One of my responsibilities as the ranking member of the House Technology and Economic Development Committee (TED) is to learn about and take action on matters relating to cybersecurity and privacy. This week, we heard testimony I thought was incredibly important for you to know, which is why I'm sending you this update. I hope you'll take the time to review the materials I've linked to below and become more informed on these critical issues.
On an almost daily basis, we hear a story on the news about a data breach and/or hack that has compromised the private information of American citizens. That's one reason why I worked with the governor's office last session to author House Bill 2875, which created the Office of Privacy and Data Protection in Washington state. The office, which opened in the summer of 2016, is responsible for seeking ways to limit data collection by state agencies, tracking the sale of private information to third parties, and monitoring citizen complaints regarding the collection and use of personal information.
This week, the House TED Committee heard several important briefings on cybersecurity and data protection that provided exceptional insights. On Wednesday, the Chief Privacy Officer for the state, Alex Alben, delivered a presentation on biometrics and how biometric authentication techniques (facial recognition, retina scans, fingerprints, etc.) are being used in our state and around the country. You can watch his testimony by clicking on the image below.
Currently, just two states have laws on the books regulating biometric privacy – Texas and Illinois. We would like to be the third state in the union to have such laws, but it is vital we do the legwork first in order to get the policy right. There are a lot of essential uses for biometrics, but as with all methods of data collection, the potential for abuses exist. I am currently working with Rep. Zack Hudgins, D-Tukwila, and other colleagues on a number of cybersecurity bills that we'll be rolling out in the coming weeks.
Earlier in the week, Senior Assistant Attorney General Shannon Smith appeared before the committee to discuss the AG's 2016 Data Breach Report. The report found, among other things:
- The average cost of a data breach to a business is $221 per compromised record.
- Data breaches cost Washington businesses $100 million in the past year.
- Data breaches reported to the AG compromised the personal information of over 450,000 Washington residents the past year.
Following Ms. Smith's report, Washington State Chief Information Officer Michael Cockrill delivered a presentation on cybersecurity and the state's role in protecting citizens and infrastructure from cyber attacks. His primary message was that while states have historically not had a significant role to play in national security matters, that is now changing. Because 85 percent of the nation's critical infrastructure is owned by private industry and regulated at the state level, states have a role to play in protecting this critical infrastructure as our enemies try to attack our water and power supplies.
There are a lot of important issues we'll be tackling this session, including education funding, cybersecurity, regulatory fairness, and more. I will be sending you regular email updates throughout the 105-day session to keep you informed as to what I'm working on and the latest happenings in the Legislature. Please don't hesitate to call or email me with comments, questions or concerns. I can't do my job as effectively without your input, which is why my door is always open. I look forward to hearing from you.