Chief Sponsor: Jacob L. Anderegg

House Sponsor: Adam Robertson


8     General Description:
9          This bill amends provisions related to the Department of Technology Services'
10     development and implementation of the single sign-on citizen portal.
11     Highlighted Provisions:
12          This bill:
13          ▸     requires the Department of Technology Services to incorporate standard identifiers
14     for businesses and individuals using the single sign-on citizen portal in the
15     department's efforts to standardize data elements;
16          ▸     requires that standard identifiers be in compliance with the department's state
17     information architecture, and:
18               •     increase the security of digital identities for the state's citizens;
19               •     prioritize the privacy of personally identifiable information for the state's
20     citizens;
21               •     improve data sharing between executive branch agencies; and
22               •     improve access to information and services for the state's citizens; and
23          ▸     provides appropriations for the use and support of the chief information officer's
24     duties as they relate to the single sign-on citizen portal.
25     Money Appropriated in this Bill:
26          This bill appropriates in fiscal year 2021:
27          ▸     to the Department of Technology Services -- Chief Information Officer, as a

28     one-time appropriation:
29               •     from the General Fund, One-time, $750,000.
30     Other Special Clauses:
31          None
32     Utah Code Sections Affected:
33     AMENDS:
34          63F-1-104, as last amended by Laws of Utah 2019, Chapters 61, 143, and 144
35          63F-3-104, as last amended by Laws of Utah 2019, Chapter 174

37     Be it enacted by the Legislature of the state of Utah:
38          Section 1. Section 63F-1-104 is amended to read:
39          63F-1-104. Purposes.
40          The department shall:
41          (1) lead state executive branch agency efforts to establish and reengineer the state's
42     information technology architecture with the goal of coordinating central and individual agency
43     information technology in a manner that:
44          (a) ensures compliance with the executive branch agency strategic plan; and
45          (b) ensures that cost-effective, efficient information and communication systems and
46     resources are being used by agencies to:
47          (i) reduce data, hardware, and software redundancy;
48          (ii) improve system interoperability and data accessibility between agencies; and
49          (iii) meet the agency's and user's business and service needs;
50          (2) coordinate an executive branch strategic plan for all agencies;
51          (3) develop and implement processes to replicate information technology best practices
52     and standards throughout the executive branch;
53          (4) at least once every odd-numbered year:
54          (a) evaluate the adequacy of the department's and the executive branch agencies' data
55     and information technology system security standards through an independent third party
56     assessment; and
57          (b) communicate the results of the independent third party assessment to the
58     appropriate executive branch agencies and to the president of the Senate and the speaker of the

59     House of Representatives;
60          (5) oversee the expanded use and implementation of project and contract management
61     principles as they relate to information technology projects within the executive branch;
62          (6) serve as general contractor between the state's information technology users and
63     private sector providers of information technology products and services;
64          (7) work toward building stronger partnering relationships with providers;
65          (8) develop service level agreements with executive branch departments and agencies
66     to ensure quality products and services are delivered on schedule and within budget;
67          (9) develop standards for application development including a standard methodology
68     and cost-benefit analysis that all agencies shall utilize for application development activities;
69          (10) determine and implement statewide efforts to standardize data elements[;],
70     including standard identifiers:
71          (a) for businesses and individuals using the single sign-on citizen portal described in
72     Section 63F-3-103.5;
73          (b) in compliance with the department's state information architecture; and
74          (c) that:
75          (i) increase the security of digital identities for the state's citizens;
76          (ii) prioritize the privacy of personally identifiable information, as defined in Section
77     63D-2-102, for the state's citizens;
78          (iii) improve data sharing between executive branch agencies; and
79          (iv) improve access to information and services for the state's citizens as described in
80     Section 63F-3-103.5;
81          (11) coordinate with executive branch agencies to provide basic website standards for
82     agencies that address common design standards and navigation standards, including:
83          (a) accessibility for individuals with disabilities in accordance with:
84          (i) the standards of 29 U.S.C. Sec. 794d; and
85          (ii) Section 63F-1-210;
86          (b) consistency with standardized government security standards;
87          (c) designing around user needs with data-driven analysis influencing management and
88     development decisions, using qualitative and quantitative data to determine user goals, needs,
89     and behaviors, and continual testing of the website, web-based form, web-based application, or

90     digital service to ensure that user needs are addressed;
91          (d) providing users of the website, web-based form, web-based application, or digital
92     service with the option for a more customized digital experience that allows users to complete
93     digital transactions in an efficient and accurate manner; and
94          (e) full functionality and usability on common mobile devices;
95          (12) consider, when making a purchase for an information system, cloud computing
96     service options, including any security benefits, privacy, data retention risks, and cost savings
97     associated with purchasing a cloud computing service option;
98          (13) develop systems and methodologies to review, evaluate, and prioritize existing
99     information technology projects within the executive branch and report to the governor and the
100     Public Utilities, Energy, and Technology Interim Committee in accordance with Section
101     63F-1-201 on a semiannual basis regarding the status of information technology projects;
102          (14) assist the Governor's Office of Management and Budget with the development of
103     information technology budgets for agencies; and
104          (15) ensure that any training or certification required of a public official or public
105     employee, as those terms are defined in Section 63G-22-102, complies with Title 63G, Chapter
106     22, State Training and Certification Requirements, if the training or certification is required:
107          (a) under this title;
108          (b) by the department; or
109          (c) by an agency or division within the department.
110          Section 2. Section 63F-3-104 is amended to read:
111          63F-3-104. Report.
112          (1) The department shall report:
113          (a) to the Public Utilities, Energy, and Technology Interim Committee before
114     November 30 of each year regarding:
115          [(a)] (i) the progress the department has made in developing the single sign-on business
116     portal and the single sign-on citizen portal and, once that development is complete, regarding
117     the operation of the single sign-on business portal and the single sign-on citizen portal;
118          [(b)] (ii) the department's goals and plan for each of the next five years to fulfill the
119     department's responsibilities described in this part; and
120          [(c)] (iii) whether the department recommends any change to the single sign-on fee

121     being charged under Section 13-1-2[.]; and
122          (b) by October 1, 2020, to the Infrastructure and General Government Appropriations
123     Subcommittee regarding the department's progress in determining and implementing standard
124     identifiers for businesses and individuals under Subsection 63F-1-104(10).
125          (2) The Public Utilities, Energy, and Technology Interim Committee shall annually:
126          (a) review the single sign-on fee being charged under Section 13-1-2;
127          (b) determine whether the revenue from the single sign-on fee is adequate for designing
128     and developing and then, once developed, operating and maintaining the single sign-on web
129     portal; and
130          (c) make any recommendation to the Legislature that the committee considers
131     appropriate concerning:
132          (i) the single sign-on fee; and
133          (ii) the development or operation of the single sign-on business portal and the single
134     sign-on citizen portal.
135          Section 3. Appropriation.
136          The following sums of money are appropriated for the fiscal year beginning July 1,
137     2020, and ending June 30, 2021. These are additions to amounts previously appropriated for
138     fiscal year 2021. Under the terms and conditions of Title 63J, Chapter 1, Budgetary Procedures
139     Act, the Legislature appropriates the following sums of money from the funds or accounts
140     indicated for the use and support of the government of the state of Utah.
141     ITEM 1
142          To Department of Technology Services -- Chief Information Officer
143               From General Fund, One-time

144               Schedule of Programs:
145                    Chief Information Officer               $750,000
146          The Legislature intends that the appropriation in this item be used solely for the purpose
147     of implementing the single sign-on citizen portal, and that under terms of Subsection
148     63J-1-603(3)(a), the appropriation provided for the chief information officer in this item shall
149     not lapse at the close of fiscal year 2021.