Subdivision 1.Membership.

The Legislative Commission on Cybersecurity consists of the following eight members:

(1) four senators, including two senators appointed by the senate majority leader and two senators appointed by the senate minority leader; and

(2) four members of the house of representatives, including two members appointed by the speaker of the house and two members appointed by the minority leader of the house.

Subd. 1a.Definition.

(a) For purposes of this section, the following term has the meaning given.

(b) "Security records" means data, documents, recordings, or similar that:

(1) were originally collected, created, received, maintained, or disseminated by a member of the commission during a closed meeting or a closed portion of a meeting; and

(2) are security information as defined by section 13.37, subdivision 1, or otherwise pertain to cybersecurity briefings and reports; issues related to cybersecurity systems; or deficiencies in or recommendations regarding cybersecurity services, infrastructure, and facilities, if disclosure of the records would pose a danger to or compromise cybersecurity infrastructure, facilities, procedures, or responses.

Subd. 2.Terms; vacancies.

Members of the commission serve for a two-year term beginning on appointment and expiring on appointment of a successor after the opening of the next regular session of the legislature in the odd-numbered year. A vacancy in the membership of the commission must be filled for the unexpired term in a manner that will preserve the representation established by this section.

Subd. 3.Duties.

The commission shall provide oversight of the state's cybersecurity measures. The commission shall review the policies and practices of state agencies with regard to cybersecurity and may recommend changes in policy to adequately protect the state from cybersecurity threats. The commission may develop recommendations and draft legislation to support and strengthen the state's cybersecurity infrastructure.

Subd. 4.Chair.

The commission shall elect a chair by a majority vote of members present. If the commission is unable to elect a chair by a majority vote at its first meeting of a biennium, the ranking member of the majority party shall serve as chair. The officers shall alternate between a member of the senate and a member of the house of representatives. A chair shall serve a two-year term expiring upon election of a new chair after the opening of the next regular session of the legislature in the odd-numbered year.

Subd. 5.Meetings.

The commission must meet at least three times per calendar year. The meetings of the commission are subject to section 3.055, except that the commission may close a meeting when necessary to safeguard the state's cybersecurity. Security records shall be maintained by the Legislative Coordinating Commission and shall not be made available to the public until at least eight years but no more than 20 years after the date of the closed meeting.

Subd. 5a.Closed meetings procedures.

The commission must adopt procedures for conducting closed meetings before the commission's first closed meeting. At a minimum, the procedures must include:

(1) a requirement to provide notice to the public, when practicable, before each closed meeting of the commission's intent and authority to hold a closed meeting or to hold a closed session during an otherwise open meeting;

(2) a requirement that the commission minimize the number of people present at a closed meeting to those necessary to conduct the meeting;

(3) a requirement that votes shall not be taken during a closed meeting or a closed portion of a meeting pursuant to this section;

(4) steps the commission must take if a commission member is alleged to have violated the confidentiality of a closed meeting; and

(5) guidance for the Legislative Coordinating Commission for the public release of security records following the eight-year record requirement in subdivision 5. The meetings of the Legislative Coordinating Commission under this subdivision are exempt from section 3.055 when necessary to safeguard the confidentiality of security records.

Subd. 5b.Alleged member closed meeting confidentiality violations.

Notwithstanding any law to the contrary, if a complaint alleging a member violated the confidentiality of a closed meeting is brought to a legislative committee with jurisdiction over ethical conduct, the committee with jurisdiction over ethical conduct must preserve the confidentiality of the closed meeting at issue.

Subd. 6.Administration.

The Legislative Coordinating Commission shall provide administrative services for the commission.

Subd. 7.Expiration.

The commission expires December 31, 2028.