The office has operated within the Office of Administration (OA) through an executive order since 2004.
According to state CIO John MacMillan, “SB 482 is the latest version of legislation that has been introduced in recent years to codify the office and certain responsibilities into statute.”
“OA has met with members of the General Assembly and testified at multiple hearings about the proposed legislation,” MacMillan said via email. “We are committed to continuous improvement in the delivery of information technology services to the agencies we support.”
Sen. Kristin Phillips-Hill explained that security concerns were the origin of this iteration of the bill. In July, the state suffered a data breach involving Insight Global, a third-party vendor responsible for COVID-19 tracing on behalf of the state’s Department of Health.
“We had no idea it even happened,” Phillips-Hill said. “It turns out people’s sensitive information was on Google spreadsheets just floating around on the Internet.”
Some of that sensitive information included individuals’ COVID-19 statuses, counties of residence, gender identities, age, date of birth and other personal health information.
In addition to security concerns, modernizing the state’s IT system and operations would also be addressed within the bill.
“What we have proposed to do is to update and modernize our state’s full IT system, instead of what we have come to learn is more of a siloed or piecemeal approach where every agency gets a set amount of money and spends it as they see fit,” Phillips-Hill said.
Overall, she said, the legislation will put in place measures that will continue to improve state IT while protecting citizens’ sensitive information. But the legislation might also protect the IT office from politically motivated changes.
“It’s not one size fits all,” said Center for Digital Government* Executive Director Teri Takai. “The challenge with an executive order is that a new administration coming in can either decide to override that executive order or write another executive order, which means for the legislature that it almost becomes at the whim of the governor’s office.”
On the flip side, if the office is enforced via statute, things can still be changed, but it would require a legislative vote, essentially making the office more difficult to eliminate.
Takai also pointed to the visibility and decision-making authority that comes with reporting directly to the governor.
“The big pros of having it report to the governor is that it’s got direct visibility,” Takai said. “If the governor’s office is interested in technology, it gives that chief information officer more standing.”
The bill was re-referred to the Senate Appropriations Committee in November.
*The Center for Digital Government is part of e.Republic, Government Technology’s parent company.
Editor's note: This story has been changed to more accurately reflect the language of the legislation.