(a) A local educational agency shall report any cyberattack impacting more than 500 pupils or personnel to the California Cybersecurity Integration Center.

(b) (1) The California Cybersecurity Integration Center shall establish a database that tracks reports of cyberattacks submitted by local educational agencies pursuant to this section. The Center shall annually, by January 1, provide a report to the Governor and the relevant policy committees of the Legislature summarizing the types and number of cyberattacks on local educational agencies, the types and number of data breaches affecting local educational agencies that have been reported to the Attorney General pursuant to Sections 1798.29 and 1798.82 of the Civil Code, any activities provided by the Center to prevent cyberattacks or data breaches of a local educational agency, and support provided by the Center following a cyberattack or data breach of a local educational agency.

(2) The Attorney General shall share sample copies of data breach notifications received from local educational agencies pursuant to Sections 1798.29 and 1798.82 of the Civil Code, excluding any personally identifiable information, with the Center for the purpose of compiling this report.

(c) Nothing in this section shall be construed to affect any disclosure or notification requirements pursuant to Sections 1798.29 and 1798.82 of the Civil Code.

(Added by Stats. 2022, Ch. 498, Sec. 1. (AB 2355) Effective January 1, 2023. Repealed as of January 1, 2027, pursuant to Section 35267.)