STAND. COM. REP. NO. 2676

 

Honolulu, Hawaii

                   

 

RE:     S.B. No. 3015

        S.D. 1

 

 

 

Honorable Ronald D. Kouchi

President of the Senate

Thirty-Third State Legislature

Regular Session of 2026

State of Hawaii

 

Sir:

 

     Your Committee on Government Operations, to which was referred S.B. No. 3015 entitled:

 

"A BILL FOR AN ACT RELATING TO PERSONAL INFORMATION,"

 

begs leave to report as follows:

 

     The purpose and intent of this measure is to:

 

     (1)  Require every government agency that maintains, uses, collects, or processes the home address of a covered public servant or candidate, to ensure that their home address is not publicly accessible;

 

     (2)  Require every government agency to redact or otherwise remove home addresses from certain websites, databases, and printed documents or publications;

 

     (3)  Authorize an individual to request disclosure of the home address, under certain circumstances; and

 

     (4)  Allow a covered public servant or candidate to object to the disclosure of their home address.

 

     Your Committee received testimony in opposition to this measure from the Public First Law Center.

 

     Your Committee received comments on this measure from the Department of the Attorney General, Department of Commerce and Consumer Affairs, Office of Information Practices, Campaign Spending Commission, League of Women Voters of Hawaii, and Hawaii Professional Chapter of the Society of Professional Journalists.

 

     Your Committee finds that acts of violence directed at public officials and their families have increased nationwide in recent years, often facilitated by the easy public availability of personal identifying information, such as home addresses.  This measure establishes additional protections for public servants and candidates information to protect them and their families while maintaining government transparency.

 

     Your Committee further finds that personally identifiable information held by government entities is increasingly targeted for misuse, including identity theft and financial fraud, and that public-facing government websites, searchable databases, and bulk‑download systems can unintentionally amplify risk when sensitive information is posted or indexed.  Your Committee notes that testimony on this measure raised significant concerns regarding the home-address-specific approach, requestor-identification requirements, and objection process that could conflict with the Uniform Information Practices Act and other statutes requiring disclosure of certain address information, while also creating operational challenges for agencies charged with compliance.

 

     Your Committee believes that this measure's policy objectives should be to protect residents as a class, rather than creating protections that apply only to public officials, and to modernize and standardize how government entities define, secure, and prevent the inadvertent publication of sensitive personal information in publicly accessible government systems.  Additionally, these objectives should be accomplished without materially altering disclosure requirements under public records law, except for clearly enumerated categories of personal information that should not be posted publicly absent an explicit legal requirement. 

 

     Your Committee notes that the amendments your Committee has made to this measure are intended to shift the approach to a government-wide cybersecurity and data-handling framework focused on preventing public exposure through online systems, searchable databases, and bulk downloads, while preserving transparency obligations and lawful access to government records.

 

     Your Committee has amended this measure by deleting its contents and:

 

     (1)  Inserting language that:

 

          (A)  Prohibits government entities from making personal information publicly accessible through a publicly accessible information system or publicly accessible source of information, except under certain conditions;

 

          (B)  Allows individuals who reasonably believe their personal information is publicly accessible through a government entities' publicly accessible information system or publicly accessible source of information to submit a written notice to the entity to require corrective action;

 

          (C)  Establishes a cause of action to compel compliance;

 

          (D)  Establishes statutory penalties for intentional noncompliance;

 

          (E)  Requires government entities to adopt and implement policies and procedures to prevent personal information from being publicly accessible; 

 

          (F)  Requires government entities that own, license, maintain, use, collect, or possess personal information to implement and maintain certain reasonable security procedures and practices to protect the personal information;

 

          (G)  Requires government entities to provide notice to individuals in the case of a breach of a security system protecting personal information; and

 

          (H)  Requires government entities to submit annual reports to the Legislature;

 

     (2)  Amending section 1 to reflect its amended purpose;

 

     (3)  Inserting an effective date of January 1, 2525, to encourage further discussion; and

 

     (4)  Making technical, nonsubstantive amendments for the purposes of clarity and consistency.

 

     As affirmed by the record of votes of the members of your Committee on Government Operations that is attached to this report, your Committee is in accord with the intent and purpose of S.B. No. 3015, as amended herein, and recommends that it pass Second Reading in the form attached hereto as S.B. No. 3015, S.D. 1, and be referred to your Committee on Judiciary.

 

Respectfully submitted on behalf of the members of the Committee on Government Operations,

 

 

 

________________________________

ANGUS L.K. MCKELVEY, Chair