BILL ANALYSIS                                                                                                                                                                                                    

                                                                    AB 2623

                                                                    Page  1


          2623 (Gordon and Irwin)

          As Amended  August 15, 2016

          Majority vote

          |ASSEMBLY:  |77-2  |(May 31, 2016) |SENATE: |38-0  |(August 18,      |
          |           |      |               |        |      |2016)            |
          |           |      |               |        |      |                 |
          |           |      |               |        |      |                 |

          Original Committee Reference:  P. & C.P.

          SUMMARY:  Requires state agencies and entities, starting January  
          1, 2018, to report their information security expenditures on an  
          annual basis to the California Department of Technology (CDT).  

          The Senate amendments extend the initial reporting date out to  
          January 1, 2018.

          EXISTING LAW:  

          1)Establishes CDT within the Government Operations Agency, under  
            the supervision of the Director of Technology, also known as  
            the State Chief Information Officer.  (Government Code Section  
            (GC) 11545(a))


                                                                    AB 2623

                                                                    Page  2

          2)Requires the Director to, among other things, advise the  
            Governor on the strategic management and direction of the  
            state's information technology resources and provide  
            technology direction to agency and department chief  
            information officers to ensure the integration of statewide  
            technology initiatives.  (GC 11545(b))

          3)Requires the Director to produce an annual information  
            technology performance report that assesses and measures the  
            state's progress toward specified goals.  (GC 11545(d))

          4)Requires specified state agencies and state entities to submit  
            annually, as instructed by CDT, a summary of their actual and  
            projected information technology and telecommunications costs,  
            including personnel, for the immediate preceding fiscal year  
            and current fiscal year, showing current expenses and  
            projected expenses for the current fiscal year, in a format  
            prescribed by CDT.  (GC 11546.2)

          5)Defines a state agency, for purposes of the annual cost  
            report, to mean "the Transportation Agency, Department of  
            Corrections and Rehabilitation, Department of Veterans  
            Affairs, Business, Consumer Services, and Housing Agency,  
            Natural Resources Agency, California Health and Human Services  
            Agency, California Environmental Protection Agency, Labor and  
            Workforce Development Agency, and Department of Food and  
            Agriculture," as well as any "entity within the executive  
            branch that is under the direct authority of the Governor,  
            including, but not limited to, all departments, boards,  
            bureaus, commissions, councils, and offices" that are not  
            directly defined as a state agency.  (GC 11546.1(e)) 

          FISCAL EFFECT:  According to the Senate Appropriations  

          1)Minor and absorbable CDT costs to develop reporting criteria.   
            (General Fund)


                                                                    AB 2623

                                                                    Page  3

          2)Likely absorbable costs for individual state agencies to  
            segregate information security costs from overall information  
            technology (IT) expenditures and annually report to CDT.   
            (General Fund / various special funds)

          COMMENTS:  This bill is intended to increase state government  
          transparency in cybersecurity spending by requiring annual  
          expenditures to be tallied and reported so that CDT, the  
          Governor's Office and the Legislature can better measure agency  
          performance and resource allocation for cybersecurity.  

          The summary would cover actual and projected information  
          security costs, including personnel, for the immediately  
          preceding fiscal year and current fiscal year, in order to  
          capture statewide information security expenditures, including  
          the expenditure of federal grant funds for information security  

          CDT would be responsible for developing instructions and a  
          format for those reports, and would have the flexibility to  
          determine the accounting methodology used to collect the data.   
          This bill is author-sponsored.  

          Analysis Prepared by:                                             
                          Hank Dempsey / P. & C.P. / (916) 319-2200  FN:  


                                                                    AB 2623

                                                                    Page  4