Bill Summary – FastDemocracy

Amends Section 36 of Title VI of SL 1987-506, as amended, (concerning the Charlotte Firefighters' Retirement System [System]) as follows. Requires that the administrator appointed by the Board of Trustees (Board) to be domiciled in the State or otherwise subject to the relevant banking and insurance laws of the State. Requires the Board to maintain insurance for the System (currently, has discretion to do so) and expands the types of required coverage to include data breach and cyber liability insurance for the benefit of the system, its participants, and their beneficiaries. Requires the Auditor’s annual report under Section 45 to also include instances of data breaches or other cybersecurity incidents impacting participants and participants' beneficiaries, the cost of the incident, and the steps taken in response to the incident. Requires the Treasurer of the System to now, in Section 49, deposit funds paid into the System into a bank or banks otherwise subject to the banking and insurance laws of the State. Allows the Board, under Section 50, to now use a portion of its income to purchase data breach and liability insurance and to make a participant or beneficiary whole who was a victim of a System data breach or cybersecurity incident.
Adds new Section 55.1, concerning participants and beneficiary protection against cybersecurity incidents to Title VIII of SL 1987-506, as amended, as follows.  Establishes a duty for the Board, in addition to maintaining the insurance listed above, to do the following to protect System participants and beneficiaries:

Set up a reporting mechanism and grievance procedure for participants and beneficiaries who may be victims of a System data breach or other cybersecurity incident.
Investigate all reported System data breaches or other cybersecurity incidents, regardless of the source of the report.
Provide resources for participants and beneficiaries who may be victims of a System data breach or other cybersecurity incident that include actionable steps that they may take to protect their funds and assets from any threats related to the System data breach or other cybersecurity incident that has occurred or that may occur.
If a System data breach or other cybersecurity incident is found to have occurred on or after the act’s effective date, make whole the participants or beneficiaries who were victims of that System data breach or other cybersecurity incident.

Allows the Board to delegate these tasks to the System administrator or other contracted entity.
Requires the Board, after assessing whether the current System administrator has met its obligations under the existing contract, to contract with an administrator that meets the requirements of the act.
Requires the Board within 60 days of the act’s effective date, to (1) enter into a contract for data breach and cyber liability insurance and (2) set up the reporting mechanism and grievance procedure for participants and beneficiaries who may have been victims of a System data breach or other cybersecurity incident. Requires the Board to investigate any System data breaches or other cybersecurity incidents that have been reported within a year prior to the effective date of the act or after and provide the resources required under the act to participants and beneficiaries if any are found to have occurred on or after that date. 
Applicable only to the City of Charlotte.