Rep. Lamont J. Robinson, Jr.
Filed: 2/15/2022
 
 

 

 

 
10200HB5165ham001LRB102 22762 RJF 36083 a



1
AMENDMENT TO HOUSE BILL 5165




2    AMENDMENT NO. ______. Amend House Bill 5165 by replacing 
3everything after the enacting clause with the following:

 
 
4    "Section 5. The Freedom of Information Act is amended  by 
5changing Section 7 as follows:
 
6    (5 ILCS 140/7)  (from Ch. 116, par. 207)
7    Sec. 7. Exemptions.

8    (1) When a request is made to inspect or copy a public 
9record that contains information that is exempt from 
10disclosure under this Section, but also contains information 
11that is not exempt from disclosure, the public body may elect 
12to redact the information that is exempt. The public body 
13shall make the remaining information available for inspection 
14and copying. Subject to this requirement, the following shall 
15be exempt from inspection and copying:


16        (a) Information specifically prohibited from 
 
 
10200HB5165ham001- 2 -LRB102 22762 RJF 36083 a

1    disclosure by federal or
State law or rules and 
2    regulations implementing federal or State law.


3        (b) Private information, unless disclosure is required 
4    by another provision of this Act, a State or federal law, 
5    or a court order. 
6        (b-5) Files, documents, and other data or databases 
7    maintained by one or more law enforcement agencies and 
8    specifically designed to provide information to one or 
9    more law enforcement agencies regarding the physical or 
10    mental status of one or more individual subjects. 
11        (c) Personal information contained within public 
12    records, the disclosure of which would constitute a 
13    clearly
unwarranted invasion of personal privacy, unless 
14    the disclosure is
consented to in writing by the 
15    individual subjects of the information.  "Unwarranted 
16    invasion of personal privacy" means the disclosure of 
17    information that is highly personal or objectionable to a 
18    reasonable person and in which the subject's right to 
19    privacy outweighs any legitimate public interest in 
20    obtaining the information. The
disclosure of information 
21    that bears on the public duties of public
employees and 
22    officials shall not be considered an invasion of personal

23    privacy.








24        (d) Records in the possession of any public body 
25    created in the course of administrative enforcement

26    proceedings, and any law enforcement or correctional 
 
 
10200HB5165ham001- 3 -LRB102 22762 RJF 36083 a

1    agency for
law enforcement purposes,
but only to the 
2    extent that disclosure would:


3            (i) interfere with pending or actually and 
4        reasonably contemplated
law enforcement proceedings 
5        conducted by any law enforcement or correctional

6        agency that is the recipient of the request;


7            (ii) interfere with active administrative 
8        enforcement proceedings
conducted by the public body 
9        that is the recipient of the request;


10            (iii) create a substantial likelihood that a 
11        person will be deprived of a fair trial or an impartial 
12        hearing;


13            (iv) unavoidably disclose the identity of a 
14        confidential source, confidential information 
15        furnished only by the confidential source, or persons 
16        who file complaints with or provide information to 
17        administrative, investigative, law enforcement, or 
18        penal agencies; except that the identities of 
19        witnesses to traffic accidents, traffic accident 
20        reports, and rescue reports shall be provided by 
21        agencies of local government, except when disclosure 
22        would interfere with an active criminal investigation 
23        conducted by the agency that is the recipient of the 
24        request;


25            (v) disclose unique or specialized investigative 
26        techniques other than
those generally used and known 
 
 
10200HB5165ham001- 4 -LRB102 22762 RJF 36083 a

1        or disclose internal documents of
correctional 
2        agencies related to detection, observation or 
3        investigation of
incidents of crime or misconduct, and 
4        disclosure would result in demonstrable harm to the 
5        agency or public body that is the recipient of the 
6        request;



7            (vi) endanger the life or physical safety of law 
8        enforcement personnel
or any other person; or


9            (vii) obstruct an ongoing criminal investigation 
10        by the agency that is the recipient of the request.









11        (d-5) A law enforcement record created for law 
12    enforcement purposes  and contained in a shared electronic 
13    record management system if the law enforcement agency 
14    that is the recipient of the request did not create the 
15    record, did not participate in or have a role in any of the 
16    events which are the subject of the record, and only has 
17    access to the record through the shared electronic record 
18    management system. 
19        (d-6) Records contained in the Officer Professional 
20    Conduct Database under Section 9.2 of the Illinois Police 
21    Training Act, except to the extent authorized under that 
22    Section.  This includes the documents supplied to the 
23    Illinois Law Enforcement Training Standards Board from the 
24    Illinois State Police and Illinois State Police Merit 
25    Board. 
26        (e) Records that relate to or affect the security of 
 
 
10200HB5165ham001- 5 -LRB102 22762 RJF 36083 a

1    correctional
institutions and detention facilities.


2        (e-5) Records requested by persons committed to the 
3    Department of Corrections, Department of Human Services 
4    Division of Mental Health, or a county jail if those 
5    materials are available in the library of the correctional 
6    institution or facility or jail where the inmate is 
7    confined. 
8        (e-6) Records requested by persons committed to the 
9    Department of Corrections, Department of Human Services 
10    Division of Mental Health, or a county jail if those 
11    materials include records from staff members' personnel 
12    files, staff rosters, or other staffing assignment 
13    information. 
14        (e-7) Records requested by persons committed to the 
15    Department of Corrections or Department of Human Services 
16    Division of Mental Health if those materials are available 
17    through an administrative request to the Department of 
18    Corrections or Department of Human Services Division of 
19    Mental Health. 
20        (e-8)    Records requested by a person committed to the 
21    Department of Corrections, Department of Human Services 
22    Division of Mental Health, or a county jail, the 
23    disclosure of which would result in the risk of harm to any 
24    person or the risk of an escape from a jail or correctional 
25    institution or facility.
26        (e-9)    Records requested by a person in a county jail 
 
 
10200HB5165ham001- 6 -LRB102 22762 RJF 36083 a

1    or committed to the Department of Corrections or 
2    Department of Human Services Division of Mental Health, 
3    containing personal information pertaining to the person's 
4    victim or the victim's family, including, but not limited 
5    to, a victim's home address, home telephone number, work 
6    or school address, work telephone number, social security 
7    number, or any other identifying information, except as 
8    may be relevant to a requester's current or potential case 
9    or claim. 
10        (e-10)    Law enforcement records of other persons 
11    requested by a person committed to the Department of 
12    Corrections, Department of Human Services Division of 
13    Mental Health, or a county jail, including, but not 
14    limited to, arrest and booking records, mug shots, and 
15    crime scene photographs, except as these records may be 
16    relevant to the requester's current or potential case or 
17    claim. 
18        (f) Preliminary drafts, notes, recommendations, 
19    memoranda, and other
records in which opinions are 
20    expressed, or policies or actions are
formulated, except 
21    that a specific record or relevant portion of a
record 
22    shall not be exempt when the record is publicly cited
and 
23    identified by the head of the public body. The exemption 
24    provided in
this paragraph (f) extends to all those 
25    records of officers and agencies
of the General Assembly 
26    that pertain to the preparation of legislative
documents.


 
 
10200HB5165ham001- 7 -LRB102 22762 RJF 36083 a

1        (g) Trade secrets and commercial or financial 
2    information obtained from
a person or business where the 
3    trade secrets or commercial or financial information are 
4    furnished under a claim that they are
proprietary, 
5    privileged, or confidential, and that disclosure of the 
6    trade
secrets or commercial or financial information would 
7    cause competitive harm to the person or business, and only 
8    insofar as the claim directly applies to the records 
9    requested.
10        The information included under this exemption includes 
11    all trade secrets and commercial or financial information 
12    obtained by a public body, including a public pension 
13    fund, from a private equity fund or a privately held 
14    company within the investment portfolio of a private 
15    equity fund as a result of either investing or evaluating 
16    a potential investment of public funds in a private equity 
17    fund. The exemption contained in this item does not apply 
18    to the aggregate financial performance information of a 
19    private equity fund, nor to the identity of the fund's 
20    managers or general partners. The exemption contained in 
21    this item does not apply to the identity of a privately 
22    held company within the investment portfolio of a private 
23    equity fund, unless the disclosure of the identity of a 
24    privately held company may cause competitive harm.
25        Nothing contained in this
paragraph (g) shall be 
26    construed to prevent a person or business from
consenting 
 
 
10200HB5165ham001- 8 -LRB102 22762 RJF 36083 a

1    to disclosure.


2        (h) Proposals and bids for any contract, grant, or 
3    agreement, including
information which if it were 
4    disclosed would frustrate procurement or give
an advantage 
5    to any person proposing to enter into a contractor 
6    agreement
with the body, until an award or final selection 
7    is made.  Information
prepared by or for the body in 
8    preparation of a bid solicitation shall be
exempt until an 
9    award or final selection is made.


10        (i) Valuable formulae,
computer geographic systems,

11    designs, drawings and research data obtained or
produced 
12    by any public body when disclosure could reasonably be 
13    expected to
produce private gain or public loss.
The 
14    exemption for "computer geographic systems" provided in 
15    this paragraph
(i) does not extend to requests made by 
16    news media as defined in Section 2 of
this Act when the 
17    requested information is not otherwise exempt and the only

18    purpose of the request is to access and disseminate 
19    information regarding the
health, safety, welfare, or 
20    legal rights of the general public.


21        (j) The following information pertaining to 
22    educational matters:
23            (i) test questions, scoring keys, and other 
24        examination data used to
administer an academic 
25        examination;


26            (ii) information received by a primary or 
 
 
10200HB5165ham001- 9 -LRB102 22762 RJF 36083 a

1        secondary school, college, or university under its 
2        procedures for the evaluation of faculty members by 
3        their academic peers; 
4            (iii) information concerning a school or 
5        university's adjudication of student disciplinary 
6        cases, but only to the extent that disclosure would 
7        unavoidably reveal the identity of the student; and
8            (iv) course materials or research materials used 
9        by faculty members. 
10        (k) Architects' plans, engineers' technical 
11    submissions, and
other
construction related technical 
12    documents for
projects not constructed or developed in 
13    whole or in part with public funds
and the same for 
14    projects constructed or developed with public funds, 
15    including, but not limited to, power generating and 
16    distribution stations and other transmission and 
17    distribution facilities, water treatment facilities, 
18    airport facilities, sport stadiums, convention centers, 
19    and all government owned, operated, or occupied buildings, 
20    but
only to the extent
that disclosure would compromise 
21    security.



22        (l) Minutes of meetings of public bodies closed to the

23    public as provided in the Open Meetings Act until the 
24    public body
makes the minutes available to the public 
25    under Section 2.06 of the Open
Meetings Act.


26        (m) Communications between a public body and an 
 
 
10200HB5165ham001- 10 -LRB102 22762 RJF 36083 a

1    attorney or auditor
representing the public body that 
2    would not be subject to discovery in
litigation, and 
3    materials prepared or compiled by or for a public body in

4    anticipation of a criminal, civil, or administrative 
5    proceeding upon the
request of an attorney advising the 
6    public body, and materials prepared or
compiled with 
7    respect to internal audits of public bodies.


8        (n) Records relating to a public body's adjudication 
9    of employee grievances or disciplinary cases; however, 
10    this exemption shall not extend to the final outcome of 
11    cases in which discipline is imposed.


12        (o) Administrative or technical information associated 
13    with automated
data processing operations, including, but 
14    not limited to, software,
operating protocols, computer 
15    program abstracts, file layouts, source
listings, object 
16    modules, load modules, user guides, documentation

17    pertaining to all logical and physical design of 
18    computerized systems,
employee manuals, and any other 
19    information that, if disclosed, would
jeopardize the 
20    security of the system or its data or the security of

21    materials exempt under this Section.


22        (p) Records relating to collective negotiating matters

23    between public bodies and their employees or 
24    representatives, except that
any final contract or 
25    agreement shall be subject to inspection and copying.


26        (q) Test questions, scoring keys, and other 
 
 
10200HB5165ham001- 11 -LRB102 22762 RJF 36083 a

1    examination data used to determine the qualifications of 
2    an applicant for a license or employment.


3        (r) The records, documents, and information relating 
4    to real estate
purchase negotiations until those 
5    negotiations have been completed or
otherwise terminated. 
6    With regard to a parcel involved in a pending or
actually 
7    and reasonably contemplated eminent domain proceeding 
8    under the Eminent Domain Act, records, documents, and

9    information relating to that parcel shall be exempt except 
10    as may be
allowed under discovery rules adopted by the 
11    Illinois Supreme Court.  The
records, documents, and 
12    information relating to a real estate sale shall be
exempt 
13    until a sale is consummated.


14        (s) Any and all proprietary information and records 
15    related to the
operation of an intergovernmental risk 
16    management association or
self-insurance pool or jointly 
17    self-administered health and accident
cooperative or pool.

18    Insurance or self insurance (including any 
19    intergovernmental risk management association or self 
20    insurance pool) claims, loss or risk management 
21    information, records, data, advice or communications. 




22        (t) Information contained in or related to 
23    examination, operating, or
condition reports prepared by, 
24    on behalf of, or for the use of a public
body responsible 
25    for the regulation or supervision of financial

26    institutions, insurance companies, or pharmacy benefit 
 
 
10200HB5165ham001- 12 -LRB102 22762 RJF 36083 a

1    managers, unless disclosure is otherwise
required by State 
2    law.












3        (u) Information that would disclose
or might lead to 
4    the disclosure of
secret or confidential information, 
5    codes, algorithms, programs, or private
keys intended to 
6    be used to create electronic signatures under the Uniform 
7    Electronic Transactions Act.




8        (v) Vulnerability assessments, security measures, and 
9    response policies
or plans that are designed to identify, 
10    prevent, or respond to potential
attacks upon a 
11    community's population or systems, facilities, or 
12    installations,
the destruction or contamination of which 
13    would constitute a clear and present
danger to the health 
14    or safety of the community, but only to the extent that

15    disclosure could reasonably be expected to expose the 
16    vulnerability or jeopardize the effectiveness of the

17    measures, policies, or plans, or the safety of the 
18    personnel who implement them or the public.
Information 
19    exempt under this item may include such things as details

20    pertaining to the mobilization or deployment of personnel 
21    or equipment, to the
operation of communication systems or 
22    protocols, to cybersecurity vulnerabilities, or to 
23    tactical operations.


24        (w) (Blank). 
25        (x) Maps and other records regarding the location or 
26    security of generation, transmission, distribution, 
 
 
10200HB5165ham001- 13 -LRB102 22762 RJF 36083 a

1    storage, gathering,
treatment, or switching facilities 
2    owned by a utility, by a power generator, or by the 
3    Illinois Power Agency.




4        (y) Information contained in or related to proposals, 
5    bids, or negotiations  related to electric power 
6    procurement under Section 1-75 of the Illinois Power 
7    Agency Act and Section 16-111.5 of the Public Utilities 
8    Act that is determined to be confidential and proprietary 
9    by the Illinois Power Agency or by the Illinois Commerce 
10    Commission.

11        (z) Information about students exempted from 
12    disclosure under Sections 10-20.38 or 34-18.29 of the 
13    School Code, and information about undergraduate students 
14    enrolled at an institution of higher education exempted 
15    from disclosure under Section 25 of the Illinois Credit 
16    Card Marketing Act of 2009. 
17        (aa) Information the disclosure of which is
exempted 
18    under the Viatical Settlements Act of 2009.

19        (bb) Records and information provided to a mortality 
20    review team and records maintained by a mortality review 
21    team appointed under the Department of Juvenile Justice 
22    Mortality Review Team Act. 
23        (cc) Information regarding interments, entombments, or 
24    inurnments of human remains that are submitted to the 
25    Cemetery Oversight Database under the Cemetery Care Act or 
26    the Cemetery Oversight Act, whichever is applicable.
 
 
10200HB5165ham001- 14 -LRB102 22762 RJF 36083 a

1        (dd) Correspondence and records (i) that may not be 
2    disclosed under Section 11-9 of the Illinois Public Aid 
3    Code or (ii) that pertain to appeals under Section 11-8 of 
4    the Illinois Public Aid Code. 
5        (ee) The names, addresses, or other personal 
6    information of persons who are minors and are also 
7    participants and registrants in programs of park 
8    districts, forest preserve districts, conservation 
9    districts, recreation agencies, and special recreation 
10    associations.
11        (ff) The names, addresses, or other personal 
12    information of participants and registrants in programs of 
13    park districts, forest preserve districts, conservation 
14    districts, recreation agencies, and special recreation 
15    associations where such programs are targeted primarily to 
16    minors.
17        (gg)  Confidential information described in Section 
18    1-100 of the Illinois Independent Tax Tribunal Act of 
19    2012. 
20        (hh)  The report submitted to the State Board of 
21    Education by the School Security and Standards Task Force 
22    under item (8) of subsection (d) of Section 2-3.160 of the 
23    School Code and any information contained in that report. 
24        (ii) Records requested by persons committed to or 
25    detained by the Department of Human Services under the 
26    Sexually Violent Persons Commitment Act or committed to 
 
 
10200HB5165ham001- 15 -LRB102 22762 RJF 36083 a

1    the Department of Corrections under the Sexually Dangerous 
2    Persons Act if those materials: (i) are available in the 
3    library of the facility where the individual is confined; 
4    (ii) include records from staff members' personnel files, 
5    staff rosters, or other staffing assignment information; 
6    or (iii) are available through an administrative request 
7    to the Department of Human Services or the Department of 
8    Corrections.
9        (jj) Confidential information described in Section 
10    5-535 of the Civil Administrative Code of Illinois. 
11        (kk) The public body's credit card numbers, debit card 
12    numbers, bank account numbers, Federal Employer 
13    Identification Number, security code numbers, passwords, 
14    and similar account information, the disclosure of which 
15    could result in identity theft or impression or defrauding 
16    of a governmental entity or a person. 
17        (ll)   Records concerning the work of the threat 
18    assessment team of a school district.
19    (1.5) Any information exempt from disclosure under the 
20Judicial Privacy Act shall be redacted from public records 
21prior to disclosure under this Act. 
22    (2) A public record that is not in the possession of a 
23public body but is in the possession of a party with whom the 
24agency has contracted to perform a governmental function on 
25behalf of the public body, and that directly relates to the 
26governmental function and is not otherwise exempt under this 
 
 
10200HB5165ham001- 16 -LRB102 22762 RJF 36083 a

1Act, shall be considered a public record of the public body, 
2for purposes of this Act. 
3    (3) This Section does not authorize withholding of 
4information or limit the
availability of records to the 
5public, except as stated in this Section or
otherwise provided 
6in this Act.


7(Source: P.A. 101-434, eff. 1-1-20; 101-452, eff. 1-1-20; 
8101-455, eff. 8-23-19; 101-652, eff. 1-1-22; 102-38, eff. 
96-25-21; 102-558, eff. 8-20-21; 102-694, eff. 1-7-22; revised 
102-3-22.)
 
11    Section 10. The Department of Innovation and Technology 
12Act is amended  by adding Section 1-75 as follows:
 
13    (20 ILCS 1370/1-75 new)
14    Sec. 1-75. Local government cybersecurity designee. The 
15principal executive officer, or his or her designee, of each 
16municipality with a population of 35,000 or greater and of 
17each county shall designate a local official or employee as 
18the primary point of contact for local cybersecurity issues. 
19Each jurisdiction must provide the name and contact 
20information of the cybersecurity designee to the Department 
21and update the information as necessary.
 
22    Section 15. The Illinois Information Security Improvement 
23Act is amended  by changing Section 5-25 and  by adding Section 
 
 
10200HB5165ham001- 17 -LRB102 22762 RJF 36083 a

15-30 as follows:
 
2    (20 ILCS 1375/5-25)

3    Sec. 5-25. Responsibilities. 
4    (a) The Secretary shall:
5        (1) appoint a Statewide Chief Information Security 
6    Officer pursuant to Section 5-20;
7        (2) provide the Office with the staffing and resources 
8    deemed necessary by the Secretary to fulfill the 
9    responsibilities of the Office;
10        (3) oversee statewide information security policies 
11    and practices, including:

12            (A) directing and overseeing the development, 
13        implementation, and communication of statewide 
14        information security policies, standards, and 
15        guidelines;
16            (B) overseeing the education of State agency 
17        personnel regarding the requirement to identify and 
18        provide information security protections commensurate 
19        with the risk and magnitude of the harm resulting from 
20        the unauthorized access, use, disclosure, disruption, 
21        modification, or destruction of information in a 
22        critical information system;
23            (C) overseeing the development and implementation 
24        of a statewide information security risk management 
25        program;
 
 
10200HB5165ham001- 18 -LRB102 22762 RJF 36083 a

1            (D) overseeing State agency compliance with the 
2        requirements of this Section;
3            (E) coordinating Information Security policies and 
4        practices with related information and personnel 
5        resources management policies and procedures; and
6            (F) providing an effective and efficient process 
7        to assist State agencies with complying with the 
8        requirements of this Act; and .
9        (4) subject to appropriation, establish a 
10    cybersecurity liaison program to advise and assist units 
11    of local government in identifying cyber threats, 
12    performing risk assessments, sharing best practices, and 
13    responding to cyber incidents. 
14    (b) The Statewide Chief Information Security Officer 
15shall:
16        (1) serve as the head of the Office and ensure the 
17    execution of the responsibilities of the Office as set 
18    forth in subsection (c) of Section 5-15, the Statewide 
19    Chief Information Security Officer shall also oversee 
20    State agency personnel with significant responsibilities 
21    for information security and ensure a competent workforce 
22    that keeps pace with the changing information security 
23    environment;
24        (2) develop and recommend information security 
25    policies, standards, procedures, and guidelines to the 
26    Secretary for statewide adoption and monitor compliance 
 
 
10200HB5165ham001- 19 -LRB102 22762 RJF 36083 a

1    with these policies, standards, guidelines, and procedures 
2    through periodic testing;
3        (3) develop and maintain risk-based, cost-effective 
4    information security programs and control techniques to 
5    address all applicable security and compliance 
6    requirements throughout the life cycle of State agency 
7    information systems;
8        (4) establish the procedures, processes, and 
9    technologies to rapidly and effectively identify threats, 
10    risks, and vulnerabilities to State information systems, 
11    and ensure the prioritization of the remediation of 
12    vulnerabilities that pose risk to the State;
13        (5) develop and implement capabilities and procedures 
14    for detecting, reporting, and responding to information 
15    security incidents;
16        (6) establish and direct a statewide information 
17    security risk management program to identify information 
18    security risks in State agencies and deploy risk 
19    mitigation strategies, processes, and procedures;
20        (7) establish the State's capability to sufficiently 
21    protect the security of data through effective information 
22    system security planning, secure system development, 
23    acquisition, and deployment, the application of protective 
24    technologies and information system certification, 
25    accreditation, and assessments;
26        (8) ensure that State agency personnel, including 
 
 
10200HB5165ham001- 20 -LRB102 22762 RJF 36083 a

1    contractors, are appropriately screened and receive 
2    information security awareness training;
3        (9) convene meetings with agency heads and other State 
4    officials to help ensure:
5            (A) the ongoing communication of risk and risk 
6        reduction strategies,
7            (B) effective implementation of information 
8        security policies and practices, and
9            (C) the incorporation of and compliance with 
10        information security policies, standards, and 
11        guidelines into the policies and procedures of the 
12        agencies;
13        (10) provide operational and technical assistance to 
14    State agencies in implementing policies, principles, 
15    standards, and guidelines on information security, 
16    including implementation of standards promulgated under 
17    subparagraph (A) of paragraph (3) of subsection (a) of 
18    this Section, and provide assistance and effective and 
19    efficient means for State agencies to comply with the 
20    State agency requirements under this Act;
21        (11) in coordination and consultation with the 
22    Secretary and the Governor's Office of Management and 
23    Budget, review State agency budget requests related to 
24    Information Security systems and provide recommendations 
25    to the Governor's Office of Management and Budget;
26        (12) ensure the preparation and maintenance of plans 
 
 
10200HB5165ham001- 21 -LRB102 22762 RJF 36083 a

1    and procedures to provide cyber resilience and continuity 
2    of operations for critical information systems that 
3    support the operations of the State; and
4        (13) take such other actions as the Secretary may 
5    direct.

6(Source: P.A. 100-611, eff. 7-20-18; 101-81, eff. 7-12-19.)
 
7    (20 ILCS 1375/5-30 new)
8    Sec. 5-30. Local government employee cybersecurity 
9training. Every employee of a county or municipality shall 
10annually complete a cybersecurity training program.  The 
11training shall include, but need not be limited to, detecting 
12phishing scams, preventing spyware infections and identity 
13theft, and preventing and responding to data breaches. The 
14Department shall make available to each county and 
15municipality a training program for employees that complies 
16with the content requirements of this Section. A county or 
17municipality may create its own cybersecurity training 
18program.
 
19    Section 20. The Illinois Procurement Code is amended  by 
20adding Section 25-90 as follows:
 
21    (30 ILCS 500/25-90 new)
22    Sec. 25-90. Cybersecurity prohibited products. State 
23agencies are prohibited from purchasing any products that, due 
 
 
10200HB5165ham001- 22 -LRB102 22762 RJF 36083 a

1to cybersecurity risks, are prohibited for purchase by federal 
2agencies pursuant to a United States Department of Homeland 
3Security Binding Operational Directive.".