SACRAMENTO, CA – Governor Gavin Newsom has signed two bills, AB 1043 and AB 1044, improving political campaigns' ability to bolster their cybersecurity defenses and better safeguard California voter data. AB 1043 expressly permits political campaign expenditures on cybersecurity technology and services. AB 1044 authorizes the Secretary of State’s office to require entities applying for voter registration data to demonstrate that they have completed a specified course on data security. The new laws were authored by Assemblymember Jacqui Irwin (D-Thousand Oaks) and sponsored by California Secretary of State Alex Padilla.
“Cyberattacks typically occur without warning and the compromised party may not know a breach occurred until the information is leaked or sold,” stated Assemblymember Jacqui Irwin. “AB 1043 and AB 1044 will safeguard voter data by ensuring that political campaigns have the tools necessary to stay ahead of constantly evolving threats. I applaud Secretary of State Padilla for leading the charge to preserve data integrity by sponsoring these bills.”
"Elections administrators cannot be alone in the fight against malicious actors who seek to undermine our elections. As political campaigns and organizations are increasingly targets of cyber threats, they too have a role and responsibility in defending our democracy. These new laws will help candidates and campaigns be equipped to secure their electronic devices and prevent cyber attacks. Requiring the recipients of voter registration data to complete basic cybersecurity lessons will help safeguard the personal information of millions of Californians. I thank the legislature and Governor Newsom for recognizing the urgency of improving the security of our elections."
AB 1043 - Use of Campaign Funds for Cybersecurity
Political parties, candidates and campaigns have increasingly become the targets of cyber threats. In 2016, attacks targeting the DNC and Clinton campaign led to breaches of internal campaign documents and communications. In 2018, three California candidates for US House of Representatives faced cyberattacks. The Federal Elections Commission (FEC) issued an advisory opinion in December 2018 clarifying that Federal office holders may use campaign funds to bolster cybersecurity protection for personal devices and accounts.
AB 1043 clarifies state law to ensure that state candidates and elected office holders can make campaign expenditures on cybersecurity.
AB 1044 – Requiring Cybersecurity Courses to Access Voter Data
Under state law, limited voter data is made available for specific restricted use by campaigns, journalists, and academic researchers. Currently, those applying for voter data must only provide documentation of their organizational affiliation, description of their planned activities using the voter data, and a plan to securely store this data.
AB 1044 allows the Secretary of State’s office to require those applying for voter data to complete a course on data security. Any course has to be offered at no cost to those applying for voter data. In addition, the measure will require counties to provide the contact information of county elections officials to the Secretary of State’s office.