Rating: 0

Bill Summary:
H0035 amends Idaho’s information technology statutes to require the implementation of multifactor identification (MFA) across all branches of state government, including executive agencies, the Legislature, judiciary, and elected constitutional offices. It defines MFA, mandates its use for access to systems such as email, cloud services, and databases, and expands the powers of the Office of Information Technology Services (OITS) to oversee cybersecurity policies, penetration testing, employee training, and public education. The bill includes technical corrections and an emergency clause, taking effect July 1, 2025.

Reason for Rating:
While the bill advances important cybersecurity protections, its reach into all branches of government—including the legislative and judicial—raises potential constitutional concerns about the separation of powers. Additionally, the absence of clear funding provisions places compliance costs on smaller agencies without guaranteed support. The bill also consolidates authority within a single executive office, expanding bureaucratic oversight. These concerns, while not fatal to the bill’s merits, create tension with the Idaho Republican Party Platform’s principles of limited government, fiscal responsibility, and respect for institutional autonomy. Therefore, H0035 warrants a neutral rating.