1     
DATA SECURITY MANAGEMENT

2     
2017 GENERAL SESSION

3     
STATE OF UTAH

4     
Chief Sponsor: Robert M. Spendlove

5     
Senate Sponsor: D. Gregg Buxton

6     

7     LONG TITLE
8     General Description:
9          This bill amends provisions related to executive branch agency information security
10     technology.
11     Highlighted Provisions:
12          This bill:
13          ▸     requires the Department of Technology Services to assess each executive branch
14     agency's information security technology; and
15          ▸     requires the Department of Technology Services to develop recommendations to
16     address the results of the assessment and make recommendations to the Legislature.
17     Money Appropriated in this Bill:
18          None
19     Other Special Clauses:
20          None
21     Utah Code Sections Affected:
22     ENACTS:
23          63F-1-901, Utah Code Annotated 1953
24          63F-1-902, Utah Code Annotated 1953
25     

26     Be it enacted by the Legislature of the state of Utah:
27          Section 1. Section 63F-1-901 is enacted to read:
28     
Part 9. Executive Branch Agency Data Security

29          63F-1-901. Title.

30          This part is known as "Executive Branch Agency Data Security."
31          Section 2. Section 63F-1-902 is enacted to read:
32          63F-1-902. Executive branch agencies -- Data security review -- Report to
33     Legislature.
34          (1) As used in this section:
35          (a) "Restricted data" means data that, if disclosed, altered, or destroyed, would cause a
36     significant harm to the state or the state's data partners.
37          (b) "Restricted data" includes data protected by a state regulation or by a confidentiality
38     agreement.
39          (2) On or before December 31, 2017, the department shall assess each executive
40     branch agency with restricted data to determine if the executive branch agency's information
41     security technology requires the use of digital rights management technology to continuously
42     monitor documents stored by the department.
43          (3) Before April 18, 2018, the department shall:
44          (a) develop recommendations to address the findings of the assessment described in
45     Subsection (2); and
46          (b) report the recommendations described in Subsection (3)(a) to the Public Utilities,
47     Energy, and Technology Interim Committee.