Gov. Jay Inslee signed a bill into law Wednesday that aims to bring more security and results from the state’s estimated $1 billion a year outlay for information technology and services.
I’ve written a print story about Senate Bill 5891 for print editions of The Olympian and News Tribune. One high profile element of the bill requires state agencies and universities to have IT security plans and gives the state’s relatively new chief information officer, Michael Cockrill, a leading role in setting standards for that security.
The legislation also creates a purchasing pool for technology projects, lets smaller pilot projects bypass competitive bidding if they get high-level review and are publicly justified, and makes other changes to bring better oversight by Cockrill’s office of agency IT purchases. One change is a ranking by the OCIO of all technology project proposals (which totaled nearly $400 million this year) with no more than a third allowed to be ranked high priority.
“A lot of it is just good government, good operations,” said Sen. Andy Hill, the Redmond Republican and Microsoft veteran who sponsored the bill. “We kind of have a sprawling, decentralized IT (system). Some things need to be centralized, some things don’t.”
The measure passed unanimously in the Senate and two Thurston County Democrats in the House voted against it – both regarding it as bringing too much interference in agency operations.
Olympia Rep. Sam Hunt, who used to work for the former Department of Information Services, complained the bill came through the House without a committee hearing and late in session. Hunt called the new law is overkill and “is micromanagement and duplicative.’’
He said there already is a role spelled out in statutes for oversight by a technology Services Board created in 2011 and also by the chief information officer.
Tumwater Rep. Chris Reykdal disliked the new law’s requirement for the Office of the Chief Information Officer to rank for projects. He said he was “pretty frustrated by the presumption of inefficiency that the Legislature constantly foists upon the executive branch.”
The chief information officer’s staff is also required to evaluate all IT spending proposals for state agencies, universities and other branches of government. Its role is advisory only for the legislative and judicial branches, but the office is required to rank projects sought by various agencies.
Reykdal said that “creating a priority array of technology (projects) across all of state government where only a third of them can be placed in the high priority category seems pretty insincere given the IT needs out there across state agencies,” Reykdal added.
The $255 million State Data Center and office building project near the Capitol cast a shadow over the legislation. The state-of-the-art data center portion of the project is twice as large as the state is likely to need for its current and future data storage, largely because of technological advances known as virtualization and growing use of cloud computing,
Hill said his bill may help push the state toward smaller projects rather than large ones that take years to complete and are out of date by the time they finish.
Senate Democrats voted as a bloc against an early version of the bill because it had language letting the Department of Enterprise Services bypass collective bargaining rights of state employees – who under the Personnel System Reform Act of 2002 have the right to bid competitively on work identified for privatization.
Enterprise Services never asked for that authority, and Hill eventually dropped that language, opening the way to unanimous Senate approval and a vote in the House late in session.
Democratic Rep. Zack Hudgins of Tukwila said removal of that contracting-out language sprung the bill loose for consideration by the House. Hudgins chairs a budget subcommittee that has been carefully watching some of the state’s IT expenditures including the data center project and separate security concerns, and he said Hill’s bill has provisions to ensure security training is given to key workers.
Security got higher attention this year after major data breaches in Utah and South Carolina and also a breach of court records in Washington that disclosed nearly 100 individuals’ Social Security numbers sometime between last fall and February.