(a) There is in state government, in the Department of Technology, the Office of Information Security. The purpose of the Office of Information Security is to ensure the confidentiality, integrity, and availability of state systems and applications, and to promote and protect privacy as part of the development and operations of state systems and applications to ensure the trust of the residents of this state.
(b) The office shall be under the direction of a chief, who shall be appointed by, and serve at the pleasure of, the Governor. The chief shall report to the Director of Technology, and shall lead the Office of Information Security in carrying out its mission.
(c) The duties of the Office of Information Security, under the direction of the chief, shall be to provide direction for information security and privacy to state government agencies, departments, and offices, pursuant to Section 11549.3.
(d) (1) Unless the context clearly requires otherwise, whenever the term “Office of Information Security and Privacy Protection” appears in any statute, regulation, or contract, it shall be deemed to refer to the Office of Information Security, and whenever the term “executive director of the Office of Information Security and Privacy Protection” appears in statute, regulation, or contract, it shall be deemed to refer to the Chief of the Office of Information Security.
(2) All employees serving in state civil service, other than temporary employees, who are engaged in the performance of functions transferred from the Office of Information Security and Privacy Protection to the Office of Information Security, are transferred to the Office of Information Security. The status, positions, and rights of those persons shall not be affected by their transfer and shall continue to be retained by them pursuant to the State Civil Service Act (Part 2 (commencing with Section 18500) of Division 5), except as to positions the duties of which are vested in a position exempt from civil service. The personnel records of all transferred employees shall be transferred to the Office of Information Security.
(3) The property of any office, agency, or department related to functions transferred to the Office of Information Security is transferred to the Office of Information Security. If any doubt arises as to where that property is transferred, the Department of General Services shall determine where the property is transferred.
(4) All unexpended balances of appropriations and other funds available for use in connection with any function or the administration of any law transferred to the Office of Information Security shall be transferred to the Office of Information Security for the use and for the purpose for which the appropriation was originally made or the funds were originally available. If there is any doubt as to where those balances and funds are transferred, the Department of Finance shall determine where the balances and funds are transferred.
(Amended by Stats. 2013, Ch. 353, Sec. 78. (SB 820) Effective September 26, 2013. Operative July 1, 2013, by Sec. 129 of Ch. 353.)