Int 0626-2015
Personal information security.
This bill would require each city agency that collects personal information to develop, implement and maintain a comprehensive security program to protect that information. As part of the comprehensive security program agencies would need to develop safeguards for protecting personal information, including ongoing employee training, restrictions on physical access to information, disciplinary measures for violation of security program rules, regular monitoring of the security program operations, and periodic review of the security program components. If the security program is electronic, the program would be required to include secure authentication protocols, unique identifier technologies, control of data security passwords, firewall security protection, and encryption of all transmitted personal information on public or wireless networks, portable media, or shared with third-party service providers.
D