(a) In this section, “security–sensitive data” means information that is protected against unwarranted disclosure.
(b) In accordance with guidelines established by the Secretary, each unit of State government shall develop a plan to:
(1) identify unit personnel who handle security–sensitive data; and
(2) establish annual security overview training or refresher security training for each employee who handles security–sensitive data as part of the employee’s duties.