everything you want to know (and don't) about arkansas politics

Republican Sponsorship
Technology

HB1704

To Prohibit Public Entities From Paying A Ransom For A Cyberattack; And To Require Public Entities To Create A Policy To Prohibit Payment Of A Ransom For A Cyberattack.

Failed

Last Action (May 1, 2023): Died in House Committee at Sine Die Adjournment

Sponsors

AI-Generated Summary

House Bill 1704 prohibits all public entities in Arkansas from paying ransoms in the event of a cyberattack. The bill mandates that every public entity, including state departments, school districts, and higher education institutions, must establish a formal policy prohibiting such payments. Legislative findings included in the bill argue that paying ransoms incentivizes future attacks, does not guarantee data recovery, and often involves funding hostile foreign adversaries. The bill defines 'public entity' broadly to encompass nearly all taxpayer-funded state and local government bodies. Compliance requirements are staggered, with the ban taking effect for core state departments on January 1, 2025, and for school districts, charter schools, and higher education institutions on January 1, 2027.

Potential Impact Analysis

Who Might Benefit?

The primary beneficiaries are the taxpayers of Arkansas, as the bill aims to prevent the misuse of public funds to pay criminal organizations or foreign adversaries. Additionally, public entities may benefit in the long term by being forced to prioritize robust data backup and recovery infrastructure, which the legislature argues is a more effective defense against cyberattacks than negotiating with attackers.

Who Might Suffer?

Public entities could be negatively impacted if they lack the internal IT resources to recover critical data without paying a ransom, potentially leading to prolonged service disruptions or permanent data loss. Additionally, third-party entities that rely on the prompt restoration of government services—such as citizens, students, or businesses—could suffer if a public entity is unable to resolve a ransomware situation due to the legal prohibition on payment.

Read Full Bill on arkleg.state.ar.us