Iowa Administrative Code
Agency 721 - Secretary of State
Division II - Elections
Chapter 29 - Elections Technology Security
Rule 721-29.3 - Cybersecurity Incident or Breach

Universal Citation: IA Admin Code 721-29.3

Current through Register Vol. 47, No. 6, September 18, 2024

(1) A commissioner who identifies or suspects an actual or possible cybersecurity incident or breach shall report the incident within 24 hours to the state commissioner. Upon receiving the report, the state commissioner shall alert the appropriate state or federal law enforcement agencies, including but not limited to the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the OCIO, and the vendor responsible for maintaining the affected technology. The state commissioner may disseminate the information to other federal, state, and local agencies, or their designees, as the state commissioner deems necessary.

(2) Information reported to the state commissioner under this rule shall be exempt from public records requests pursuant to Iowa Code section 22.7(50).

(3) Nothing in this rule prohibits a commissioner from alerting local law enforcement prior to contacting the state commissioner in the event of an incident or breach.

Disclaimer: These regulations may not be the most recent version. Iowa may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.