WORK WITH US
AB 2355 – Schools Are Required To Report Cyberattacks To The California Cybersecurity Integration Center
The bill requires a school district, county office of education, and charter school to report any cyberattack affecting 500 pupils or personnel to the Cybersecurity Integration Center (Center). Cyberattack means (1) any alteration, deletion, damage, or destruction of a computer system, computer network, computer program, or data caused by unauthorized access; or (2) the unauthorized denial of access to legitimate users of a computer system, computer network, computer program, or data.
The bill also requires that the Center establish a database that tracks reports of cyberattacks submitted by local educational agencies. The Center, annually, beginning January 1, shall report to the Governor and the relevant policy committees of the Legislature a summary of the following:
- The types and number of cyberattacks;
- The types and number of data breaches reported to the Attorney General;
- Any activities the Center provided to prevent cyberattacks or data breaches; and
- Support provided by the Center following a cyberattack or data breach.
The bill requires the Attorney General to provide sample copies of data breach notifications received from local educational agencies.
This bill shall remain in effect until January 1, 2027.
(AB 2355 adds and repeals Article 8.5, commencing with Section 35265, of Chapter 2 of Part 21 of Division 3 of Title 2 of the Education Code.)