WeVote

Bill

Bill

S 3313

Relates to school district reorganizations and real property tax rates

2025 Regular Session Introduced by Tony Palumbo

Requires NJ municipalities, counties, and school districts to report cyber incidents, fund independent security audits, and mandate employee training with state reimbursements.

REFERRED TO EDUCATION
0
WeVote Research Nonpartisan
Bill Summary · S 3313

Summary — S 3313 (Senate Committee Substitute)

Status: Referred to Education. Introduced June 3, 2024. Reported as a committee substitute (1/30/25). Primary sponsor: Sen. Anthony H. Palumbo.

Purpose

Require standardized reporting, independent audits, employee cybersecurity training, and cost-reimbursement procedures for municipalities, counties, and school districts after cybersecurity incidents; expand and implement certain provisions in P.L.2023, c.19.

Key provisions

  • Incident reporting

    • Public agencies and government contractors must report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness (OHSP)/NJ Cybersecurity & Communications Integration Cell. (The bill builds on existing reporting requirements in P.L.2023, c.19.)
    • The Attorney General, in consultation with NJCCIC, must develop an online incident reporting form and a cybersecurity awareness training program for designated local employees.
  • Independent audits

    • If a municipality, county, or school district is impacted by a cybersecurity incident, within 30 days of receiving the incident notification OHSP must contract with an independent cybersecurity firm to audit that entity’s cybersecurity program and its incident response actions.
    • Audits are paid for by OHSP and must be provided to the affected entity on completion. Audits must identify threats, vulnerabilities, program weaknesses, and recommended remediation strategies.
    • Affected entities must submit the audit and any corrective action plans back to OHSP.
  • Training and compliance

    • Within six months after an audit (and no more than once per calendar year), all municipal, county, and school district officers and employees must complete the OHSP-developed cybersecurity awareness training and verify completion.
    • Governing bodies must perform periodic checks/audits to ensure compliance with training requirements.
  • Reimbursement and confidentiality

    • Municipalities, counties, and school districts may apply to OHSP/department for reimbursement of costs incurred under the bill; the department will reimburse valid costs.
    • Information collected under the bill (incident reports, audits, corrective plans, training records) is exempt from disclosure under the Open Public Records Act (OPRA) and generally protected from discovery/subpoena.

Who is affected

  • Directly: all New Jersey municipalities, counties, and school districts (employees, governing bodies).
  • Administratively: NJ Office of Homeland Security & Preparedness / NJCCIC, Attorney General’s Office, independent cybersecurity contractors.
  • Indirectly: government contractors and private entities that report incidents or whose systems interact with public entities.

Fiscal and operational impact

  • State costs: Office of Legislative Services estimates an annual State expenditure increase of about $4.25 million to $9.25 million. The Executive’s informal estimate is $6.25 million/year.
    • Main drivers: third-party audits (OLS assumes 100–150 incidents/year at $40,000–$60,000 per audit → $4.0M–$9.0M) and ~two additional OHSP staff (~$250,000/year).
    • Cybersecurity awareness training content estimated at roughly $4 per employee/year.
  • Local impacts: Indeterminate. Local entities may incur coordination costs when audited but may recover eligible costs via State reimbursement (revenue gain).

Effective date and procedure

  • The bill takes effect immediately upon enactment.
  • Legislative actions to date include referral to multiple Senate committees (Community & Urban Affairs; Budget & Appropriations; Education) and reporting of a committee substitute (1/30/25).

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.