Governor Signs Papan Bill to Deter Cyberattacks and Protect Student Privacy

Governor Signs Papan Bill to Deter Cyberattacks and Protect Student Privacy

San Mateo — Assemblymember Diane Papan is pleased to announce that Governor Newsom has signed into law her legislation, Assembly Bill 1023, that will provide local educational agencies with resources to defend against cyberattacks and protect sensitive data for students, staff and families.

Cybercrime is on the rise across the country and, increasingly, public schools are the target of sophisticated attacks that capture sensitive data, violate privacy, dismantle operations and extort funds from school districts and county offices of education.

“As technology plays a greater role in schools and in society, we must develop safeguards to protect critical data and safeguard the privacy of students, families and staff — particularly from nefarious actors willing to disrupt public education and put our communities at risk,” said Papan. “Current law fails to offer the support school districts and county offices of education need to defend against cyber threats and mitigate any successful attacks.”

The California Cybersecurity Integration Center (Cal-CSIC), a state agency created to help other agencies combat cyberattacks and promote cybersecurity, does not provide such support to TK-12 public school districts. Assembly Bill 1023 will ensure that Cal-SIC is required to provide direct cybersecurity assistance to TK-12 schools, allowing them to prepare for and respond to cyberattacks more effectively.

Ransomware attacks have grown in recent years and schools have increasingly been identified as soft targets lacking the capacity to ward off hackers. In addition, greater reliance on information technology to deliver instruction and services since the COVID-19 pandemic has left schools increasingly vulnerable to cyberattacks. In 2022, cyberattacks against the education sector increased by 36 percent from the previous year. For local educational agencies, it is not a matter of if — but when — their school information systems will be subject to a cybersecurity attack, which can render the entire school district or county office of education unable to conduct the day-to-day business of educating students.

In California, local educational agencies as large as Los Angeles USD and as small as the Glenn County Office of Education have been victimized by cybercrime, with the Glenn County attack prompting a multiple-day closure of school districts that were supported by the county office of education, which ultimately paid a ransom to recover sensitive data.

“With limited resources and ever more sophisticated cyber-attacks, it is more urgent than ever that we help school districts prevent and respond to cyber threats,” said Papan. “The functioning of our districts and the privacy of staff and student data must be protected.”