SB3518 Summary

• Modifies Freedom of Information Act exemptions to clarify that cybersecurity vulnerabilities are exempt from public disclosure, specifically adding "cybersecurity vulnerabilities" to the list of information that can be redacted.

• Creates the Technology, Education, and Cybersecurity Fund as a special state treasury fund for the Department of Innovation and Technology to promote information technology activities and accept grants and donations.

• Requires municipalities with populations of 35,000 or greater and all counties to designate a local official as the primary point of contact for cybersecurity issues and provide contact information to the Department of Innovation and Technology.

• Establishes a cybersecurity liaison program within the Department of Innovation and Technology to advise local governments and school districts on identifying cyber threats, performing risk assessments, sharing best practices, and responding to cyber incidents.

• Mandates annual cybersecurity training for all employees of counties, municipalities, and school districts covering phishing detection, spyware prevention, identity theft, and data breach response.

• Prohibits state agencies from purchasing products that federal Department of Homeland Security Binding Operational Directives prohibit due to cybersecurity risks.