Download Zipped Amended WP 8.0 SB0056.ZIP 11,757 Bytes
[Introduced][Status][Bill Documents][Fiscal Note][Bills Directory]

S.B. 56

             1     

DIGITAL CERTIFICATES AND

             2     
IDENTIFICATION AMENDMENTS

             3     
2000 GENERAL SESSION

             4     
STATE OF UTAH

             5     
Sponsor: Scott N. Howell

             6      AN ACT RELATING TO DIGITAL SIGNATURES AND THE CHIEF INFORMATION
             7      OFFICER; PROVIDING FOR THE CREATION, MAINTENANCE, AND FUNDING OF A
             8      CENTRAL REPOSITORY FOR INFORMATION RELATING TO THE ISSUANCE OF
             9      DIGITAL CERTIFICATES BY GOVERNMENTAL ENTITIES; AUTHORIZING
             10      GOVERNMENTAL ENTITIES, PARTICULARLY COUNTY CLERKS, TO PARTICIPATE
             11      AND CHARGE FEES; h AND h ENUMERATING CHIEF INFORMATION OFFICER'S DUTIES
             11a      h [ ; AND
             12      PROVIDING AN APPROPRIATION OF $40,000 FOR FISCAL YEAR 2000-01 TO THE CHIEF
             13      INFORMATION OFFICER
] h
.
             14      This act affects sections of Utah Code Annotated 1953 as follows:
             15      AMENDS:
             16          63D-1-301.5, as last amended by Chapters 18 and 307, Laws of Utah 1999
             17      ENACTS:
             18          46-3-601, Utah Code Annotated 1953
             19          46-3-602, Utah Code Annotated 1953
             20      Be it enacted by the Legislature of the state of Utah:
             21          Section 1. Section 46-3-601 is enacted to read:
             22     
Part 6. Governmental Entity Participation

             23          46-3-601. Central repository for digital certificate information -- Fee.
             24          (1) The chief information officer shall:
             25          (a) designate an existing state repository or create a new repository that is a secure, central
             26      repository for the maintenance of any appropriate information relating to the issuance of digital
             27      certificates; and


             28          (b) develop policies regarding the issuance of digital certificates by governmental entities
             29      as provided in Section 63D-1-301.5 .
             30          (2) Any participating governmental entity may charge a fee to cover administrative costs
             31      and the fee required to be remitted to the state under Subsection (3).
             32          (3) Of the fee collected by a participating governmental entity pursuant to Subsection (2),
             33      h [ $4 ] A REASONABLE PORTION, AS ESTABLISHED BY THE CHIEF INFORMATION OFFICER h shall
             33a      be:
             34          (a) remitted to the state agency maintaining the repository in Subsection (1)(a); and
             35          (b) deposited in the General Fund as a dedicated credit for that state agency, to maintain
             36      the repository and assist in the issuance of the digital certificates pursuant to this part and Section
             37      63D-1-301.5 .
             38          (4) Any money at the end of the fiscal year in excess of the dedicated credit required by
             39      Subsection (3) shall lapse to the General Fund.
             40           h [ (5) After the amount of the initial monies appropriated by the Legislature have been
             41      reimbursed to the General Fund, the state agency maintaining the repository shall reevaluate the
             42      fee to be remitted to it under Subsection (3) to determine whether any modification needs to be
             43      made to the fee amount to be remitted by participating governmental entities.
] h

             44           h [ (6) ] (5) h Any state agency permitting the public to transact business with the state agency
             45      through the use of a digital certificate may establish a transaction fee, pursuant to Section
             46      63-38-3.2 , a portion of which may be remitted to the licensed certification authority which issued
             47      the digital certificate being used.
             48          Section 2. Section 46-3-602 is enacted to read:
             49          46-3-602. County clerk participation and fee authorization.
             50          A county clerk may:
             51          (1) participate in the issuance of digital certificates to citizens to facilitate electronic
             52      transactions with governmental entities according to the digital certificate policy issued by the
             53      chief information officer pursuant to Section 63D-1-301.5 ; and
             54          (2) charge a fee for the service in Subsection (1), a portion of which shall be remitted to
             55      the agency maintaining the state repository pursuant to Section 46-3-601 .
             56          Section 3. Section 63D-1-301.5 is amended to read:
             57           63D-1-301.5. Chief information officer -- Duties.
             58          (1) The chief information officer shall:


             59          (a) develop specific information technology objectives, policies, procedures, and standards
             60      to guide the development of information systems within state government to achieve maximum
             61      economy and quality while preserving optimum user flexibility, including:
             62          (i) policies, standards, and procedures for appropriate interchange of information, optimum
             63      service, and minimum costs;
             64          (ii) policies for costing all information technology services performed by any state
             65      information technology cost recovery center so that every cost recovery center charges its users a
             66      rate for services that is both equitable and sufficient to recover all the costs of its operation,
             67      including the cost of capital equipment and facilities;
             68          (iii) policies governing coordination, cooperation, joint efforts, working relationships, and
             69      cost accounting relative to the development and maintenance of information technology and
             70      information systems; and
             71          (iv) policies to ensure the protection of individual privacy and guarantee the exclusive
             72      control to a user of its own data;
             73          (b) coordinate the preparation of agency information technology plans within state
             74      government, encompassing both short-term and long-term needs that support the agency's and the
             75      state's strategic plans, including Utah Tomorrow;
             76          (c) require each state agency to submit semiannually an agency information technology
             77      plan containing the information required by Subsection (2) before the legislative session in which
             78      the budget request will be heard and no later than the June 15 after the legislative session in which
             79      the budget request was authorized to the chief information officer;
             80          (d) upon receipt of a state agency's information technology plan:
             81          (i) provide a complete copy of that plan to the director of the Division of Information
             82      Technology Services;
             83          (ii) review and approve or disapprove agency information technology plans to ensure that
             84      these plans are the most economically viable and are the best solution to the agency's needs and
             85      the state's needs; and
             86          (iii) approve or disapprove of and coordinate the acquisition of information technology
             87      equipment, telecommunications equipment, and related services for all agencies of state
             88      government;
             89          (e) facilitate the implementation of agency plans;


             90          (f) establish priorities in terms of both importance and time sequencing for the
             91      development and implementation of information systems;
             92          (g) monitor information systems development to promote maximum use of existing state
             93      information resources;
             94          (h) advise the governor on information technology policy and make recommendations to
             95      the governor regarding requests for appropriations for information technology equipment and
             96      personnel;
             97          (i) maintain liaison with the legislative and judicial branches, the Board of Regents, the
             98      State Board of Education, local government, federal government, business and industry, and
             99      consumers to promote cooperation and make recommendations regarding information resources;
             100          (j) conduct performance audits of state information technology management, planning, and
             101      the use of information technology resources and distribute copies of the audit reports as provided
             102      in Subsection (3);
             103          (k) prepare an annual report to the governor and to the Legislature's Public Utilities and
             104      Technology Interim Committee and the Information Technology Commission that:
             105          (i) summarizes the state's current and projected use of information technology; and
             106          (ii) includes a description of major changes in state policy and a brief description of each
             107      state agency's plan;
             108          (l) inform each state entity of the requirements of Section 63D-1-105 ; [and]
             109          (m) as permitted by law, coordinate the efforts of state government to provide services and
             110      transactions through the Internet[.];
             111          (n) designate an existing state repository or create a new repository that is secure and
             112      central for the maintenance of any appropriate information relating to the issuance of digital
             113      certificates as provided in Section 46-3-601 ; and
             114          (o) develop a digital certificate policy pursuant to Subsection (6).
             115          (2) (a) Each state agency information technology plan shall include information about
             116      planned information technology objectives and expenditures for the next year in the level of detail
             117      and format specified by the chief information officer.
             118          (b) The plans in Subsection (2)(a) shall include the progress of each state agency toward
             119      making the agency's services available on the Internet as provided in Section 63D-1-105 .
             120          (3) (a) Upon completion of an audit report produced under authority of Subsection (1)(j),


             121      the chief information officer shall:
             122          (i) provide copies of all audit reports to:
             123          (A) the agency audited;
             124          (B) the governor;
             125          (C) the Office of Legislative Fiscal Analyst;
             126          (D) the Public Utilities and Technology Interim Committee; and
             127          (E) the Information Technology Commission; and
             128          (ii) present the performance audit findings to the Information Technology Policy and
             129      Strategy Committee at their next meeting.
             130          (b) Each state agency shall provide the chief information officer with complete access to
             131      all information technology records, documents, and reports, including electronic, analog, or digital,
             132      when requested for the purpose of a performance audit.
             133          (4) The rate for services established by an information technology cost recovery center,
             134      and reviewed by the chief information officer, may be lowered if the Legislature appropriates
             135      monies to the cost recovery center for the specific purpose of lowering rates.
             136          (5) (a) The chief information officer shall receive reports from the director of the Division
             137      of Information Technology Services regarding the division's:
             138          (i) budget;
             139          (ii) strategic plans, including services the division is or plans to offer agencies;
             140          (iii) major expenditure plans; and
             141          (iv) any other items determined jointly by the executive director and the chief information
             142      officer.
             143          (b) The chief information officer shall have authority to approve or disapprove any of the
             144      items listed in Subsection (5)(a).
             145          (6) The chief information officer shall:
             146          (a) develop a digital certificate policy which includes:
             147          (i) indicating the level of identity S [ validation ] VERIFICATION s necessary for digital
             147a      certificates issued by any
             148      governmental entity to be valid for transacting business online with state agencies and political
             149      subdivisions;
             150          (ii) requiring any certification authority from which the digital certificates are acquired to
             151      be licensed in the state pursuant to Title 46, Chapter 3, Utah Digital Signature Act;


             152          (iii) providing for the security of the information in the repository, including who is
             153      permitted access to the information; and
             154          (iv) indicating the appropriate use and retention of the information in the repository;
             155          (b) assist governmental entities desiring to transact business with citizens electronically
             156      to develop programs using digital certificates; and
             157          (c) designate the state repository pursuant to Section 46-3-601 .
             158           h [ Section 4. Appropriation.
             159          (1) For fiscal year 2000-01 only, there is appropriated from the General Fund $40,000 to
             160      the office of the chief information officer.
             161          (2) It is the intent of the Legislature that the chief information officer shall transfer this
             162      money to the agency designated pursuant to Sections 46-3-601 and 63D-1-301.5 to create or
             163      maintain the state repository for appropriate information relating to the issuance of digital
             164      certificates
.] h





Legislative Review Note
    as of 2-8-00 12:45 PM


A limited legal review of this legislation raises no obvious constitutional or statutory concerns.

Office of Legislative Research and General Counsel


[Bill Documents][Bills Directory]