WeVote

Bill

Bill

SB 1363

Consumer Protection - As introduced, requires the office of the attorney general and reporter to submit to the chair of the house committee having jurisdiction over consumer protection and the chair of the commerce and labor committee of the senate a report on the number of investigations into violations of the Tennessee Consumer Protection Act of 1977 in which artificial intelligence was used to effectuate an unfair or deceptive act or practice affecting the conduct of any trade or commerce between January 1, 2024, and December 31, 2025; requires the report to be submitted no later than July 1, 2026; allows the report to be submitted electronically. - Amends TCA Title 4; Title 5; Title 6; Title 7; Title 12; Title 39; Title 45; Title 47; Title 48; Title 50; Title 55; Title 61; Title 62; Title 65; Title 66; Title 67 and Title 68.

114th Regular Session (2025-2026) Introduced by Bo Watson

Requires annual cybersecurity training for all state officers and employees, covering threats, credentials, data handling, and reporting completion to ethics authorities.

Passed on Second Consideration, refer to Senate Commerce and Labor Committee
0
WeVote Research Nonpartisan
Bill Summary · SB 1363

SB 1363 — Cybersecurity Training (summary)

Note: The materials provided for “SB 1363” include text from more than one jurisdiction and several different bills that share the same number (Hawaii, Arizona, and Illinois). The cybersecurity training language described below corresponds to the Illinois draft of SB 1363 (introduced by Sen. Sally J. Turner). This summary focuses on that cybersecurity-training proposal; where relevant, procedural notes about mixed texts are flagged at the end.

Purpose

Require routine cybersecurity training for public officers, members, and employees and establish oversight and reporting to improve the cybersecurity posture of state government personnel who handle government systems and data.

Key provisions

  • Annual training requirement
    • Each officer, member, and employee must complete a cybersecurity training program at least once per year.
    • Individuals filling a vacancy in an elective or appointed position that requires training must complete the initial training within a short, specified period after assuming duties (text references an initial/commencement requirement).
  • Minimum training content (program must include at least the following topics):
    • Types of cybersecurity threats (e.g., malware), phishing, and social engineering;
    • Password best practices and multi-factor authentication (MFA);
    • Data handling rules, privacy protections, and secure file sharing practices;
    • Recognition and avoidance of suspicious links, attachments, and unsafe websites;
    • Proper care and reporting of lost or stolen government devices.
  • Oversight and administration
    • Cybersecurity training programs are to be overseen by the applicable Ethics Commission and the Inspector General (as appointed under the governing Act).
    • Proof of completion must be submitted to the applicable ethics officer.
  • Reporting by agencies / jurisdictional authorities
    • Each “ultimate jurisdictional authority” (e.g., agency head) must submit to the applicable Ethics Commission, at least annually (or more frequently if required), a report that:
    • Summarizes the cybersecurity training provided the prior year;
    • Lays out the plan for the coming year’s training; and
    • Includes the names of individuals who failed to complete the required training.
    • The draft also contains language that an Ethics Commission shall not post these reports on its website.

Who is affected

  • All state officers, appointed and elected members, and state employees covered by the State Officials and Employees Ethics Act.
  • Agency leadership (ultimate jurisdictional authorities) — responsible for implementing training and filing required reports.
  • Ethics Commissions and Inspectors General — responsible for oversight of training programs.

Potential impacts

  • Security benefits: expected to raise baseline cybersecurity awareness and reduce risk from phishing, credential compromise, and device loss.
  • Administrative costs: agencies will incur training costs (content/licensing/delivery), recordkeeping, and reporting burdens.
  • Oversight workload: Ethics Commissions and Inspectors General will have new supervisory responsibilities.
  • Personnel consequences: naming of non‑completers in reports could raise privacy or employment-policy issues; the bill does not specify discipline in the excerpt provided.

Status & procedural notes

  • The cybersecurity language corresponds to an Illinois bill (SB 1363) introduced in late January 2025 (Sen. Sally J. Turner). The legislative package in the materials contains mixed action dates across jurisdictions. Confirm the target jurisdiction and current committee or chamber status with the authoritative legislative website for that state (e.g., Illinois General Assembly) for up‑to‑date procedural status.

Additional note

Other, unrelated language (Hawaii emergency appropriations; Arizona parents’ rights private‑action statute) appears in the provided document. Those are separate measures and are not part of the cybersecurity training proposal summarized above. If you want a summary of those other texts, I can prepare them separately.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.