Download Zipped Introduced WP 8.0 SB0056.ZIP 12,537 Bytes
[Status][Bill Documents][Fiscal Note][Bills Directory]
S.B. 56
1
DIGITAL CERTIFICATES AND
2
IDENTIFICATION AMENDMENTS
3
2000 GENERAL SESSION
4
STATE OF UTAH
5
Sponsor: Scott N. Howell
6
AN ACT RELATING TO DIGITAL SIGNATURES AND THE CHIEF INFORMATION
7
OFFICER; PROVIDING FOR THE CREATION, MAINTENANCE, AND FUNDING OF A
8
CENTRAL REPOSITORY FOR INFORMATION RELATING TO THE ISSUANCE OF
9
DIGITAL CERTIFICATES BY GOVERNMENTAL ENTITIES; AUTHORIZING
10
GOVERNMENTAL ENTITIES, PARTICULARLY COUNTY CLERKS, TO PARTICIPATE
11
AND CHARGE FEES; ENUMERATING CHIEF INFORMATION OFFICER'S DUTIES; AND
12
PROVIDING AN APPROPRIATION OF $40,000 FOR FISCAL YEAR 2000-01 TO THE CHIEF
13
INFORMATION OFFICER.
14
This act affects sections of Utah Code Annotated 1953 as follows:
15
AMENDS:
16
63D-1-301.5, as last amended by Chapters 18 and 307, Laws of Utah 1999
17
ENACTS:
18
46-3-601, Utah Code Annotated 1953
19
46-3-602, Utah Code Annotated 1953
20
Be it enacted by the Legislature of the state of Utah:
21
Section 1.
Section
46-3-601
is enacted to read:
22
Part 6. Governmental Entity Participation
23
46-3-601. Central repository for digital certificate information -- Fee.
24
(1) The chief information officer shall:
25
(a) designate an existing state repository or create a new repository that is a secure, central
26
repository for the maintenance of any appropriate information relating to the issuance of digital
27
certificates; and
28
(b) develop policies regarding the issuance of digital certificates by governmental entities
29
as provided in Section
63D-1-301.5
.
30
(2) Any participating governmental entity may charge a fee to cover administrative costs
31
and the fee required to be remitted to the state under Subsection (3).
32
(3) Of the fee collected by a participating governmental entity pursuant to Subsection (2),
33
$4 shall be:
34
(a) remitted to the state agency maintaining the repository in Subsection (1)(a); and
35
(b) deposited in the General Fund as a dedicated credit for that state agency, to maintain
36
the repository and assist in the issuance of the digital certificates pursuant to this part and Section
37
63D-1-301.5
.
38
(4) Any money at the end of the fiscal year in excess of the dedicated credit required by
39
Subsection (3) shall lapse to the General Fund.
40
(5) After the amount of the initial monies appropriated by the Legislature have been
41
reimbursed to the General Fund, the state agency maintaining the repository shall reevaluate the
42
fee to be remitted to it under Subsection (3) to determine whether any modification needs to be
43
made to the fee amount to be remitted by participating governmental entities.
44
(6) Any state agency permitting the public to transact business with the state agency
45
through the use of a digital certificate may establish a transaction fee, pursuant to Section
46
63-38-3.2
, a portion of which may be remitted to the licensed certification authority which issued
47
the digital certificate being used.
48
Section 2.
Section
46-3-602
is enacted to read:
49
46-3-602. County clerk participation and fee authorization.
50
A county clerk may:
51
(1) participate in the issuance of digital certificates to citizens to facilitate electronic
52
transactions with governmental entities according to the digital certificate policy issued by the
53
chief information officer pursuant to Section
63D-1-301.5
; and
54
(2) charge a fee for the service in Subsection (1), a portion of which shall be remitted to
55
the agency maintaining the state repository pursuant to Section
46-3-601
.
56
Section 3.
Section
63D-1-301.5
is amended to read:
57
63D-1-301.5. Chief information officer -- Duties.
58
(1) The chief information officer shall:
59
(a) develop specific information technology objectives, policies, procedures, and standards
60
to guide the development of information systems within state government to achieve maximum
61
economy and quality while preserving optimum user flexibility, including:
62
(i) policies, standards, and procedures for appropriate interchange of information, optimum
63
service, and minimum costs;
64
(ii) policies for costing all information technology services performed by any state
65
information technology cost recovery center so that every cost recovery center charges its users a
66
rate for services that is both equitable and sufficient to recover all the costs of its operation,
67
including the cost of capital equipment and facilities;
68
(iii) policies governing coordination, cooperation, joint efforts, working relationships, and
69
cost accounting relative to the development and maintenance of information technology and
70
information systems; and
71
(iv) policies to ensure the protection of individual privacy and guarantee the exclusive
72
control to a user of its own data;
73
(b) coordinate the preparation of agency information technology plans within state
74
government, encompassing both short-term and long-term needs that support the agency's and the
75
state's strategic plans, including Utah Tomorrow;
76
(c) require each state agency to submit semiannually an agency information technology
77
plan containing the information required by Subsection (2) before the legislative session in which
78
the budget request will be heard and no later than the June 15 after the legislative session in which
79
the budget request was authorized to the chief information officer;
80
(d) upon receipt of a state agency's information technology plan:
81
(i) provide a complete copy of that plan to the director of the Division of Information
82
Technology Services;
83
(ii) review and approve or disapprove agency information technology plans to ensure that
84
these plans are the most economically viable and are the best solution to the agency's needs and
85
the state's needs; and
86
(iii) approve or disapprove of and coordinate the acquisition of information technology
87
equipment, telecommunications equipment, and related services for all agencies of state
88
government;
89
(e) facilitate the implementation of agency plans;
90
(f) establish priorities in terms of both importance and time sequencing for the
91
development and implementation of information systems;
92
(g) monitor information systems development to promote maximum use of existing state
93
information resources;
94
(h) advise the governor on information technology policy and make recommendations to
95
the governor regarding requests for appropriations for information technology equipment and
96
personnel;
97
(i) maintain liaison with the legislative and judicial branches, the Board of Regents, the
98
State Board of Education, local government, federal government, business and industry, and
99
consumers to promote cooperation and make recommendations regarding information resources;
100
(j) conduct performance audits of state information technology management, planning, and
101
the use of information technology resources and distribute copies of the audit reports as provided
102
in Subsection (3);
103
(k) prepare an annual report to the governor and to the Legislature's Public Utilities and
104
Technology Interim Committee and the Information Technology Commission that:
105
(i) summarizes the state's current and projected use of information technology; and
106
(ii) includes a description of major changes in state policy and a brief description of each
107
state agency's plan;
108
(l) inform each state entity of the requirements of Section
63D-1-105
; [and]
109
(m) as permitted by law, coordinate the efforts of state government to provide services and
110
transactions through the Internet[.];
111
(n) designate an existing state repository or create a new repository that is secure and
112
central for the maintenance of any appropriate information relating to the issuance of digital
113
certificates as provided in Section
46-3-601
; and
114
(o) develop a digital certificate policy pursuant to Subsection (6).
115
(2) (a) Each state agency information technology plan shall include information about
116
planned information technology objectives and expenditures for the next year in the level of detail
117
and format specified by the chief information officer.
118
(b) The plans in Subsection (2)(a) shall include the progress of each state agency toward
119
making the agency's services available on the Internet as provided in Section
63D-1-105
.
120
(3) (a) Upon completion of an audit report produced under authority of Subsection (1)(j),
121
the chief information officer shall:
122
(i) provide copies of all audit reports to:
123
(A) the agency audited;
124
(B) the governor;
125
(C) the Office of Legislative Fiscal Analyst;
126
(D) the Public Utilities and Technology Interim Committee; and
127
(E) the Information Technology Commission; and
128
(ii) present the performance audit findings to the Information Technology Policy and
129
Strategy Committee at their next meeting.
130
(b) Each state agency shall provide the chief information officer with complete access to
131
all information technology records, documents, and reports, including electronic, analog, or digital,
132
when requested for the purpose of a performance audit.
133
(4) The rate for services established by an information technology cost recovery center,
134
and reviewed by the chief information officer, may be lowered if the Legislature appropriates
135
monies to the cost recovery center for the specific purpose of lowering rates.
136
(5) (a) The chief information officer shall receive reports from the director of the Division
137
of Information Technology Services regarding the division's:
138
(i) budget;
139
(ii) strategic plans, including services the division is or plans to offer agencies;
140
(iii) major expenditure plans; and
141
(iv) any other items determined jointly by the executive director and the chief information
142
officer.
143
(b) The chief information officer shall have authority to approve or disapprove any of the
144
items listed in Subsection (5)(a).
145
(6) The chief information officer shall:
146
(a) develop a digital certificate policy which includes:
147
(i) indicating the level of identity validation necessary for digital certificates issued by any
148
governmental entity to be valid for transacting business online with state agencies and political
149
subdivisions;
150
(ii) requiring any certification authority from which the digital certificates are acquired to
151
be licensed in the state pursuant to Title 46, Chapter 3, Utah Digital Signature Act;
152
(iii) providing for the security of the information in the repository, including who is
153
permitted access to the information; and
154
(iv) indicating the appropriate use and retention of the information in the repository;
155
(b) assist governmental entities desiring to transact business with citizens electronically
156
to develop programs using digital certificates; and
157
(c) designate the state repository pursuant to Section
46-3-601
.
158
Section 4. Appropriation.
159
(1) For fiscal year 2000-01 only, there is appropriated from the General Fund $40,000 to
160
the office of the chief information officer.
161
(2) It is the intent of the Legislature that the chief information officer shall transfer this
162
money to the agency designated pursuant to Sections
46-3-601
and
63D-1-301.5
to create or
163
maintain the state repository for appropriate information relating to the issuance of digital
164
certificates.
Legislative Review Note
as of 2-8-00 12:45 PM
A limited legal review of this legislation raises no obvious constitutional or statutory concerns.