Assigned to TAT                                                                                                                     FOR COMMITTEE

 


 

 

 


ARIZONA STATE SENATE

Fifty-Fifth Legislature, Second Regular Session

 

REVISED

FACT SHEET FOR h.b. 2690

 

cybersecurity risk; insurance

Purpose

Establishes the Cyber Risk Insurance Fund (Fund) and outlines Fund administration.

Background

The Arizona Department of Administration (ADOA) must obtain insurance or provide for self-insurance against property damage caused by clients and liability coverage resulting from the direct or incidental care of clients participating in programs of Arizona and its departments, agencies, boards or commissions relating to custodial care (A.R.S. § 41-621).

The Risk Management Revolving Fund and the Construction Insurance Fund are established in ADOA for the purchase of insurance, risk management services, including loss prevention services, payment of self-insured losses and administrative costs necessary to carry out risk management services. ADOA must pay for claims processing costs, including adjusting costs, legal defense costs and attorney fees, for any claims falling within state self-insurance coverage (A.R.S. § 41-622).

The Joint Legislative Budget Committee fiscal note estimates that financing ongoing operations of the Fund will result in an annual cost of $1.5 million to the state General Fund beginning in FY 2025 (JLBC fiscal note).

Provisions

1.   Establishes the Fund within ADOA and specifies that monies in the Fund are continuously appropriated for the purposes of the Fund.

2.   Requires ADOA to obtain insurance against loss on the actual or suspected data breaches, security system breaches or security incidents for select agencies, boards and commissions.

3.   Adds losses arising out of actual or suspected data breaches, security system branches or security incidents to the list of events covered by ADOA's self-insurance.

4.   Allows the Director of ADOA to impose a deductible for a loss that arises out of an actual or suspected data breach, security system breach or security incident on state departments, agencies, boards and commissions.

5.   Requires ADOA to include the replenishment of the Fund in the annual budget request.

6.   Requires interest on any judgement against the State of Arizona paid for out of the Fund, regardless of whether the funds are self-insured or funded by excess insurance, to accrue at the average yield offered by the U.S. Treasury bills during the appeal.

7.   Defines breach, security system breach and security incident.

8.   Makes technical and conforming changes.

9.   Becomes effective on the general effective date.

Revisions

· Updates the fiscal impact statement.

House Action

COM               2/15/22      DP     10-0-0-0

3rd Read          2/23/22                 58-1-1

Prepared by Senate Research

March 3, 2022

RA/JM/sr