WHEREAS, identity theft is one of the fastest growing crimes committed throughout the United States, including Hawaii; and

WHEREAS, the privacy and financial security of individuals are increasingly at risk due to the widespread collection of personal information; and

WHEREAS, criminals who steal personal information, such as social security numbers, use the information to open credit card accounts, write bad checks, buy cars, and commit other financial crimes with another individual's identity; and

WHEREAS, credit card transactions, real estate records, automobile and other registrations, and numerous government-related transactions often contain sources of personal information and form the source material for identity thieves; and

WHEREAS, personal information can be protected with a statewide government information security protection program that is commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of either the information collected or maintained by or on behalf of each state department, or the information systems used or operated by each state department; now, therefore,

BE IT RESOLVED by the Senate of the Twenty-third Legislature of the State of Hawaii, Regular Session of 2006, that the Department of Accounting and General Services is requested to report on the status of the establishment of a cyber security office to address information security programs, including the development of policies and procedures for executive departments to implement; and

BE IT FURTHER RESOLVED that the development of these departmental policies and procedures shall include the consideration of open document standards as a cost-effective means to reduce information security risks to acceptable levels, and these policies and procedures shall ensure that information security is addressed throughout the life cycle of each department's information system; and

BE IT FURTHER RESOLVED that the department shall also consult with the Department of Education, the University of Hawaii, the Judiciary, and the Legislature to ensure that the policies and procedures of the departmental cyber security office integrate with any comparable information security policies and procedures developed or under consideration by these agencies; and

BE IT FURTHER RESOLVED that the above-mentioned agencies shall further include as part of the department's report, an update of their information security policies and procedures; and

BE IT FURTHER RESOLVED that the department shall submit its report to the Legislature no later than twenty days prior to the convening of the Regular Session of 2007; and

BE IT FURTHER RESOLVED that certified copies of this Resolution be transmitted to the Comptroller, the Superintendent of Education, the President of the University of Hawaii, the Administrative Director of the Courts, the Clerk of the Senate, and the Clerk of the House of Representatives.

Report Title:

Cyber Security Office; Information Security Programs