Nearly two weeks after state Auditor Adam Edelen accused Senate Republican leaders of playing politics with a cyber security bill he endorses, the measure was placed on the chamber’s consent agenda after a unanimous committee vote Monday.
The Senate version of House Bill 5 would require state agencies, local governments and contractors to develop and maintain security and investigation protocols to mitigate electronic security breaches involving confidential information held by those agencies, such as Social Security numbers, said Sen. Joe Bowen, chairman of the Senate State and Local Government Committee.
Under the bill, security breaches would require notification of law enforcement, investigative agencies and those affected, though public notification could be delayed if it would “impede a criminal investigation or jeopardize national security,” he said.
Bowen, R-Owensboro, said the biggest difference between the version passed out of committee and the House version, which passed unanimously Jan. 30, is a wider public notification window, from 24 hours to 72 hours. He offered an example of a security breach during a weekend without staff in the office.
Stephenie Hoelscher, Edelen’s spokeswoman, said staff members of the auditor’s office had not fully reviewed the Senate’s amended version of HB 5, but they have spoken with stakeholders regarding the changes and generally support the concepts proposed.
Edelen’s office has had “good communications with Sen. Bowen throughout this process,” Hoelscher said.
“We worked with stakeholders, the local governments that would be affected by this and we had consultations with key legislators, including Sen. Bowen,” Hoelscher said via phone Monday evening.
The auditor expanded his media push this weekend, penning an editorial in the Owensboro Messenger-Inquirer, Bowen’s hometown newspaper, touting the importance of cyber security after some 200 Ohio County scholarship recipients recently discovered their Social Security numbers had mistakenly been posted on a public website.
Sen. Chris McDaniel, R-Taylor Mill, expressed concerns during Monday’s committee hearing over the legislation’s fiscal impact on municipal governments, which the Legislative Research Commission predicted would range from “minimal” to “moderate.”
Bowen said the bill’s financial ramifications “would trend more minimal than extensive.” Bowen spoke with those impacted by the Senate’s version of HB 5 Monday, and none raised any “major” issues with the bill.
“Obviously local governments are going to have some obligations here, but the bigger obligation is to make sure that the citizens of the commonwealth are protected with this personal and pertinent information,” he said. “And quite honestly, I don’t think it’s a question of if a security breach occurs, I think it’s a question of when a security breach occurs.”