Date: 02/19/2014
Final
BILL SUMMARY for HB14-1140
HOUSE COMMITTEE ON STATE, VETERANS, & MILITARY AFFAIRS
| Votes: View--> | Action Taken: |
| <none> | <none> |
11:49 AM -- HB14-1140
Representative Conti, prime sponsor, presented House Bill 14-1140 concerning compromised personal or financial identifying information. The bill requires state government entities to provide credit monitoring services for one year in the event that personal or financial identifying information is compromised in an accidental or deliberate security breach incident. State entities must also create procedures to notify and communicate with each impacted or potentially impacted individual of the security breach. The bill provides related definitions.
Under the bill, the Chief Information Officer for the Governor's Office of Information Technology (OIT) must promulgate rules to implement these new requirements. Each executive branch department of the state must adopt OIT's rules. A state entity that is not an executive branch department must either adopt the OIT rules or promulgate their own rules or procedures to comply with the requirements of the bill.
Representative Ryden announced that the committee would hear testimony on the bill and take action at a later date when the fiscal note has been updated.
11:53 AM -- Jonathan Trull, Chief Information Security Officer for the state, testified about the bill. Mr. Trull spoke about the issue of cyber security. He discussed cyber security planning for the 17 executive branch agencies that report to the Governor, for which Mr. Trull has oversight. He stressed that prevention is key, and talked about incident responses when prevention does not work. He commented about a cyber security task force that he is hoping to have established in 2014 to work with stakeholders in state and local government. He responded to questions from the committee about a security breach in 2013 that related to personal identifying information for approximately 18,000 state employees. A criminal investigation is still being conducted by the Colorado Bureau of Investigation about that breach.
12:00 PM
Representative Conti distributed information from a research report generated by the Ponemon Institute about the per capita costs of a data breach (Attachment A). The bill was laid over.
14HseState0219AttachA.pdf