report such incidents to a central office.

Finally, a law passed in Texas created a dedicated fund for improving and modernizing state agency information technology, including legacy systems. That enactment reflects the fact that only half of states have dedicated cybersecurity budgets, and most of them make up less than 3 percent of overall state IT expenditures, compared to 10 percent in the private sector, according to the National Association of State CIOs. (NATIONAL CONFERENCE OF STATE LEGISLATURES)

ME Considering Restrictions on Collection, Use of Biometric Data

A bill introduced in Maine’s House in January (HB 1450) would require companies to obtain consent before collecting biometric data like facial features, fingerprints and voices, as well as prohibit companies from selling such data and provide a private right of action for violations. The measure has won the support of the Joint Committee on the Judiciary and is expected to receive a vote from the full Legislature. (ASSOCIATED PRESS, STATE NET)

Congress Passes Cyberattack Reporting Measure

The U.S House and Senate passed legislation that would require any organization considered part of the country’s critical infrastructure, including entities in the energy, finance and transportation sectors, to report any “substantial cyber incident” to the federal government within 72 hours and any ransomware payment within 24 hours. The aim of the measure is to give federal authorities more visibility into cyberattacks targeting private entities, which often avoid notifying the FBI or other agencies. President Biden was expected to sign the measure. (INSURANCE JOURNAL)

Biden Administration Issues Driverless Car Rule

The National Highway Traffic Safety Administration has issued a final rule updating the current Federal Motor Vehicle Safety Standards to address vehicles with automated driving systems that don’t have the manual controls used by human drivers like steering wheels. The 155-page rule clarifies the requirements for manufacturers of such vehicles. (INSURANCE JOURNAL, NATIONAL HIGHWAY TRAFFIC SAFETY ADMINISTRATION)

New App for Claiming Roadkill in WY

This winter, after Wyoming joined the roughly 30 states that allow people to collect animals accidentally killed on the road for food, the state’s Department of Transportation rolled out a new app that allows people to claim roadkill after properly documenting and reviewing the rules for collecting it. In addition to helping state wildlife and transportation officials decide where wildlife crossing signs or other measures are needed, the app is also aimed at informing drivers of the rules regarding roadkill, such as that it can’t be collected after dark, on interstate highways, in construction zones or at national parks like Yellowstone. (ASSOCIATED PRESS)

-- Compiled by KOREY CLARK


News & Views from the 50 States

Free subscription to the Capitol Journal keeps you current on legislative and regulatory news.