California Cybersecurity Integration Center (Cal-CSIC) to Include Education Representatives.

Current law requires the Cal-CSIC, which is operated by the California Office of Emergency Services, to coordinate information sharing amongst various agencies around the state. Among those agencies, which includes tribal agencies, utilities, and other service providers, are “academic institutions.” K-12 school agencies, however, are not specifically mentioned as one of the groups with which cybersecurity information should be shared.

AB 1023, authored by Assemblymember Diane Papan (D-San Mateo) adds school districts, county offices of education (COEs), and charter schools to the list with which the Cal-CSIC must share and coordinate cybersecurity information. This ensures that K-12 school agencies will receive the latest critical cybersecurity information. Further, the bill adds representatives from the California Department of Education (CDE) to the list of organizations that make up the Cal-CSIC.

Education Entities Removed from Bill to Require Domain Change to “.ca.gov”. 

As originally introduced, AB 1637 (Irwin, D-Thousand Oaks) would have required all local agencies, including local educational agencies, to:

• By July 1, 2025, ensure that the internet website they operate utilizes a “.gov” top-level domain or a “.ca.gov” second-level domain.
• By July 1, 2025, ensure that each email address provided to its employees utilizes a “.gov” domain name or a “.ca.gov” domain name.

The bill was introduced, according to the author, largely to increase the public’s trust when interacting with governmental agencies. Specifically, the author stated:

The public’s trust in government is foundational for a healthy democracy. With rising levels of misinformation and fraud perpetrated online, and more sophisticated threat actors intending to confuse and mislead, we can no longer be haphazard about how governments are presented online.

While a laudable goal, the provisions of the bill would have proved highly problematic for school agencies. However, strong advocacy from statewide education associations like California IT in Education (CITE), and the Association of California School Administrators (ACSA), caused the bill to be amended coming out of the Assembly Appropriations Committee, specifically removing school agencies from its provisions. Ultimately, with schools removed, AB 1637 made it all the way to the Governor’s desk and was signed into law.

The Governor signed the following technology bills:

Data Privacy

• AB 947 (Gabriel) – California Consumer Privacy Act of 2018: sensitive personal information.
  The California Consumer Privacy Act of 2018 (CCPA) grants to a consumer various rights with respect to sensitive personal information that is collected by a business. This bill expands the definition of “sensitive personal information”, for purposes of the CCPA’s provisions, to include personal information that reveals a consumer’s citizenship or immigration status.
  Chapter 551, Statutes of 2023

Technology

• AB 286 (Wood) – Broadband infrastructure: mapping.
  This bill expands the fields of data included on the California Interactive Broadband Map maintained by the California Public Utilities Commission’s (CPUC). Specifically, this bill would allow users to submit specified self- reported data and requires the CPUC to validate self-reported data before using that data as evidence in a proceeding.
  Chapter 645, Statutes of 2023
• AB 414 (Reyes) – Communications: Digital Equity Bill of Rights.
  This bill establishes the Digital Equity Bill of Rights, which establishes it is the principle of the state to ensure digital equity for all its residents and that residents shall have access to broadband in various forms. This bill also establishes it as the policy of the state that broadband internet subscribers benefit from equal access to service.
  Chapter 436, Statutes of 2023 
• AB 965 (Carrillo, Juan) – Local government: broadband permit applications.
  This bill requires local agencies to utilize batched processing for broadband permits, when two or more permits are submitted and are substantially similar.
  Chapter 553, Statutes of 2023
• AB 1023 (Papan) – California Cybersecurity Integration Center: school cybersecurity.
  This bill expands the scope of the Cal-CSIC, within the California Office of Emergency Services (OES), by explicitly requiring Cal-CSIC to coordinate cyber threat information sharing with school districts, COEs, and charter schools. It also adds representation from the CDE to Cal-CSIC.
  Chapter 555, Statutes of 2023 
• SB 387 (Dodd) – State property: sale or lease: broadband development.
  This bill authorizes the Department of General Services (DGS) to enter into a lease, at an amount less than fair market value, in support of broadband development.
  Chapter 485, Statutes of 2023 

Capitol Advisors Group has produced a set of comprehensive client briefs detailing new education laws that were passed by the Legislature and signed into law by Governor Newsom in 2023. Each brief is organized by subject area and includes an executive summary highlighting major changes we think you should know about. Bills signed by the Governor take effect on January 1, 2024, unless the bill specifically states otherwise.