Download Zipped Enrolled WP 8.0 SB0056.ZIP 9,111 Bytes
[Introduced][Amended][Status][Bill Documents][Fiscal Note][Bills Directory]
S.B. 56 Enrolled
AN ACT RELATING TO DIGITAL SIGNATURES AND THE CHIEF INFORMATION
OFFICER; PROVIDING FOR THE CREATION, MAINTENANCE, AND FUNDING OF A
CENTRAL REPOSITORY FOR INFORMATION RELATING TO THE ISSUANCE OF
DIGITAL CERTIFICATES BY GOVERNMENTAL ENTITIES; AUTHORIZING
GOVERNMENTAL ENTITIES, PARTICULARLY COUNTY CLERKS, TO PARTICIPATE
AND CHARGE FEES; AND ENUMERATING CHIEF INFORMATION OFFICER'S DUTIES.
This act affects sections of Utah Code Annotated 1953 as follows:
AMENDS:
63D-1-301.5, as last amended by Chapters 18 and 307, Laws of Utah 1999
ENACTS:
46-3-601, Utah Code Annotated 1953
46-3-602, Utah Code Annotated 1953
Be it enacted by the Legislature of the state of Utah:
Section 1. Section 46-3-601 is enacted to read:
46-3-601. Central repository for digital certificate information -- Fee.
(1) The chief information officer shall:
(a) designate an existing state repository or create a new repository that is a secure, central
repository for the maintenance of any appropriate information relating to the issuance of digital
certificates; and
(b) develop policies regarding the issuance of digital certificates by governmental entities
as provided in Section 63D-1-301.5 .
(2) Any participating governmental entity may charge a fee to cover administrative costs
and the fee required to be remitted to the state under Subsection (3).
(3) Of the fee collected by a participating governmental entity pursuant to Subsection (2),
a reasonable portion, as established by the chief information officer, shall be:
(a) remitted to the state agency maintaining the repository in Subsection (1)(a); and
(b) deposited in the General Fund as a dedicated credit for that state agency, to maintain the
repository and assist in the issuance of the digital certificates pursuant to this part and Section
63D-1-301.5 .
(4) Any money at the end of the fiscal year in excess of the dedicated credit required by
Subsection (3) shall lapse to the General Fund.
(5) Any state agency permitting the public to transact business with the state agency through
the use of a digital certificate may establish a transaction fee, pursuant to Section 63-38-3.2 , a portion
of which may be remitted to the licensed certification authority which issued the digital certificate
being used.
Section 2. Section 46-3-602 is enacted to read:
46-3-602. County clerk participation and fee authorization.
A county clerk may:
(1) participate in the issuance of digital certificates to citizens to facilitate electronic
transactions with governmental entities according to the digital certificate policy issued by the chief
information officer pursuant to Section 63D-1-301.5 ; and
(2) charge a fee for the service in Subsection (1), a portion of which shall be remitted to the
agency maintaining the state repository pursuant to Section 46-3-601 .
Section 3. Section 63D-1-301.5 is amended to read:
63D-1-301.5. Chief information officer -- Duties.
(1) The chief information officer shall:
(a) develop specific information technology objectives, policies, procedures, and standards
to guide the development of information systems within state government to achieve maximum
economy and quality while preserving optimum user flexibility, including:
(i) policies, standards, and procedures for appropriate interchange of information, optimum
service, and minimum costs;
(ii) policies for costing all information technology services performed by any state information
technology cost recovery center so that every cost recovery center charges its users a rate for services
that is both equitable and sufficient to recover all the costs of its operation, including the cost of
capital equipment and facilities;
(iii) policies governing coordination, cooperation, joint efforts, working relationships, and
cost accounting relative to the development and maintenance of information technology and
information systems; and
(iv) policies to ensure the protection of individual privacy and guarantee the exclusive control
to a user of its own data;
(b) coordinate the preparation of agency information technology plans within state
government, encompassing both short-term and long-term needs that support the agency's and the
state's strategic plans, including Utah Tomorrow;
(c) require each state agency to submit semiannually an agency information technology plan
containing the information required by Subsection (2) before the legislative session in which the
budget request will be heard and no later than the June 15 after the legislative session in which the
budget request was authorized to the chief information officer;
(d) upon receipt of a state agency's information technology plan:
(i) provide a complete copy of that plan to the director of the Division of Information
Technology Services;
(ii) review and approve or disapprove agency information technology plans to ensure that
these plans are the most economically viable and are the best solution to the agency's needs and the
state's needs; and
(iii) approve or disapprove of and coordinate the acquisition of information technology
equipment, telecommunications equipment, and related services for all agencies of state government;
(e) facilitate the implementation of agency plans;
(f) establish priorities in terms of both importance and time sequencing for the development
and implementation of information systems;
(g) monitor information systems development to promote maximum use of existing state
information resources;
(h) advise the governor on information technology policy and make recommendations to the
governor regarding requests for appropriations for information technology equipment and personnel;
(i) maintain liaison with the legislative and judicial branches, the Board of Regents, the State
Board of Education, local government, federal government, business and industry, and consumers
to promote cooperation and make recommendations regarding information resources;
(j) conduct performance audits of state information technology management, planning, and
the use of information technology resources and distribute copies of the audit reports as provided in
Subsection (3);
(k) prepare an annual report to the governor and to the Legislature's Public Utilities and
Technology Interim Committee and the Information Technology Commission that:
(i) summarizes the state's current and projected use of information technology; and
(ii) includes a description of major changes in state policy and a brief description of each state
agency's plan;
(l) inform each state entity of the requirements of Section 63D-1-105 ; [
(m) as permitted by law, coordinate the efforts of state government to provide services and
transactions through the Internet[
(n) designate an existing state repository or create a new repository that is secure and central
for the maintenance of any appropriate information relating to the issuance of digital certificates as
provided in Section 46-3-601 ; and
(o) develop a digital certificate policy pursuant to Subsection (6).
(2) (a) Each state agency information technology plan shall include information about planned
information technology objectives and expenditures for the next year in the level of detail and format
specified by the chief information officer.
(b) The plans in Subsection (2)(a) shall include the progress of each state agency toward
making the agency's services available on the Internet as provided in Section 63D-1-105 .
(3) (a) Upon completion of an audit report produced under authority of Subsection (1)(j),
the chief information officer shall:
(i) provide copies of all audit reports to:
(A) the agency audited;
(B) the governor;
(C) the Office of Legislative Fiscal Analyst;
(D) the Public Utilities and Technology Interim Committee; and
(E) the Information Technology Commission; and
(ii) present the performance audit findings to the Information Technology Policy and Strategy
Committee at their next meeting.
(b) Each state agency shall provide the chief information officer with complete access to all
information technology records, documents, and reports, including electronic, analog, or digital, when
requested for the purpose of a performance audit.
(4) The rate for services established by an information technology cost recovery center, and
reviewed by the chief information officer, may be lowered if the Legislature appropriates monies to
the cost recovery center for the specific purpose of lowering rates.
(5) (a) The chief information officer shall receive reports from the director of the Division
of Information Technology Services regarding the division's:
(i) budget;
(ii) strategic plans, including services the division is or plans to offer agencies;
(iii) major expenditure plans; and
(iv) any other items determined jointly by the executive director and the chief information
officer.
(b) The chief information officer shall have authority to approve or disapprove any of the
items listed in Subsection (5)(a).
(6) The chief information officer shall:
(a) develop a digital certificate policy which includes:
(i) indicating the level of identity verification necessary for digital certificates issued by any
governmental entity to be valid for transacting business online with state agencies and political
subdivisions;
(ii) requiring any certification authority from which the digital certificates are acquired to be
licensed in the state pursuant to Title 46, Chapter 3, Utah Digital Signature Act;
(iii) providing for the security of the information in the repository, including who is permitted
access to the information; and
(iv) indicating the appropriate use and retention of the information in the repository;
(b) assist governmental entities desiring to transact business with citizens electronically to
develop programs using digital certificates; and
(c) designate the state repository pursuant to Section 46-3-601 .
[Bill Documents][Bills Directory]