Revision: Nov. 19, 2021, 11:48 a.m.
HB 1277 - AS INTRODUCED
2022 SESSION
22-2820
11/10
HOUSE BILL 1277
AN ACT relative to the reporting of cybersecurity incidents.
SPONSORS: Rep. Somssich, Rock. 27; Rep. Meuse, Rock. 29; Rep. Hamblet, Rock. 31; Rep. Ward, Rock. 28
COMMITTEE: Municipal and County Government
-----------------------------------------------------------------
ANALYSIS
This bill defines "cybersecurity incident" and requires that political subdivisions report such incidents to the department of information technology.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Explanation: Matter added to current law appears in bold italics.
Matter removed from current law appears [in brackets and struckthrough.]
Matter which is either (a) all new or (b) repealed and reenacted appears in regular type.
22-2820
11/10
STATE OF NEW HAMPSHIRE
In the Year of Our Lord Two Thousand Twenty Two
AN ACT relative to the reporting of cybersecurity incidents.
Be it Enacted by the Senate and House of Representatives in General Court convened:
1 New Section; Duties of Towns; Cybersecurity. Amend RSA 31 by inserting after section 103-a the following new section:
31:103-b Cybersecurity. The governing body, or chief administrative officer or designee of any political subdivision, who knows of or suspects a cybersecurity incident within such political subdivision, or within any vendor acting as an agent of the political subdivision, shall immediately report such incident, upon discovery, and shall disclose all known information and interactions to the New Hampshire cyber integration center of the department of information technology. For purposes of this section, "cybersecurity incident" means an occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information processes, stores, or transmits, of that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
2 Effective Date. This act shall take effect 60 days after its passage.