BILL ANALYSIS �Ó
AB 2623
Page 1
CONCURRENCE IN SENATE AMENDMENTS
AB
2623 (Gordon and Irwin)
As Amended August 15, 2016
Majority vote
--------------------------------------------------------------------
|ASSEMBLY: |77-2 |(May 31, 2016) |SENATE: |38-0 |(August 18, |
| | | | | |2016) |
| | | | | | |
| | | | | | |
--------------------------------------------------------------------
Original Committee Reference: P. & C.P.
SUMMARY: Requires state agencies and entities, starting January
1, 2018, to report their information security expenditures on an
annual basis to the California Department of Technology (CDT).
The Senate amendments extend the initial reporting date out to
January 1, 2018.
EXISTING LAW:
1)Establishes CDT within the Government Operations Agency, under
the supervision of the Director of Technology, also known as
the State Chief Information Officer. (Government Code Section
(GC) 11545(a))
�
AB 2623
Page 2
2)Requires the Director to, among other things, advise the
Governor on the strategic management and direction of the
state's information technology resources and provide
technology direction to agency and department chief
information officers to ensure the integration of statewide
technology initiatives. (GC 11545(b))
3)Requires the Director to produce an annual information
technology performance report that assesses and measures the
state's progress toward specified goals. (GC 11545(d))
4)Requires specified state agencies and state entities to submit
annually, as instructed by CDT, a summary of their actual and
projected information technology and telecommunications costs,
including personnel, for the immediate preceding fiscal year
and current fiscal year, showing current expenses and
projected expenses for the current fiscal year, in a format
prescribed by CDT. (GC 11546.2)
5)Defines a state agency, for purposes of the annual cost
report, to mean "the Transportation Agency, Department of
Corrections and Rehabilitation, Department of Veterans
Affairs, Business, Consumer Services, and Housing Agency,
Natural Resources Agency, California Health and Human Services
Agency, California Environmental Protection Agency, Labor and
Workforce Development Agency, and Department of Food and
Agriculture," as well as any "entity within the executive
branch that is under the direct authority of the Governor,
including, but not limited to, all departments, boards,
bureaus, commissions, councils, and offices" that are not
directly defined as a state agency. (GC 11546.1(e))
FISCAL EFFECT: According to the Senate Appropriations
Committee:
1)Minor and absorbable CDT costs to develop reporting criteria.
(General Fund)
�
AB 2623
Page 3
2)Likely absorbable costs for individual state agencies to
segregate information security costs from overall information
technology (IT) expenditures and annually report to CDT.
(General Fund / various special funds)
COMMENTS: This bill is intended to increase state government
transparency in cybersecurity spending by requiring annual
expenditures to be tallied and reported so that CDT, the
Governor's Office and the Legislature can better measure agency
performance and resource allocation for cybersecurity.
The summary would cover actual and projected information
security costs, including personnel, for the immediately
preceding fiscal year and current fiscal year, in order to
capture statewide information security expenditures, including
the expenditure of federal grant funds for information security
purposes.
CDT would be responsible for developing instructions and a
format for those reports, and would have the flexibility to
determine the accounting methodology used to collect the data.
This bill is author-sponsored.
Analysis Prepared by:
Hank Dempsey / P. & C.P. / (916) 319-2200 FN:
0004395
�
AB 2623
Page 4