SB 161, Government Contractor Data Privacy

Municipal Impact
Working With Author
GMA Contact
Bill Sponsor

Sen. John F. Kennedy
District 18

This bill would require all companies with a written contract with cities and counties and all companies provided access to city and county facilities or data systems without a written contract to comply with a statutorily defined external data privacy program. This program would require these companies to: Alert the local government in the event of of a data breach; Perform quarterly scans of their employees' names, email addresses, personal phone numbers and dates of birth against 350 known data brokers or people search websites and, using a major internet search, determine what information is easily obtainable for each employee; Maintain a report of all information discovered in the quarterly scans and use this information when conducting an annual privacy risk assessment; Keep the reports for a minimum of three years and provide the reports to the local government within seven days of request in the event of a data breach; and Certify to the local government that the company conducts annual privacy training for its employees that describes how information retained by data brokers is used for cyberattacks. 

Last Updated: 2/24/2023
Subject Area: Municipal Powers
Resources: bill text
2/14/2023 - Assigned to Senate Committee

Comment on this Bill

SB 161 In The News