Digest: Tells a local public body to give a report to the state when there is an information security incident. Prescribes what must be in the report. (Flesch Readability Score: 63.4).
Requires a local government, local service district or special government body to notify and submit a report to the State Chief Information Officer within 48 hours of an information security incident or ransomware incident. Prescribes the information that a public body is required to report.
Directs the State Chief Information Officer to establish a reporting system that allows a public body to submit a notification or report in a timely, secure and confidential manner. Directs the State Chief Information Officer to create a webpage to provide instructions on how to provide notification and submit a report.
Requires the State Chief Information Officer to provide an annual report to the Governor and the Joint Legislative Committee on Information Management and Technology on the information security incidents and ransomware incidents reported for the preceding year.
Exempts information security incident or ransomware incident reports from disclosure under public records laws and allows for the sharing of information under certain circumstances.
Becomes operative July 1, 2026.
Declares an emergency, effective on passage.