SB 880 - This act creates the position of Chief Data Officer who is authorized to oversee each state agency's management of electronic data for purposes of evaluating appropriate management and security of the data.The Chief Data Officer may require each state agency to:
• Classify its electronic data into levels of sensitivity identified by the Chief Data Officer and regularly review and update such classifications;
• Develop, adopt, and regularly update a written policy for responding to breaches and suspected breaches of the agency's electronic data;
• Develop, adopt, and regularly update a written policy for the proper disposal of the agency's electronic data, including requiring the agency to use the office of administration's electronic waste contract for that purpose;
• Adopt data collection standards and procedures identified by the Chief Data Officer; and
• Develop, adopt, and regularly update other policies and procedures the Chief Data Officer deems necessary to evaluate appropriate management and security of the agency's electronic data.
State agencies are responsible for identifying the various types of electronic data, the location of such data, and the level of security required for each type of data. Such information shall be communicated to the Chief Data Officer. State agencies are additionally required to cooperate with the Chief Data Officer in fulfilling the requirements of this act.
This act does not waive sovereign immunity or create a cause of action against the state, any agency of the state, or any officer or employee of the state.
SCOTT SVAGERA