HOUSE BILL REPORT

SHB 2400

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

As Passed House:

February 16, 2020

Title: An act relating to privacy assessment surveys of state agencies.

Brief Description: Concerning privacy assessment surveys of state agencies.

Sponsors: House Committee on State Government & Tribal Relations (originally sponsored by Representatives Hudgins, Smith, Van Werven and Wylie).

Brief History:

Committee Activity:

State Government & Tribal Relations: 1/29/20, 1/31/20 [DPS].

Floor Activity:

Passed House: 2/16/20, 96-0.

Brief Summary of Substitute Bill

Requires the Office of Privacy and Data Protection to survey all state agencies annually regarding their collection, use, and sharing of data, and their use of security measures to secure data against unauthorized access or disclosure.
Requires state agencies to complete the survey within a reasonable time.

HOUSE COMMITTEE ON STATE GOVERNMENT & TRIBAL RELATIONS

Majority Report: The substitute bill be substituted therefor and the substitute bill do pass. Signed by 8 members: Representatives Gregerson, Chair; Pellicciotti, Vice Chair; Walsh, Ranking Minority Member; Appleton, Dolan, Hudgins, Mosbrucker and Smith.

Minority Report: Without recommendation. Signed by 1 member: Representative Goehner, Assistant Ranking Minority Member.

Staff: Jason Zolle (786-7124).

Background:

In April 2015 Governor Inslee created the position of Chief Privacy Officer (CPO) within the Office of the Chief Information Officer (CIO). The role of the CPO is to examine privacy practices across state agencies and to advise agencies that have privacy-related questions.

In January 2016 Governor Inslee established the Office of Privacy and Data Protection (OPDP) by executive order, and the Legislature codified the OPDP in statute shortly thereafter. The OPDP was placed within the Office of the CIO, and the CPO was made the Director of the OPDP. By statute, the CIO appoints the CPO.

The OPDP's primary duties are:

conducting an annual privacy review of state agencies;
conducting an annual privacy training for state employees;
articulating privacy principles and best practices;
coordinating data protection in cooperation with state agencies;
working with the CIO to review major state agency projects involving personally identifiable information; and
serving as a resource to local governments and the public on data protection concerns.

Every four years the OPDP must submit a report to the Legislature evaluating the office's performance, including discussion of its training activities and consumer education efforts. The OPDP must also submit a report at least every four years detailing certain issues regarding telecommunications.

Summary of Substitute Bill:

As part of the OPDP's annual privacy review of state agencies, the OPDP must send all state agencies a survey regarding their collection, use, and sharing of data, and their use of security measures to secure data against unauthorized access or disclosure.

State agencies are required to complete the survey within a reasonable time. Agencies may request assistance from the OPDP in completing the survey.

Appropriation: None.

Fiscal Note: Available.

Effective Date: The bill takes effect 90 days after adjournment of the session in which the bill is passed.

Staff Summary of Public Testimony:

(In support) None.

(Opposed) None.

Persons Testifying: None.

Persons Signed In To Testify But Not Testifying: None.