WeVote

Bill

Bill

SSB 1083

A bill for an act relating to matters under the purview of the department of management, making appropriations, and including applicability provisions.

2025-2026 Regular Session

SF 307 limits vendor liability in IT contracts, ensuring accountability for cybersecurity issues, while protecting confidential communications from public disclosure.

Committee report approving bill, renumbered as SF 307.
0
WeVote Research Nonpartisan
Bill Summary · SSB 1083

Summary of SSB 1083 (Renumbered as SF 307)

Overview

SSB 1083, now renumbered as SF 307, is a proposed legislative bill introduced on February 4, 2025. The bill pertains to various matters under the jurisdiction of the Department of Management, focusing on appropriations and confidentiality in contracts related to information technology.

Purpose and Intent

The primary intent of SSB 1083 is to enhance the management of contracts involving information technology goods and services while ensuring public interest is prioritized. The bill aims to establish clear guidelines regarding vendor liability and confidentiality of communications related to cybersecurity.

Key Provisions

1. Vendor Liability Limitations

  • The bill allows the director of the Department of Management to include limitations on vendor liability in contracts for information technology goods and services.
  • Any contractual limitation that seeks to absolve vendors from liability for:
    • Cybersecurity incidents
    • Intentional torts
    • Fraudulent conduct
    • Gross negligence
    • Death or bodily injury
    • Damage to property
    • Violations of confidentiality obligations
    • Indemnification obligations
  • Such limitations are deemed void if they contradict public policy, particularly if they do not apply equally to all parties or limit liability to less than the contract value.

2. Confidentiality of Communications

  • The bill establishes that communications between the Chief Information Security Officer and other entities regarding security incidents are confidential.
  • These communications, along with any documents generated from them, are exempt from state open records laws and cannot be used in legal proceedings.

Affected Parties

  • State Government: The bill directly impacts the Department of Management and its contracting processes.
  • Vendors: Companies providing information technology goods and services will be subject to new liability limitations.
  • Public Entities: The confidentiality provisions may affect how public entities manage and disclose information related to cybersecurity.

Legislative Timeline

  • February 4, 2025: Introduced and referred to the State Government Committee.
  • February 5, 2025: Subcommittee meeting held to discuss the bill.
  • February 6, 2025: Subcommittee recommends passage of the bill.
  • February 12, 2025: Committee report approving the bill, leading to its renumbering as SF 307.

Conclusion

SSB 1083 (SF 307) seeks to modernize and clarify the contractual landscape for information technology services within the state government, emphasizing the importance of public interest and cybersecurity. The bill's provisions on vendor liability and confidentiality are designed to protect both the state and the public while fostering a secure environment for managing sensitive information.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.