eNews: Action Alert – January 31, 2022Monday, January 31, 2022 - 02:49pm
Oppose HB1290 / SB764 – Cyber Security Incident Reporting
A one-page of the below information is available here >.
HB1290 (Hayes) was heard in the House Communications, Technology, and Innovations Committee this morning. Despite multiple speakers in opposition, HB1290 passed 18-2 with amendments. The amendments create a work group with various stakeholders, including VML, to further discuss this issue. However, reporting must still occur while the work group convenes.
VML asks our members to contact the members of the House of Delegates and urge them to oppose HB1290. VML also asks that you contact members of the Senate Committee on General Laws (see below) urging them to oppose the Senate version – SB764 (Barker) – as well. SB764 may be on the docket as early as Wednesday, February 5th.
HB1290 and SB764 would require all public bodies to report any known incidents that compromise and threaten the security of the public body’s information technology systems to the State Chief Information Officer (CIO) within 24 hours from when the incident was discovered.
VML has serious concerns with this legislation due to the time constraint, lack of definitions, lack of reporting guidance, and the inability to meet with an insurance provider or cyber expert of your choice before having to report to the State.
- Time Constraint: 24 hours is not enough time to properly assess the extent of the situation, formulate the best strategy, and speak with staff and other individuals affected.
- Definitions: VML has serious concerns about the lack of definition of “incident”. Without a definitive definition the term “incident” becomes extremely vague allowing for misinterpretation on what constitutes as an incident that must be reported. Secondly, there is no specific language on what needs to be reported. Once again allowing for misinterpretation of what must be reported.
- Reporting: HB1290 / SB764 requires the public body to report the incident to the State before having the opportunity to discuss the matter with your insurance company, provider, or agency of choice. This creates another reporting mandate for public bodies.
Current GA Committees:
HB1290 – Full House of Delegates
SB764 – Senate Committee on General Laws:
VML Staff Contact: Josette Bulova, email@example.com