1
2
3
4
5
6
7 LONG TITLE
8 General Description:
9 This bill establishes requirements related to the Office of the Legislative Auditor
10 General.
11 Highlighted Provisions:
12 This bill:
13 ▸ defines terms;
14 ▸ requires the chief officer of an entity that the Office of the Legislative Auditor
15 General (OLAG) audits to prepare a written audit response plan addressing each
16 recommendation in OLAG's audit report;
17 ▸ requires OLAG to attach the audit response plan described above to the audit report;
18 ▸ vests the legislator auditor general with discretion to prepare a written reply to an
19 audit response plan;
20 ▸ in certain circumstances, instructs the chief officer described above to update the
21 audit response plan on a semi-annual basis and to submit the update to:
22 • the legislative committee designated by the Audit Subcommittee; and
23 • the legislative auditor general;
24 ▸ provides that the chief officer's obligation to update an audit response plan
25 terminates when OLAG reports to the Audit Subcommittee that the chief officer has
26 fully implemented each recommendation in the audit report;
27 ▸ clarifies the Audit Subcommittee's and OLAG's responsibilities in relation to an
28 entity that fails to implement a recommendation included in a previous audit report;
29 ▸ grants OLAG the authority to annually perform a systemic performance audit of one
30 or more institutions of higher education or independent entities;
31 ▸ requires OLAG to evaluate an institution of higher education's admissions practices
32 in conducting an audit described above;
33 ▸ clarifies that OLAG's request for data and materials from the Utah Data Research
34 Center (UDRC) in connection with an audit of an entity is not a data research
35 request or request for a data set;
36 ▸ in connection with OLAG's audit of an entity:
37 • requires the UDRC to provide OLAG with data and materials that is not
38 de-identified; and
39 • prohibits the UDRC from charging OLAG a fee for completing a request for
40 data and materials; and
41 ▸ makes technical and conforming changes.
42 Money Appropriated in this Bill:
43 None
44 Other Special Clauses:
45 None
46 Utah Code Sections Affected:
47 AMENDS:
48 36-12-8, as last amended by Laws of Utah 2016, Chapter 403
49 36-12-15, as last amended by Laws of Utah 2023, Chapter 21
50 36-12-15.1, as last amended by Laws of Utah 2023, Chapter 21
51 53B-33-101, as last amended by Laws of Utah 2023, Chapter 84
52 53B-33-301, as last amended by Laws of Utah 2023, Chapter 21
53 ENACTS:
54 36-12-15.3, Utah Code Annotated 1953
55
56 Be it enacted by the Legislature of the state of Utah:
57 Section 1. Section 36-12-8 is amended to read:
58 36-12-8. Legislative Management Committee -- Research and General Counsel
59 Subcommittee -- Budget Subcommittee -- Audit Subcommittee -- Duties -- Members --
60 Meetings.
61 (1) There are created within the Legislative Management Committee:
62 (a) the Research and General Counsel Subcommittee;
63 (b) the Budget Subcommittee; and
64 (c) the Audit Subcommittee.
65 (2) (a) The Research and General Counsel Subcommittee, comprising six members,
66 shall recommend to the Legislative Management Committee a person or persons to hold the
67 positions of director of the Office of Legislative Research and General Counsel and legislative
68 general counsel.
69 (b) The Budget Subcommittee, comprising six members, shall recommend to the
70 Legislative Management Committee a person to hold the position of legislative fiscal analyst.
71 (c) The Audit Subcommittee shall comprise:
72 (i) the president, majority leader, and minority leader of the Senate; and
73 (ii) the speaker, majority leader, and minority leader of the House of Representatives.
74 (d) The Audit Subcommittee shall:
75 (i) recommend to the Legislative Management Committee a person to hold the position
76 of legislative auditor general; and
77 (ii) (A) review all requests for audits;
78 (B) prioritize those requests;
79 (C) hear all audit reports and refer those reports to other legislative committees for
80 their further review and action as appropriate; and
81 (D) when notified by the legislative auditor general [
82 audit has found that an entity has not implemented a previous audit recommendation, refer the
83 audit report to an appropriate legislative committee and also ensure that an appropriate
84 legislative committee conducts a review of the entity that has not implemented the previous
85 audit recommendation.
86 (3) The members of each subcommittee of the Legislative Management Committee,
87 other than the Audit Subcommittee, shall have equal representation from each major political
88 party and shall be appointed from the membership of the Legislative Management Committee
89 by an appointments committee comprised of the speaker and the minority leader of the House
90 of Representatives and the president and the minority leader of the Senate.
91 (4) Each subcommittee of the Legislative Management Committee:
92 (a) shall meet as often as necessary to perform its duties; and
93 (b) may meet during and between legislative sessions.
94 Section 2. Section 36-12-15 is amended to read:
95 36-12-15. Office of the Legislative Auditor General established -- Qualifications --
96 Powers, functions, and duties -- Reporting -- Criminal penalty -- Employment.
97 (1) As used in this section:
98 (a) "Audit action" means an audit, examination, investigation, or review of an entity
99 conducted by the office.
100 [
101 (i) a government organization; or
102 (ii) a receiving organization.
103 [
104 (i) a state branch, department, or agency; or
105 (ii) a political subdivision, including a county, municipality, special district, special
106 service district, school district, interlocal entity as defined in Section 11-13-103, or any other
107 local government unit.
108 (d) "Office" means the Office of the Legislative Auditor General.
109 [
110 is not a government organization.
111 (2) There is created the Office of the Legislative Auditor General as a permanent staff
112 office for the Legislature.
113 (3) The legislative auditor general shall be a licensed certified public accountant or
114 certified internal auditor with at least seven years of experience in the auditing or public
115 accounting profession, or the equivalent, prior to appointment.
116 (4) The legislative auditor general shall appoint and develop a professional staff within
117 budget limitations.
118 (5) The [
119 constitutional authority provided in Utah Constitution, Article VI, Section 33.
120 (6) Under the direction of the legislative auditor general, the [
121
122 (a) conduct comprehensive and special purpose audits, examinations, investigations, or
123 reviews of entity funds, functions, and accounts;
124 (b) prepare and submit a written report on each [
125
126 available to all members of the Legislature within 75 days after the [
127
128 (c) monitor, conduct a risk assessment of, or audit any efficiency evaluations that the
129 legislative auditor general determines necessary, in accordance with Title 63J, Chapter 1, Part
130 9, Government Performance Reporting and Efficiency Process, and legislative rule;
131 (d) create, manage, and report to the Audit Subcommittee a list of high risk programs
132 and operations that:
133 (i) threaten public funds or programs;
134 (ii) are vulnerable to inefficiency, waste, fraud, abuse, or mismanagement; or
135 (iii) require transformation;
136 (e) monitor and report to the Audit Subcommittee the health of a government
137 organization's internal audit functions;
138 (f) make recommendations to increase the independence and value added of internal
139 audit functions throughout the state;
140 (g) implement a process to track, monitor, and report whether the subject of an audit
141 has implemented recommendations made in the audit report;
142 (h) establish, train, and maintain individuals within the office to conduct investigations
143 and represent themselves as lawful investigators on behalf of the office;
144 (i) establish policies, procedures, methods, and standards of audit work and
145 investigations for the office and staff;
146 (j) prepare and submit each audit and investigative report independent of any influence
147 external of the office, including the content of the report, the conclusions reached in the report,
148 and the manner of disclosing the legislative auditor general's findings;
149 (k) prepare and submit the annual budget request for the office; and
150 (l) perform other duties as prescribed by the Legislature.
151 (7) In conducting an [
152 entity, the [
153 any or all of the following:
154 (a) the honesty and integrity of any of the entity's fiscal affairs;
155 (b) the accuracy and reliability of the entity's internal control systems and specific
156 financial statements and reports;
157 (c) whether or not the entity's financial controls are adequate and effective to properly
158 record and safeguard the entity's acquisition, custody, use, and accounting of public funds;
159 (d) whether the entity's administrators have complied with legislative intent;
160 (e) whether the entity's operations have been conducted in an efficient, effective, and
161 cost efficient manner;
162 (f) whether the entity's programs have been effective in accomplishing intended
163 objectives; and
164 (g) whether the entity's management control and information systems are adequate and
165 effective.
166 (8) (a) If requested by the [
167 entity that the legislative auditor general is authorized to audit under Utah Constitution,
168 Article VI, Section 33, or this section shall, notwithstanding any other provision of law except
169 as provided in Subsection (8)(b), provide the office with access to information, materials, or
170 resources the office determines are necessary to conduct an audit, examination, investigation,
171 or review, including:
172 (i) the following in the possession or custody of the entity in the format identified by
173 the office:
174 (A) a record, document, and report; and
175 (B) films, tapes, recordings, and electronically stored information;
176 (ii) entity personnel; and
177 (iii) each official or unofficial recording of formal or informal meetings or
178 conversations to which the entity has access.
179 (b) To the extent compliance would violate federal law, the requirements of Subsection
180 (8)(a) do not apply.
181 (9) (a) In carrying out the duties provided for in this section and under Utah
182 Constitution, Article VI, Section 33, the legislative auditor general may issue a subpoena to
183 access information, materials, or resources in accordance with Chapter 14, Legislative
184 Subpoena Powers.
185 (b) The legislative auditor general may issue a subpoena, as described in Subsection
186 (9)(a), to a financial institution or any other entity to obtain information as part of an
187 investigation of fraud, waste, or abuse, including any suspected malfeasance, misfeasance, or
188 nonfeasance involving public funds.
189 (10) To preserve the professional integrity and independence of the office:
190 (a) no legislator or public official may urge the appointment of any person to the office;
191 and
192 (b) the legislative auditor general may not be appointed to serve on any board,
193 authority, commission, or other agency of the state during the legislative auditor general's term
194 as legislative auditor general.
195 (11) (a) The following records in the custody or control of the legislative auditor
196 general are protected records under Title 63G, Chapter 2, Government Records Access and
197 Management Act:
198 (i) records and audit work papers that would disclose information relating to
199 allegations of personal misconduct, gross mismanagement, or illegal activity of a past or
200 present governmental employee if the information or allegation cannot be corroborated by the
201 legislative auditor general through other documents or evidence, and the records relating to the
202 allegation are not relied upon by the legislative auditor general in preparing a final audit report;
203 (ii) records and audit workpapers that would disclose the identity of a person who,
204 during the course of a legislative audit, communicated the existence of:
205 (A) unethical behavior;
206 (B) waste of public funds, property, or personnel; or
207 (C) a violation or suspected violation of a United States, Utah state, or political
208 subdivision law, rule, ordinance, or regulation, if the person disclosed on the condition that the
209 identity of the person be protected;
210 (iii) before an audit is completed and the final audit report is released, records or drafts
211 circulated to a person who is not an employee or head of an entity for review, response, or
212 information;
213 (iv) records that would disclose:
214 (A) an outline;
215 (B) all or part of an audit survey, audit risk assessment plan, or audit program; or
216 (C) other procedural documents necessary to fulfill the duties of the office; and
217 (v) requests for audits, if disclosure would risk circumvention of an audit.
218 (b) The provisions of Subsection (11)(a) do not prohibit the disclosure of records or
219 information to a government prosecutor or peace officer if those records or information relate
220 to a violation of the law by an entity or entity employee.
221 (c) A record, as defined in Section 63G-2-103, created by the [
222
223 (i) is a protected record, as defined in Section 63G-2-103;
224 (ii) to the extent the record contains information:
225 (A) described in Section 63G-2-302, is a private record; or
226 (B) described in Section 63G-2-304, is a controlled record; and
227 (iii) may not be reclassified by the office.
228 (d) The provisions of this section do not limit the authority otherwise given to the
229 legislative auditor general to maintain the private, controlled, or protected record status of a
230 shared record in the legislative auditor general's possession or classify a document as public,
231 private, controlled, or protected under Title 63G, Chapter 2, Government Records Access and
232 Management Act.
233 (12) The legislative auditor general shall:
234 (a) be available to the Legislature and to the Legislature's committees for consultation
235 on matters relevant to areas of the legislative auditor general's professional competence;
236 (b) conduct special audits as requested by the Audit Subcommittee;
237 (c) report immediately to the Audit Subcommittee any apparent violation of penal
238 statutes disclosed by the audit of an entity and furnish to the Audit Subcommittee all
239 information relative to the apparent violation;
240 (d) report immediately to the Audit Subcommittee any apparent instances of
241 malfeasance or nonfeasance by an entity officer or employee disclosed by the audit of an entity;
242 and
243 (e) make any recommendations to the Audit Subcommittee with respect to the
244 alteration or improvement of the accounting system used by an entity.
245 (13) If the legislative auditor general conducts an audit of an entity that has previously
246 been audited and finds that the entity has not implemented a recommendation made by the
247 legislative auditor general in a previous audit report, the legislative auditor general shall[
248
249 recommendation.
250 [
251
252 [
253
254
255 (14) Before each annual general session, the legislative auditor general shall:
256 (a) prepare an annual report that:
257 (i) summarizes the audits, examinations, investigations, and reviews conducted by the
258 office since the last annual report; and
259 (ii) evaluate and report the degree to which an entity that has been the subject of an
260 audit has implemented the audit recommendations;
261 (b) include in the report any items and recommendations that the legislative auditor
262 general believes the Legislature should consider in the annual general session; and
263 (c) deliver the report to the Legislature and to the appropriate committees of the
264 Legislature.
265 (15) (a) If the chief officer of an entity has actual knowledge or reasonable cause to
266 believe that there is misappropriation of the entity's public funds or assets, or another entity
267 officer has actual knowledge or reasonable cause to believe that the chief officer is
268 misappropriating the entity's public funds or assets, the chief officer or, alternatively, the other
269 entity officer, shall immediately notify, in writing:
270 (i) the [
271 (ii) the attorney general, county attorney, or district attorney; and
272 (iii) (A) for a state government organization, the chief executive officer;
273 (B) for a political subdivision government organization, the legislative body or
274 governing board; or
275 (C) for a receiving organization, the governing board or chief executive officer unless
276 the chief executive officer is believed to be misappropriating the funds or assets, in which case
277 the next highest officer of the receiving organization.
278 (b) As described in Subsection (15)(a), the entity chief officer or, if applicable, another
279 entity officer, is subject to the protections of Title 67, Chapter 21, Utah Protection of Public
280 Employees Act.
281 (c) If the Office of the Legislative Auditor General receives a notification under
282 Subsection (15)(a) or other information of misappropriation of public funds or assets of an
283 entity, the office shall inform the Audit Subcommittee.
284 (d) The attorney general, county attorney, or district attorney shall notify, in writing,
285 the Office of the Legislative Auditor General whether the attorney general, county attorney, or
286 district attorney pursued criminal or civil sanctions in the matter.
287 (16) (a) An actor commits interference with a legislative audit if the actor uses force,
288 violence, intimidation, or engages in any other unlawful act with a purpose to interfere with:
289 (i) a legislative [
290
291 (ii) the [
292 (A) the content of the office's report;
293 (B) the conclusions reached in the office's report; or
294 (C) the manner of disclosing the results and findings of the office.
295 (b) A violation of Subsection (16)(a) is a class B misdemeanor.
296 (17) (a) [
297 office may require any current employee, or any applicant for employment, to submit to a
298 fingerprint-based local, regional, and criminal history background check as an ongoing
299 condition of employment.
300 (b) An employee or applicant for employment shall provide a completed fingerprint
301 card to the office upon request.
302 (c) The [
303 individual required to submit to a background check under this Subsection (17) also provide a
304 signed waiver on a form provided by the office that meets the requirements of Subsection
305 53-10-108(4).
306 (d) For a noncriminal justice background search and registration in accordance with
307 Subsection 53-10-108(13), the office shall submit to the Bureau of Criminal Identification:
308 (i) the employee's or applicant's personal identifying information and fingerprints for a
309 criminal history search of applicable local, regional, and national databases; and
310 (ii) a request for all information received as a result of the local, regional, and
311 nationwide background check.
312 Section 3. Section 36-12-15.1 is amended to read:
313 36-12-15.1. Systemic performance audits.
314 (1) As used in this section, "entity" means:
315 (a) an entity in the executive branch that receives an ongoing line item appropriation in
316 an appropriations act; and
317 (b) any local education agency, as defined in Section 53E-1-102, that receives public
318 funds.
319 (2) (a) Each year, subject to the availability of work capacity and the discretion of the
320 Audit Subcommittee created in Section 36-12-8, the Office of the Legislative Auditor General
321 may, in addition to other audits performed by the office, perform[
322 audit of:
323 (i) [
324 (ii) [
325 (iii) one or more institutions of higher education; and
326 (iv) one or more independent entities.
327 (b) An audit performed under Subsection (2)(a) shall, as is appropriate for each
328 individual audit:
329 (i) evaluate the extent to which the entity has efficiently and effectively used the
330 appropriation by identifying:
331 (A) the entity's appropriation history;
332 (B) the entity's spending and efficiency history; and
333 (C) historic trends in the entity's operational performance effectiveness;
334 (ii) evaluate whether the entity's size and operation are commensurate with the entity's
335 spending history;
336 (iii) evaluate whether the entity is diligent in its stewardship of resources;
337 (iv) provide a systemic performance audit of the entity's operations performance
338 improvements;
339 (v) if possible, incorporate the audit methodology of other audits performed by the
340 Office of the Legislative Auditor General; and
341 (vi) be conducted according to the process established for the Audit Subcommittee.
342 (c) In conducting an audit of an institution of higher education under Subsection
343 (2)(a)(iii), the Office of the Legislator Auditor General shall, in addition to the subjects of
344 evaluation described in Subsection (2)(b), review the institution's admissions practices for:
345 (i) compliance with applicable laws, rules, and policies;
346 (ii) best practices; and
347 (iii) efficiency and effectiveness.
348 [
349 Subcommittee shall make the audit report available to:
350 (i) each member of the Senate and the House of Representatives; and
351 (ii) the governor or the governor's designee.
352 [
353 (i) summarize the findings of an audit described in Subsection (2)(a); and
354 (ii) provide a copy of each audit report and the annual report to the legislative fiscal
355 analyst and director of the Office of Legislative Research and General Counsel as soon as each
356 report is completed.
357 (3) The Office of the Legislative Auditor General may consult with the Office of the
358 Legislative Fiscal Analyst or the Office of Legislative Research and General Counsel in
359 preparing the summary required by Subsection (2)(d).
360 (4) The Legislature, in evaluating an entity's request for an increase in its base budget,
361 shall:
362 (a) review the audit report required by this section and any relevant audits; and
363 (b) consider the entity's request for an increase in its base budget in light of the entity's
364 prior history of savings and efficiencies as evidenced by the audit report required by this
365 section.
366 Section 4. Section 36-12-15.3 is enacted to read:
367 36-12-15.3. Response to audit -- Chief officer -- Entity reporting requirements --
368 Audit response plan -- Semi-annual update.
369 (1) As used in this section:
370 (a) "Alternative action" means a process, practice, or procedure that an entity
371 implements in response to an audit report that is different from the process, practice, or
372 procedure described in a recommendation.
373 (b) "Audit report" means a written report that the office issues that contains the office's
374 findings and recommendations with respect to an audit of an entity.
375 (c) "Audit response plan" means a written document that an entity issues that contains
376 the entity's response to an audit report of the entity.
377 (d) "Audit Subcommittee" means the subcommittee created in Subsection
378 36-12-8(1)(c).
379 (e) "Chief officer" means the individual who holds ultimate authority over the
380 management or governance of an entity.
381 (f) "Entity" means:
382 (i) the same as that term is defined in Subsection 36-12-15(1); or
383 (ii) any other person that the office is authorized to audit under any other provision of
384 law.
385 (g) "Legislative committee" means the committee to which the Audit Subcommittee
386 refers an audit report under Subsection 36-12-8(2)(d)(ii)(C).
387 (h) "Office" means the Office of the Legislative Auditor General.
388 (i) "Recommendation" means a process, practice, or procedure described in an audit
389 report that the office proposes an entity implement.
390 (j) "Reply" means a written document that the office issues that contains the office's
391 response to an entity's audit response plan.
392 (2) In addition to any other information that the office is required to include or attach to
393 an audit report, the office shall, for each audit report the office issues:
394 (a) include in the audit report:
395 (i) the identity of the chief officer; and
396 (ii) a notice to the chief officer that the chief officer must comply with the reporting
397 requirements described in this section; and
398 (b) attach to the audit report:
399 (i) the audit response plan of the entity that is the subject of the audit report; and
400 (ii) at the discretion of the legislative auditor general, a reply to the entity's audit
401 response plan.
402 (3) The chief officer of an entity that is the subject of an audit report shall:
403 (a) prepare an audit response plan that:
404 (i) is in writing;
405 (ii) responds to the findings in the audit report; and
406 (iii) subject to Subsection (4), for each recommendation in the audit report:
407 (A) describes how the entity will implement the recommendation;
408 (B) identifies the individual employed by or otherwise affiliated with the entity who is
409 responsible for implementing the recommendation;
410 (C) establishes a timetable that identifies benchmarks for the entity to implement the
411 recommendation; and
412 (D) specifies an anticipated deadline by which the entity will fully implement the
413 recommendation; and
414 (b) submit the audit response plan to the office before the office submits the audit
415 report to the Audit Subcommittee under Subsection 36-12-15(6)(b).
416 (4) If the chief officer described in Subsection (3) objects to implementing a
417 recommendation in an audit report, the chief officer shall:
418 (a) prepare an audit response plan in accordance with Subsections (3)(a)(i) and (ii) that:
419 (i) explains the basis for the objection; and
420 (ii) (A) identifies an alternative action that the entity will implement; or
421 (B) specifies that the entity will not implement the recommendation or an alternative
422 action; and
423 (b) comply with submission requirements described in Subsection (3)(b).
424 (5) A chief officer implementing an alternative action under Subsection (4)(a)(ii)(A)
425 shall, as it relates to the alternative action, include in the audit response plan the information
426 described in Subsection (3)(a)(iii).
427 (6) Subject to Subsection (8), if the chief officer of an entity that is the subject of an
428 audit report implements a recommendation under Subsection (3)(a)(iii), or an alternative action
429 under Subsections (4)(a)(ii)(A) and (5), the chief officer shall, no later than 180 days after the
430 day on which the Audit Subcommittee refers the audit report to a legislative committee:
431 (a) prepare an update to the entity's audit response plan that:
432 (i) is in writing; and
433 (ii) describes the entity's progress towards fully implementing:
434 (A) each recommendation addressed in the entity's audit response plan under
435 Subsection (3)(a)(iii); or
436 (B) each alternative action addressed in the entity's audit response plan under
437 Subsections (4)(a)(ii)(A) and (5); and
438 (b) submit the update to the legislative committee and the legislative auditor general.
439 (7) Subject to Subsection (8), after the chief officer described in Subsection (6)
440 complies with the submission requirements described in Subsection (6)(b), the chief officer
441 shall:
442 (a) continue to update the audit response plan in accordance with Subsection (6)(a);
443 and
444 (b) submit the update to the legislative committee and the legislative auditor general at
445 least semi-annually.
446 (8) A chief officer's obligation to update an audit response plan under this section
447 terminates when the legislative auditor general reports to the Audit Subcommittee that the
448 entity which is the subject of the audit report has fully implemented:
449 (a) each recommendation addressed in the entity's audit response plan under
450 Subsection (3)(a)(iii); or
451 (b) each alternative action addressed in the entity's audit response plan under
452 Subsections (4)(a)(ii)(A) and (5).
453 Section 5. Section 53B-33-101 is amended to read:
454 53B-33-101. Definitions.
455 As used in this chapter:
456 (1) "Advisory board" means the Utah Data Research Advisory Board created in Section
457 53B-33-202.
458 (2) "Center" means the Utah Data Research Center created in Section 53B-33-201.
459 (3) "Data" means any information about a person stored in a physical or electronic
460 record.
461 (4) "Data research program" means the data maintained by the center in accordance
462 with Section 53B-33-301.
463 (5) "De-identified data" means data about a person that cannot, without additional
464 information, identify the person to another person or machine.
465 (6) "Director" means the director of the Utah Data Research Center created in Section
466 53B-33-201.
467 (7) "Institution of higher education" means an institution of higher education described
468 in Section 53B-1-102.
469 (8) "Office" means the Office of the Legislative Auditor General created in Section
470 36-12-15.
471 [
472 (a) the State Board of Education, which includes the director as defined in Section
473 53E-10-701;
474 (b) the board;
475 (c) the Department of Workforce Services;
476 (d) the Department of Health and Human Services; and
477 (e) the Department of Commerce.
478 [
479 53E-4-308.
480 Section 6. Section 53B-33-301 is amended to read:
481 53B-33-301. Data research program.
482 (1) The center shall establish a data research program for the purpose of analyzing data
483 that is:
484 (a) collected over time;
485 (b) aggregated from multiple sources; and
486 (c) connected and de-identified.
487 (2) The center may, in order to establish the data research program described in
488 Subsection (1):
489 (a) acquire property or equipment in order to store aggregated, connected, and
490 de-identified data derived from data contributed by the participating entities; or
491 (b) contract with a private entity in accordance with Title 63G, Chapter 6a, Utah
492 Procurement Code, or with a state government entity to:
493 (i) store aggregated, connected, and de-identified data derived from data contributed by
494 the participating entities; or
495 (ii) utilize existing aggregated, connected, and de-identified data maintained by a state
496 government entity.
497 (3) A participating entity shall contribute data to the data research program described in
498 Subsection (1) within guidelines established by the center.
499 (4) The center may only release data maintained by the center in accordance with the
500 procedures described in this chapter.
501 (5) The center shall:
502 (a) as directed by the board, serve as a repository in the state of data from institutions
503 of higher education;
504 (b) collaborate with the board and the State Board of Education to coordinate access to
505 the unique student identifier of a public education student who later attends an institution of
506 higher education in accordance with Sections 53B-1-109 and 53E-4-308;
507 (c) develop, establish, and maintain programs that promote access to data from
508 institutions of higher education;
509 (d) identify initiatives that leverage education data that will improve a state citizen's
510 ability to:
511 (i) access services at an institution of higher education; or
512 (ii) graduate with a postsecondary certificate or degree; and
513 (e) perform all other duties provided in this chapter.
514 (6) The director shall identify the resources necessary to successfully implement
515 initiatives described in Subsection (5)(d), in accordance with Section 53B-7-101.
516 (7) The center may:
517 (a) employ staff necessary to carry out the center's duties;
518 (b) purchase, own, create, or maintain equipment necessary to:
519 (i) collect data from the participating entities;
520 (ii) connect and de-identify data collected by the center;
521 (iii) store connected and de-identified data; or
522 (iv) conduct research on data stored or obtained by the center; or
523 (c) contract with a private entity, another state or federal entity, or a political
524 subdivision of the state to carry out the center's duties as provided in this chapter.
525 (8) The data research program is not subject to Title 63G, Chapter 2, Government
526 Records Access and Management Act.
527 (9) (a) The center:
528 [
529 shall, in connection with the office's audit of an entity, provide the office, at the office's
530 request, with access to all records, data, and other materials in possession of the center; and
531 [
532 accordance with Utah Constitution, Article VI, Section 33, and Section 36-12-15.
533 (b) The office's request for access to records, data, and other materials under
534 Subsection (9)(a)(i) is not:
535 (i) a data research request under Subsection 53B-33-302(3)(a) or (4); or
536 (ii) a request for a data set under Subsection 53B-33-302(10).
537 (c) The center, in complying with Subsection (9)(a)(i):
538 (i) shall, upon the office's request, provide the office with records, data, and other
539 materials that are not de-identified; and
540 (ii) may not charge the office a fee for completing the request.
541 Section 7. Effective date.
542 This bill takes effect on May 1, 2024.