• Student identity data: Demographic and biometric information
• User interaction data: Engagement metrics for educational content
• Inferred content data: Data concerning how instructional material improves student proficiency
• System-wide data: Administrative data about students, including attendance, disciplinary records and overall academic performance.
• Inferred student data: Inferences based on teacher, content & student data that can be used to make predictions about student outcomes.

Ed Scoop | Four approaches K-12 IT directors can take to address security threats

In india, regulators are considering bitcoin as legal tender for sports betting.  

Blockcahin news & Tech | Could Sports Betting Help in Legitimizing Bitcoin in India?

In Costa Rica, employers can pay employees with bitcoin. 

Bitcoin.com | Costa Rican Workers Can Be Legally Paid in Cryptocurrency

Location: West Virginia

Invitees: 55 election clerks representing all counties in West Virginia

Speakers training West Virginia Election Clerks: WV Secretary of State & the Department of Homeland Security

Topic: Cyber security of elections and how to pay for election cybersecurity, which is mostly federal funds

WBOY | WV is the nation’s first state to host the ‘Election Security Conferece’ 

• On campus surveillance 
• Password policies
• Educating school staff and administration on cybersecurity practices
• Track school owned devices

Ed Scoop | Four approaches K-12 IT directors can take to address security threats

• 2016 An Executive Order created the  The Illinois Department of Innovation and Technology (DoIT)
• HB 5611 (IL | 2018) codified the executive order
•  5.8 billion state records have been encrypted
• 1st Illinois statewide security operations center with 24/7 monitoring state data
• $20 million of infrastructure and network unification cost savings

WSRP | Gov. Rauner signs bill to officially recognize DoIT 

New Jersey Financial Services Commission has 10 requirements for Jersey ICO issuers:

• Be incorporated as a Jersey company.
• Receive consent under the COBO from JFSC before any action is taken (the consent process is detailed further in the Guidance Note).
• Comply with JFSC’s Sound Business Practice Policy.
• Apply relevant anti-money laundering and other such requirements to ICO purchasers.
• Appoint and maintain a trust company business (“TCSP”).
• Appoint and maintain a Jersey resident director.
• Be subject to an ongoing audit requirement.
• Implement procedures and processes to mitigate and manage the risk of retail investors investing inappropriately in the ICO, and to ensure that retail investors understand the risks involved.
• Prepared and submit an Information Memorandum such as a white paper or prospectus.
• Ensure that marketing materials are fair and not misleading.

NJFSC | The Application Process for Issuers of Initial Coin Offerings (ICOs) 

The fund allocations from California’s 2018 election security legislation:

• Federal Funds: $34.5 million
• 57.9%, $20 million, goes to voter implementation at the county level
• 11.58%, $4 million goes to VoteCal statewide system updates
• 13.16%, $4.45 million goes to county voter cyber security
• 8.69%, $3 million, goes to cybersecurity training for counties
• 4.53%, $1.56 million, polling place accessibility
• 2.98%, $1.03 million, personnel costs
• 1.16%, $400,000, election auditing

KCRA | California spends millions, enacts new law to strengthen election security 

State: Illinois

Vetoed legislation: SB 2273 (IL | 2018)  limiting Illinois to participating in 1 interstate voter database system

3 Reasons given for the veto:

• combat voter fraud by “participation in programs that allow cross-referencing voter information from various states to identify where individuals are and are not eligible to vote”
• limiting Illinois to one voter fraud program creates inefficiencies and gaps in knowledge
• limiting the number of the programs for IL to use is not the solution, the solution for voter fraud is other safeguards that “ensure the security, reliability, and appropriate use of any data being shared”

Capitol Fax | Rauner vetoes anti-Crosscheck bill

NY Department of Financial Services requires a bitLicense for any of the following acitivities:

• Virtual currency transmission
• Storing, holding, or maintaining custody or control of virtual currency on behalf of others
• Buying and selling virtual currency as a customer business
• Performing exchange services as a customer business
• Controlling, administering, or issuing a virtual currency
   

BitLegal | The New York Department of Financial Services (NYDFS), grants a virtual currency (VC) license to fintech company Square Inc. 

State: California

The legislation: SB 1001 (CA | 2018)

What would the bill do? Require automated social media accounts (BOTS) to identify themselves as bots

What’s an example of BOT use? The California Seantor filed a bill on bail reform and hundreds of ots attacked with social media posts like ” “Unconstitutional bail reform doesn’t work and is racist.”

Supporters:

• Common Sense Media
• Center for Humane Technology

Opponents:

• Electronic Frontier Foundation

Somewhere in the middle:

• Allen Institute for Artificial Intelligence
• Tech Policy Lab

NYTIMES | Bots of the Internet, Reveal Yourselves!

Chief Information Officers and Chief Data Officers are on the rise for local governments.

What does a Chief Data Officer do? In Cook County, IL the job description is:

• “organizational governance and policy directives around data usage,”

• ensuring proper accessibility standards for data

• evidence-based decision making

• innovative projects 

• oversee a communications technology team

•  holding a leadership position on a Data Governance Council charged with “applying the precepts of data principles; standards; policies; and guidelines.”

State Scoop | Cook County, Illinois, hires first chief data officer, puts new CIO on deck

No judges have found that voting machines susecptible to hacking are impediments to the democratic process.

Politico | Trio of cybersecurity hearings today

Economist say regulation will kill bitcoin because:

• bitcoin has no intrinsic value and price volatility
• the government will regulatue anonymous transactions
• bitcoin inherently “contradicts the idea of creating “a transparent banking system.”

CoinTelegraph | Former World Bank Chief Economist: Bitcoin Will Fail as Governments Increase Regulation

Which states are facing lawsuits based on voting machines that are suspectible to hackers?

• Georgia
  • Cyberscoop | Lawsuit pushes Georgia to dump paperless voting machines by November
• South Carolina
  • Frank Heindel and Phil Leventis v. MARCI ANDINO, Executive Director of the South Carolina State Election Commission

State: South Carolina

The Legislation: House Bill 4655 (2017-2018 | SC). South Carolina Insurance Data Security Act

Requirements for South Carolina Insurance Licensees: 

• insurers tmust “develop, implement, and maintain a comprehensive information security program” for their customers’ data
• based on model law with 3 steps and a 1/1/2019 effective date:
  • prevent breaches
  • detect unwelcomed access to data
  • remediate after a breach
• including 3rd party oversight, with a 7/1/20 effective date

Ohio Legislature passed SB220 (2018 | OH)  which addess blockahin by adding to the definition of electronic transactions.

The new definition of “electronic record”  & “electronic signature” to  include blockchain-based transactions.

Cleveland | Ohio legislature passes blockchain legislation

• NY rules will require credit reporting agencies to comply with the state’s Department of Financial Services cybersecurity standards
• An agreement between Equifax & 8 State Financial regulators will allow the states to:
  • impose punitive damages against Equifax
  • conduct annual  security audits 
  • develop written data protection policies and guides
  • monitor outside technology vendors
  • improve software patch management controls
• The states:
  • Alabama
  • California
  • Georgia
  • Maine
  • Massachusetts
  • New York
  • North Carolina
  • Texas

ACA International | New York Issues Cybersecurity Regulation for Credit Reporting Agencies

NY Times | 8 States Impose New Rules on Equifax After Data Breach

• “By running off electricity that would otherwise be curtailed because of low demand, crypto-mining could allow more clean energy to be profitably built on the grid”
• Texas has been a leader in dealing with intermitancy that can power crytocurrency
  • Texas “competitive renewable electricity zones”  
    • average wind curtailment in Texas decreased from over 16% to less than 2%
    • wind generation more than doubled
  • private investment in energy storage
• flexible demand option for crypto currency that can quickly ramp up operations during times of overgeneration

Trib Talk | Market operations engineer, ERCOT | Cryptocurrencies could increase capacity for renewable energy

A ballot proposition in California would:

• allow Californias to tell businesses not to sell their personal information
• permit Californians lawsuits if  a business fails to implement reasonable security procedures and later suffered a data breach
• creates a right to know for consumers to know when a business sells or discloses their information for a business purpose

Exception to the ballot proposal?

business that collect less than $50 million in annual revenue and meet certain other standards are excepted

Supporters:  Californians for Consumer Privacy

American Banker | Californians to vote on privacy measure — unless legislature acts first 

State: Vermont

Grid Security Partners:

• Protect Our Power, an independent, nonprofit organization
• The Institute for Energy and the Environment at Vermont Law School

Goal of Partnership: to make the grid more resistant to physical or cyber threats & to improve its ability to restore power quickly in the event of an attack

Outcome: offer regulatory and legislative proposals

Valley News | Vermont Law School Team to Research Electrical Grid Security

Insurance market expected an increase in policies after the the EU passed GDPR, here’s waht happened:

•  language in GDPR isn’t clear on whether insurance policies can cover the hefty fines of up to 20 million euros or 4% of global revenue.
  • language is unclear and clarification is up to local regulators
• 90% of the cyber policy market is in the US
• Analysts expect a pick up in the European share of cyber policies

Wall Street Journal | Why Europe’s Cyber Insurance Windfall Hasn’t Happened 

State: North Carolina

The Crypto Currency Licensing Bill: House Bill 86 (NC | 2018)

What does the bill do?

• Adds crypto currency as a permissible investment to state investment licensing laws

Bitcoin.com | North Carolina Banking Bill Passes — Adds Virtual Currency License Requirements 

The data breaches: Data Breaches in 2012 and 2013 at M.D. Anderson in Houston

The regulatory agency issuing the fine: U.S. Department of Health and Human Services via the Office of Civil Rights

The Fine: $4.3 million

Houston Chronicle  | MD Anderson to pay $4.3 million penalty for data breach

“MD Anderson hit with $4.3M privacy fine.” POLITICO 

State:  California

California Regulatory Agency: California Fair Political Practices Commission

Recommendation from the California Agency Legal Counsel: 

• cryptocurrency contributions do not violate the state’s Political Reform Act
• BUT, “could be significant difficulties in establishing the true source of bitcoin donors”

The companies : Blink Charging & Israeli smart city developer Ya’acobi Brothers Group

The benefits of EV Charging via City Infrastructure:

• Enable smart city infrastructure
• Permits integration with wif-fi, cloud networks, cameras for city data management

Utility Dive | Blink eyes significant EV charging expansion via smart streetlights

Arizona’s recently passed,   HB 2154 (AZ | 2018)        , data breach reform bill increased data breach fines from $10,000 to $500,000 per breach.

The intent: the stick for the carrot of notifying consumers quickly

State Scoop | Arizona gets tough on businesses with new data breach reporting law 

​In league model legislation ​ leagues are requesting access to this data:

•  player statistics
• other data used by sportsbooks

Governing | NBA and MLB Quietly Hustle States for Cut of Sports Betting Jackpot

 The Study is by: John Griffin, a finance professor at the University of Texas

What did the study examine: mapping the blockchains of Bitcoin and Tether to track purchases

What did those purchases show? entities associated with the Bitfinex exchange timed purchases so as to rise the price of bitcoin

The Hill | Bitcoin prices were manipulated: study 

A Mexican political party challenging the front runner in the Mexican Presidential elections, had its cmapaign website hacked during a live debate.

The DDoS attack  resulted in the campaign’s site being down for the debate.

Reuters | Cyber attack on Mexico campaign site triggers election nerves. 

State:  West Virginia

The blockchain voting pilot program:   secure military mobile voting in two counties

How does the blockcahin voting app work?

• biometrics to verify voter identity
• records the vote from the mobile device onto a “chain”
• the vote is then verified by 3rd party

State Tech | West Virginia Pilots First Blockchain-Powered Federal Voting App 

 City: Kansas City, MO

What does its RFP want? 

• Technology Partner to make it the smartest city in the country
• The partnership will design & build:
  •  a “full integrated suite of sensors, networks and data and analytics platforms,”
  • built off its  current smart city network
  • 30-month construction period
  • develop a long-term strategic plan for the next 10 to 30 years

Gov Tech | Kansas City, Mo., Issues RFP for Smart City Partner 

• 19 year old hacktivist
• Nom de hack: Vigilence
• Faces  5 counts of computer crimes in Minnesota
• The hack attacked state computers
• The hack was in response to no conviction on charges for a police officer accused of shooting a civilian 

The Register | ‘Vigilance’ hacker charged over Minnesota government attacks

Atlanta officials are asking for an additional $9.5 million to recover from a ransomeware attack.

What do I need to know about Atlanta’s ransomware attack?

• Worst ransomware attack in US history
• More than 1/3  of the city’s 424 software programs were offline, fully or partially
• The $35 million budget for the technology department is not enough to recover 
• The ransom was  $51,000 worth of bitcoin

Reuters | Atlanta officials reveal worsening effects of cyber attack 

• Utility tokens are a hot commodity among bitcoin currencies
• Why are utility tokens popular?
  • some think they offer legal protection from regulatory schemes
  • others think utility tokens are key to block chain’s future
• Utlity tokens will most likely be regulated by the SEC and State Securities Boards

Texas Lawyer | Ready Player One? Avoid Getting Played on Utility Tokens

An Atlanta news station asked for public records related to Atlanta’s ransomware attack.

The city repsonse:  No. Not going to happen.

Why is the city denying the open records request? ongoing investigation, ongoing security concerns

What do freedom of information experts say? The Freedom of Information Act does allow for exemptions during open investigations

CBS 46 | Atlanta officials deny requests for records amid cyber attack

State: Colorado

Does the Colorado law apply to businesses outside Colorado? yes, it applies to any business that does business with a Colodoan

What does Colorado’s new data breach law require?

• Notification to affected consumers within 30 days of discovery of the breach
• Provide the consumer with the date of the breach
• Provide the consumer a description of what information was accessed

3 Ways the Colorado legislation differed from most states:

• A delay in notification can only occur if an investigation by the entity that was breached determines that the misuse of information about a resident has not occurred and is not reasonably likely to occur.
• Colorado requires 30 days notice and does NOT use the phrase “”without unreasonable delay”
• Colorado requires 30 days notice and does NOT use the phrase “in the most expedient time possible”

Stateline | When Hackers Strike, Companies in Colorado Now Have 30 Days to Notify Customers

CBO estimates less than $500,000 to administer a hack the State Department bill, HR 5433.

State legislature :  California Senate passed 23:12 a net nuetrality bill

The Net Nuetrality Bill: SB 822 (2018 | CA)

What words are being used to describe the net nuetrality bill?

• “gold standard” for states
• 86% of people, according to a University of Maryland poll, oppose the FCC repeal of net nuetrality
• the bill sides with the public

What did the lobby effort look like against the bill?

• AT&T, Comcast & industry groups, like USTELECOM, opposed SB 822
• nearly $1 million spent during the first quarter to fight net nuetrality in California

San Jose Mercury News | California moves a step closer to its own net neutrality rules 

Vermont’s H.764 (2017-2018 | VT)  creates the first data broker regulations that will:

• eliminates costs on credit freezes & thaws
• establishes a registry and security standards for 3rd party ‘data broker’ industry
• clarifies data security requirements for commercial entities
• criminalizes acquiring data for fraudulent purposes, including harassment & discrimination

Talking Points for H764 which will give Vermont residents:

• greater privacy
• saves them money
• gives them information and tools to keep their personal information secure
• “light touch regulation”

Stateholders:

• economic development interests
• data industry
• consumer protection interests

VT Digger | Vermont first to pass data broker regulation bill

General Services Administration issued a Request for information to provide a more comprehensive assortment of cybersecurity services and expedite their discovery and acquisition.

To participate in the request for information, the deadline is 6/9/2018.

What does this mean for procurement? GSA wants to increase:

• the number of agencies that procure cybersecurity services
• the number of contractors and specialties of cybersecurity contractors

Nextgov | GSA Wants to Modernize How the Government Buys Cybersecurity Services 

The report: US Senate Intel report

The recommendation on wi-fi and voting machines: Voting machines should not have wi-fi capabilities.

The Most Hackable Cities:

1.  Las Vegas
2. Memphis
3. Charlotte
4. Houston 
5. providence
6. Birmingham
7. Jacksonville
8. West Palm Beach
9. Orlando
10. Tampa

Coronet | Cybersecurity in the City

4 reasons Seminole County, Florida is accepting cryptocurrency:

• eliminates credit card processing fees
• improves payment accuracy
• improves payment transparency
• improves payment efficiency

Is there a procurement opportunity here? yes, Seminole County contracted with BitPay

The Seminole County Press Release May 2018

For the U.S. market of cyber secuity insurance policies in 2017:

• 32% growth in direct premiums written in year over year growth
• $1.8 billion,
• 2.6 million policies in force, a 24% increase
•  claims increased to 9,017 from 5,955
• 56.3% of the claims by packaged policies
• 43.7% of claims by standalone policies  

Insurance Journal | U.S. Cyber Market Grew 32% in 2017 But Most Small-Medium Firms Opted Out: A.M. Best

In lieu of hiring cyber security employees, local governments are using third party software and hardware to bolster cybersecurity. 

What short hand do I need to know for this technology?

•  It is “machine learning and AI”
• It  can detect cyber threats rapidly
• it allows for large-scale behavioral detection

State Tech | Cities and Counties Turn to Machine Learning to Bolster Cybersecurity

State: Colorado

Proposed Rules for bitcoin campaign contributions will:

• follow along with the FEC
• A Colorado Governor candidate was one of the 1st campaigns to accept bitcoin during the candidates congressional run
• includes accounting rules
• that liken cryptocurrency to inkind contributions
• any crypto currency contributions count toward contribution limits

Governing | Should Bitcoin Be Used for Campaign Donations?

Which Texas cybersecurity experts signed this letter to the Texas Secretary of State?

• Scott Aaronson, Professor, University of Texas at Austin
• Chris Bronk, Assistant Professor, University of Houston
• Alvaro Cardenas, Assistant Professor, University of Texas at Dallas
• Guofei Gu, Associate Professor, Texas A&M
• Murat Kantarcioglu, Professor, University of Texas at Dallas
• Jiang Ming, Assistant Professor, University of Texas at Arlington
• Dan S. Wallach, Professor, Rice University
• Brent Waters, Associate Professor, University of Texas at Austin
• Greg White, Professor, University of Texas at San Antonio

What 4 priorities did the cybersecurity experts identify?

• updated election security standards and accountability mechanisms
  • legislative action
  • key phrase: ensure consistent cyber-hygiene
  • require election officials to undergo cybersecurity training
  • no electronic overseas voting
  • Legislature should give the Secretary of State authority to oversee the safeguards of all elections in Texas
• auditable paper trails
  • all counties
• mandatory post-election audits
  • clear rules for the methodology and size of the audits
• secure voter registration systems
  • prepare for disasters by ensuring that voter database servers are capable of both local and offsite failover

What 3 things should the required Study of Texas Election Systems Include?

•  investigation of vulnerabilities and risks for a cyber attack against Texas’s voting and voting registration systems
• information on any attempted cyber attack on these systems
• recommendations for protecting a county’s voting system machines and list of registered voters from a cyber attack

Local May 2018 election that was hacked:  Knox County, Tennessee primary for mayor &  local races

What kind of hack was used?  A DDoS attack routed through 65 countries

Translation of the hack? A lot of computers from all over the world tried to access the web server for the election from 7pm to 10pm causing the election site to crash

Politico |  WHAT HAPPENED IN TENNESSEE: 

Who is offering the suggested solution to combat hackers? The head of Germany’s domestic intelligence service

What is the proposed solution to combat hackers of Germany’s critical infrastructure? to plant malware that gets triggered when the critical infrastructure is hacked.

What does that mean in non-tech term? Fight back by hacking back. 

dw.com | German intelligence head warns of cyber attacks on critical infrastructure

• No requirements for tech companies to build in backdoors
• The Secure Data Act

Politico | PRO-ENCRYPTION BILL LAUDED 

South Carolina’s  H4655 (2018 | SC) will:

• require insurers to establish “strong and aggressive” program to protect companies from a data breach
• require insurers to establish “strong and aggressive” program to protect consumers from a data breach
• what does it cover?  
  • rules for insurers, agents and other licensed entities covering data security
  • investigation and notification of breach
  • maintaining an information security program based on ongoing risk assessment
  • overseeing third-party service providers
  • investigating data breaches
  • notifying regulators of a cyber security event

How did this bill begin?

• South Carolina Insurance Director Raymond G. Farmer chaired the  National Association of Insurance Commissioners’ Cybersecurity (EX) Working Group that drafted the bill

Business Insurance | S.C. governor signs insurer cyber security into law

Cyber Crimes in the U.S. cost:

• reported losses exceeding $1.4 Billion (2017)
• total of 301,580 complaints (2017)
• In 2013, the losses were $781Million with 262,813 complaints
• Average of 800 complaints per day
• Victim losses are highest in TX. ($115.7Million) & CA ($214.2M)

FBI | 2017 Internet Crime Report

Georgia Governor Deal vetoed  SB315 (2018 | GA)  because:

• the bill could undermined national security
•  harmed private businesses’ efforts to stop hackers
• Georgia needs more discussion on this bill

A future data security bill should:

• develop a comprehensive policy
• promoting national security
• protecting online information
• continuing to advance Georgia’s position as a leader in the technology industry

Veto Statement on SB 315 May 8, 2018 Georgia Governor Deal

Politically Georgia | Computer snooping bill vetoed by Georgia Gov. Nathan Deal

Refreshing our recollection:

3 Reasons Tech Companies Want a Data Security Bill Vetoed in the Cherokee Rose State

West Virigina is securing its voting maschines from hackers by:

• West Virginia Air National Guard, with top secret clearance, actively tracks hackers
• West Virigina Secretary of State is prioritizing data security
• Intelligence Fusion Center, a nexus of state and federal law-enforcement and intelligence officials who handle threats ranging from floods to cyberattacks.
• State law requires that hand-countable paper ballots be used in every election

New York Times | How West Virginia Is Trying to Build Hacker-Proof Voting. 

Colorado Legislature passes SB18-086 to require 3 governmental entities:

• governor’s office of information technology (OIT)
• department of state
• department of regulatory agencies

to consider using encryption techniques and blockchain tech in order to protect:

confidential state records.

The bill also requires Colorado to accept business filings in distirbuted ledger (blockchain).

Colorado SB18-086

Cointelegraph | Colorado Passes Bill Advocating Blockchain For Gov’t Data Protection And Cyber Security

State: Wisconsin

What did Wisconsin’s Ethics Commission do about bitcoin campaign contributions? The Ethics Commission Administrator asked the Legislature to make a determination on how to handle bitcoin contributions

What 2 policy reasons did the Ethics Commission give to the Legislature? 

• “provide clarity to candidates and committees as to whether they may accept contributions of cryptocurrency.”
• concern over the anonimity of bitcoin contributions

What prompted bitcoin as campaign contributions in Wisconsin? A request from the Libertarian party to allow for bitcoin contributions

3 Governmental entities allow bitcoin contributions:

•  federal government
• Montana
• Washington, D.C.

Tampa Bay Times via AP | Ethics Commission asks Legislature to decide bitcoins

A group of tech companies, including:

• Google
• Microsoft
• + 50 academics, researchers, cybersecurity experts and technologists

are asking Georgia Governor Deal to veto a bill that makes unauthorized cyber access a crime punishable with up to 1 year in jail because the bill will:

• chill security research
• harm the state’s cybersecurity industry
• Why is that a big deal? Because the bill for the first time would “create new liabilities for security researchers who identify and disclose weaknesses to improve cybersecurity”

It’ll punish the white hat hackers- who hack to make systems better. 

AP | Tech giants urge governor to veto Georgia cybercrime bill

Wyoming this year sought to stake out territory as a leader in luring blockchain technology to the state.

These are the benefits that are touted:

• economic (new businesses moving to WY)
• elections- blockchain can streamline voting & make it more secure
• no cost to the state

The concern:

• Wyoming needs a tax structure that encourages technology companies to move there

Casper Star Tribune | Editorial board: Blockchain could be a boon for Wyoming 

State: Hawaii

The Equifax Response bill: HB 2342 (HI | 2018) 

What does the bill do?

• No fees for credit freezes
• No fees for credit thaws

Maui Now | Bill to Make Credit Freezes Free Passes Legislature

State: Texas

The pieces of information that State Representative Giovanni Capriglione wants to prohibit from being sold by the State of Texas:

• A person’s precise geographic location
• A person’s internet browsing history
• A person’s application usage history
• Teh functional equivalent of this information

What information is the State of Texas selling?

• Voting records
• Driver’s records

Houston Chronicle | Facebook may not sell the data it collects, but the state of Texas sure does

State: West Virginia

The lawsuit by the West Virginia Attorney General:  Violation of the the state’s Consumer Credit and Protection Act  

The potential penalty: $150,000 for each security breach and $5,000 for each violation of each of the 730,000 West Virginians affected by the Equifax breach

The statement from the WV Attorney General:

“Equifax’s failure to secure consumers’ personal information constitutes a shocking betrayal of public trust and an egregious violation of West Virginia consumer protection and data privacy laws,” Morrisey said in a statement.

Insurance Journal | West Virginia Sues Equifax Over Data Breach

Pennsylvania Secretary of State imposed a 12/31/2019 deadline for:

• each county in Pennsylvania
• to order new voting machines
• that keep a paper trail of each ballot

The total estimated cost for all counties: Between $95 million and $153 million

Penn Live | Pa. says counties must have new voting machines – with paper trails – for next presidential election

Who is behind the California Mayors Cyber Cup? California Mayors and California Cyberhub

The competition: brings high school and junior high school students from across the state to represent their specific cities in a cybersecurity competition

The policy goals: 

• educated workforce
• leader in addressing the global cybersecurity skills gap
• helps cities meet economic development goals to strengthen the workforce

CISION | California Uses Cyber Competition to Bring Cybersecurity Awareness to Communities Across the State 

the candidate: California State Senate incumbent Sen. Richard Pan, D-Sacramento

the alleged hack: Sent the campaign treasurer, from the candidates account, an invoice for a vaccine-related nonprofit organization, billing  the campaign for $46,000,  which was paid

What track was left? A series of emails between the Campaign Treasurer and the hackers, pretending to the candidate, with the treasurer asking whether the candidate really wanted to pay the Texas based vaccine related non-profit

Sacramento Bee | Hackers stole his campaign cash, Sacramento lawmaker says 

Members of  “Reform Government Surveillance”: Apple, Google, Yahoo, Microsoft, Twitter

6 Plank Agenda:

• limiting government authority to collect user information
• enhancing government oversight
• promoting transparency about government demands for data
• preventing hurdles for sharing information
• ensuring cooperation between nations’ governments
• encryption. opposing any government required engineered vulnerailities in technology

Politico | SURVEILLANCE COALITION INCLUDES NEW AGENDA ITEM

The legislation: Small Business Advanced Cybersecurity Enhancements Act of 2018 H.R. 4668

3 Points from HR 4668:

•  create cybersecurity assistance units at Small Business Development Centers (SBDCs) throughout the country
• point-of-contact for small businesses that suffer a cyber-attack
• Coordinate expertise from several federal agencies to provide small businesses with the best resources to prevent and recover from cyber-attacks.

The Support Letter from the US Chamber:   HR 4668 Letter 

3 Points from the US Chamber letter:

HR 3668 will help small business better protect themselves against malicious actors

WLUC | Peters, Risch introduce bill to increase federal cybersecurity resources for small businesses

Conference of Western Attorneys General will be discussing the following data security issues this year:

• data privacy, cybersecurity, and digital piracy
• breach notification
• the European Union’s data protection regulations
• national security & cybersecurity intersection
• FinTech

Enacted Laws to be highlighted:

• Arizona’s Regulatory Sandbox Program, signed into law by Governor Doug Ducey on March 22, 2018
• Arizona House Bill 2154 into law on April 11, 2018 that prioritize data privacy in partnership with the AG’s office

Why will these bills be highlighted: Arizona Attorney General Chairs the Conference of Western Attorneys General

The Delarware Attorney General launched a new webpage that has 4 data secuity resources:

• Online Reporting of Data Security Breaches
• Data Security Breach Notice Database
• Model Form for Providing Notice to Consumers and Other Affected Persons
• Links to Online Cybersecurity Resources

Delaware.gov | Attorney General Denn Announces New Online Data Security Breach Reporting Resource

State: Colorado

The Net Neutrality Bill in Colorado: HB18-1312 

What does Colorado’s HB 18-1312  do?

• Any entity receiving state funds to provide internet service, like rural broadband programs, must commit to net neutrality
• Requires net-neutral service preference when state taxpayer dollars are being spent on internet services

What reasons do Colorado Legislatorsy offer to support Colorado’s HB18-1312?  

• The Colorado Bill has nothing to do with the FCC reclassification, unlike what the Americans for Tax Reform Argument from Digital Liberty
• 83% of Americans support allowing non-net-neutral services

The Hill | Colorado must fight to protect net neutrality

California Legislature is moving a state net nuetrality biull that will move oversight to the State Attorney General to enforce net nuetrality among ISP providers.

California SB 822 (2018) 

Los Anglese Times | Net neutrality rules move past first hurdle in California 

Healthcare Supply Chain Association recommends these contract provisions for health care contracts:

State: Colorado

The Net Nuetrality Bill in Colorado: HB18-1312 

What group is opposing the bill? Americans for Tax Reform sister organization, Digital Liberty

What reasons do Americans for Prosperity offer to oppose Colorado’s HB18-1312?

• The bill does not help net nuetrality, because the FCC did not destroy the internet
• The bill harms Coloradoans

The Hill | Colorado’s legislature should think twice about passing a net neutrality law

The Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act. S2639 (2018) will:

• require edge providers (Facebook and Google)
• obtain opt-in consent from users before using, sharing  or selling their information
• require reasonable data security practices from edge providers
• require notifcation to users about all collection, use, and sharing of users’ personal information, and to inform users of a data breach
• clarifies that enforcement authority trests with the Federal Trade Commission

PYMTS | Consumer Watchdog Wants More Than Regulation For Facebook

Congress is considering STB Information and Security Act (H.R. 4921) and The FRA Safety Data Improvement Act (H.R. 4925) that will:

• implement a plan to improve railway nformation security system
• improve the management and collection of railroad safety data
• identifying and mitigating rail safety risks

Railway Age | Rail data security bills head to Senate

State: Michigan

The 2 ransomware bills signed by Michigan’s Governor:

• PA 95 HB 5257 (2018) 
  • prohibits knowingly possess ransomware with the intent to use or employ that ransomware
• PA 96 HB 5258 (2018)
  • sentencing guidelines for ransomware possession

What problems was the Legislature trying address: 

• Michigan had no recourse to charge cybercriminals that had ransomware on their computers that they hadn’t used  
• In 2017 there were 1,300 reported cases of ransomware attacks in Michigan 

State Scoop | Possession of ransomware is now a crime in Michigan

Wyoming looks to be a world leader on blockchain technology.

To achieve its goal, Wyoming Legislature passed these bills:

• House Bill 19  trade and commerce standards that include virtual commerce
• House Bill 70  framework for developing, selling or facilitating the exchange of an open blockchain token
• House Bill 101 business use of blockchain records
• House Bill 126 LLC use of blockchain records
• Senate File 111 Property taxes and digital currency

What is Wyoming’s state strategy? Wyoming’s economic diversification strategy is known as ENDOW – which stands for Economically Needed Diversity Options for Wyoming 

Government Technology | New Laws Reverse Wyoming’s Strict Stance on Blockchain, Cryptocurrencies

Date of cyber attack: April 2, 2018

What part of a pipeline system was attcked? an Electronic Data Interchange for the pipeline system

What impact did the hack have on the piepline?

• The interchange was handled by a 3rd party
• allegations that the system was shutdown, with no known impact on the natural gas flow
• later in the evening, it was  safe to transfer files through the EDI platform
• no data or operations were affected by the attack

CISO Magazine | Energy Transfer Partners reports cyber breach

• 7 states have enacted blockchain bills
  • Arizona, Delaware, Illinois, Nevada, Tennessee, Vermont, and Wyoming
• 8 States have amended wire transfer satutes to account for lockchain
• $2.4 Billion in venture capital invested in blockchain since 2012
• $120,000 to $150,000 average salary for a blockchain company employee
• 19 states considering lockcahin bills in 2018
  • Including: Hawaii, New York, Colorado, Nebraska, Vermont, Virginia, Florida, Maryland, and North Dakota

The Verge | Blockchain laws tend to be hasty, unnecessary, and extremely thirsty

•  Trump administration has elevated U.S. Cyber Command to a unified combatant command
• The internet is a critically weak link for the U.S.’s military 
  • “Adm. Michael Rogers, the head of Cyber Command, recently told Congress he needs $647 million to build the cyber mission force and conduct cyber operations”

Richmond Times Dispatch | Editorial: Cyber security is far more critical than border security

Atlanta’s city services recently experienced a ransomware attack, the responses include:

• Calls for more transparency for utilities about their cybersecurity to “keep consumers aware of the threats and their frequency”
• Because electricity is a security issue, the market cannot resolve the issue & the government must act
• FERC is beefing up mandatory reporting requirements

Eagle Tribune Opinion | Utilities should be more transparent about cybersecurity

Massachusetts Legislature is moving a net neutrality bill, S2376,  that will:

• create a central registry of internet service providers
• require net nuetrality in government contracts
• prohibit ISPs from collecting, using or sharing a consumer’s personal data without their consent
• State rules would be developed by the state Department of Telecommunications and Cable
• Requires ISPs to make the same disclosures to state regulatators that ISPs make to the FCC
• An assessment on ISPs would be levied to cover additional agency oversity costs

Gloucester Times | UPDATE: Senate bill would assess providers to ensure internet neutrality

Draft Federal legislation will require notification of breach if and only if a business determines:

• “a reasonable risk that the breach of data security has resulted in identity theft, fraud or economic loss”

Why does this specific statuory draft langauge matter? Courts are split on whether a business is liable when a data breach hasn’t resulted in actual fraud or economic loss, which means the language sets up a liability threshold.

Fox 13 | Report: Draft bill would allow credit reporting agencies, banks to conceal data breaches

The US Chamber of Commerce has a new White Paper supporting business-government partnerships for data security.

The 5 best practices recommended: 

• Cultivate trusted and bi-directional relationships with law enforcement and prosecutors
• Join a cyber information sharing organization
• Implement and Update cyber incident response plans
• Loop in legal counsel to keep counsel up to date on business’ cyber plans and resources
• Actively contact law enforcement during incident response for suspected criminal activity

City: New York City

Cybersecurity protection offered by NYC: A free app called NYC Secure that alerts a person to mailcious attempts to hack their device

5 Components to NYC Secure:

• Its a free app
• It will not collect or transmit any personal identifying information
• It will not collect or transmit private data
• It works in coordination with increased security rollouts at NYCs public Wi-Fi networks
• New York’s NYC Cyber Command (NYC3), a city-level cyber defense organization, will oversee the program

Tech Crunch | New York City is launching public cybersecurity tools to keep residents from getting hacked

32 Attorneys General oppose federal preemption of state data security laws because:

• Reduces state enforcement by allowing entities to decide if a breach needs to be reported
• Prevents proactive action by consumers in state law, which states currently have
• Leaves a vacant enforcement loophole for breaches that impact fewer than 5000 

Pocono News | PA attorney general seeks stronger enforcement of data breach notification laws

Bi partisan Attorneys General Letter Opposing Federal Data Security Preemption March 19, 2018

LBB | Overview of State Agency Cybersecurity Costs 

Florida legislature authorized the spending of  $1.9 million in federal Help America Vote Act (HAVA) money for:

• Counties to buy devices & pay for a monthly monitoring service that looks for hacker attacks
• Each sensor costs $8,000
• Monthly monitoring is $1,300/month
• Funding will last only for 12 months
• Funding was not provided to protect the statewide database of voter information
• Funding doe snot include the Governor’s request for 5 cyber security experts 

Tampa Bay Times | Despite attempted Russian election hack, Legislature did not create cyber security unit

Michigan enacted HB 4973 (2018) which will exclude cybersecurity information from open records requests. 

It creates these 4 cybersecurity definitions to protect the state’s cybersecurity:

• “Cybersecurity vulnerability”
• “Cybersecurity plan”
• “Cybersecurity incident”
• “Cybersecurity assessment”

The Peninsula | New law exempts data linked to cybersecurity from FOIA requests

• State agencies can  coordinate data sharing, processing and storage
• State and Local agencies can actively work on data minimization
• Include cybertraining as basic employee training

State Tech | What’s the State and Local Agency Role in the Battle for Data Privacy?

State: Florida

The bill: HB 7071 (2018)

What would this database do?

• store searchable, anonymized data about individual defendants
• includes ethnicities
• includes details of plea agreements
• county-level data about the daily number of people being held in a given jail pre-trial
• annual misdemeanor caseload at each court

How is this trend progressing?

• local governments like counties in California have created their own criminal case databases

WIRED | FLORIDA COULD START A CRIMINAL-JUSTICE DATA REVOLUTION

State: Nebraska

Nebraska’s 2018 post-Equifax reform bill: Legislative Bill 757 (2018)

What does Nebraska’s LB 757 do?

• requires reasonable security and disposal procedures and practices for all entities possessing data
• non-affiliated 3rd parties also have to maintain reasonable security and disposal procedures for data
• free credit freezes and free credit thaws

State: South Dakota

The South Dakota post-Equifax data breach bills: House Bill 1078 & House Bill 1127 

What did House Bill 1078  do? Freezes remain in place until the consumer requests otherwise & must be lifted within 3 days of a request

What did House Bill 1127  do? Cost free credit report freezing & un-freezing (thawing)

State: New York

Stop Hacks and Improve Electronic Data Security Act: NY Senate Bill S6933A (2018)

What do I need to know to sound like I know about the SHIELD Act?

• it covers both disclosure of hacks & securing information
• for businesses it uses the increasingly common standard of :”“reasonable safe-guards to protect the security, confidentiality and integrity” of private information.”
• The carrot: no new causes of action are created
• The stick: violations fall under the Deceptive Trade Practices Act and fines accrue per violation

National Law Review | A Primer on the SHIELD Act: New York’s Move to Adopt More Stringent Data Security Requirements, Part II

Background: A data security researcher at a public university in Georgia discovered the personal information of 6.7 million Georgia voters unprotected online. 

The legislative Response: Gerogia’s SB 315 (2018) 

What is the legislative goal? Prevent computer snooping by requiring permission at the outset before seeking unprotecting data maintained by a government or business

What does the tech community say? Fix this bill by only criminalizing computer snooping with maiclious intent

Atlanta Journal Constitution | Georgia bill might limit efforts to find internet security problems

State: Connecticut

The Data Security for Education Contracts Bill: 2016’s  H.B. No. 5469

3 Takeaways for Education Vendors:

• All vendors need written data privacy agreements
  • All means all from yearbook publishers to niche apps to Google
• 2 Policy Goals the state wanted to meet:
  • Protect students from targeted advertising
  • Require notification of data breaches 
• The unintended consequence: Each data privacy contract is required by each school district which led to a lot of legal fees for school districts

EdSurge | States Issue Privacy Ultimatums to Education Technology Vendors

Wyoming HB 0070 (2018) will create this regulatory system for bitcoin in Wyoming:

• Creates an open blockchain token
• Cannot be marketed as an investment or part of a repurchase agreement
• Exchange of open blockchain does not trigger broker dealer regulations

3 Tech commentaries:

• Wyoming is forward-thinking to allow freer reign for cryptocurrency companies
• Makes Cheyenne intruiging to a  few dozen crypto startups
• Wyoming revealed its willingness to be a “test bed for future regulation”

The impact to Texas: Wyoming has the regulatory framework for sandboxing, which is in the 2018 interim charges for the Texas House.

Tech Crunch  | Wyoming works to make some crypto tokens exempt from regulation

• 5 Governors have net nuetrality executive orders
• Washington State Governor signed a Net Nuetrality Law
  •  The WA bill says providers offering service in the state cannot block or throttle legal content, & cannot offer fast-lane access to companies willing to pay extra.
• Oregon’s Governor is expected to sign its Net Nuetrality Law
  • The OR bill prohibits state and local entities from buying internet service that blocks or throttles content
• 25 States are considering net nuetrality bills
• The bills are bipartisan

WIRED | WASHINGTON STATE ENACTS NET NEUTRALITY LAW, IN CLASH WITH FCC. 

Pennsylvania Attorney General has filed suit against Uber for violating the state’s data breach notification laws.

What are the alleged violations? (Also Known As red flags for drafting data breach notification laws)

• 13,500 Pennsylvanians were not notified in a reasonable time
• each violation has a $1000 fine, for a total of $13.5 Million

What ogther circumstances did the Attorney General mention?

• The company waited a year
• intentionally hid the breach
• contracted with hackers concerning the breach

WIRED | UBER ‘SURPRISED’ BY TOTALLY UNSURPRISING PENNSYLVANIA DATA BREACH LAWSUIT

What role did local government play? Houston Mayor and City Council tasked a group to develop strategies to support and attract technology companies

The result of the local government task:  A land-neutral proposal for a data consortium 

Local additional elements: The Univeristy of Houston’s Institute for Data Science that will focus on:

• cyber and physical security
• drug development and discovery
• sustainable communities and infrastructure
• accessible and personalized health care

Houston Business Journal | Texas Medical Center, Houston energy cos. considering data science consortium

Houston Chronicle | Texas Medical Center, Houston’s energy industry in talks on data science collaboration

State: Oregon

The legislation: OR HB 4155 (2018)

What does Oregon’s HB4155 do?

• It does not mandate net nuetrality
• it prohibits agencies, cities and counties from using internet service that blocks or prioritizes specific content or apps
• it does not apply in areas where there is only 1 service provider

oregon Live | Oregon Senate sends net neutrality bill to Gov. Kate Brown

Seattle Times | Net neutrality bill passes Oregon Legislature