DIT/OMNIBUS LAW CHANGES.-AB

Printer-friendly: Click to view
View NCGA Bill Details2023-2024 Session
House Bill 196 (Public) Filed Thursday, February 23, 2023
AN ACT MAKING OMNIBUS MODIFICATIONS TO LAWS RELATING TO STATE INFORMATION TECHNOLOGY AND THE PRIVACY OF PERSONAL IDENTIFYING INFORMATION.
Intro. by Johnson.

Status: Ref to the Com on State Government, if favorable, Energy and Public Utilities, if favorable, Rules, Calendar, and Operations of the House (House action) (Feb 27 2023)
H 196

Bill Summaries:

  • Summary date: Feb 27 2023 - View Summary

    Section 1.1

    GS 143B-1405 sets out provisions governing the distribution of funds from the 911 Fund for reimbursements to Commercial Mobile Radio Service (CMRS) providers. Under (a)(4), CRMS providers seeking reimbursement form the 911 Fund must get prior approval from the 911 Board for payment of costs that exceed the lesser of (1) 100% of the eligible cost allowed under the statute, or (2) 125% of the service charges remitted to the 911 Board by the CMRS provider. Repeals the second prog related to the remitted service charges. Effective July 1, 2024, repeals GS 143B-1405 in its entirety.

    Amends GS 143B-1403 to no longer require the revenue generated from the service charges imposed on each active communications service connection that provides access to the 911 system through a voice communications service to ensure full cost recover for communications service providers over a reasonable period of time.

    Effective July 1, 2024, amends GS 143B-1407(a) to rename the PSAP Grant and Statewide 911 Projects Account by removing PSAP Grant from the title. Also removes the from the Account’s purpose making grants to PSAPs in rural and other high cost areas. Amends the revenue sources for the account to no longer reference revenue allocated by the 911 Board under GS 143B-1405(c) which allowed the 911 Board to reallocate the excess amount when reimbursements to CMRS providers budgeted by the 911 Board for a fiscal year exceeds the amount of funds disbursed for reimbursements to CMRS providers for that fiscal year, to the Accounts established under GS 143B-1407.

    Effective July 1, 2024, repeals GS 143B-1409(2), which prohibited CMRS providers from being required to provide enhanced 911 services until funds for reimbursement of the CMRS provider’s costs are available under GS 143B-1405 (retain the other two conditions that must be met).

    Section 2.1

    Creates the Office of Privacy and Data Protection (Office) within the Department of Information Technology (Department) to serve as a central point of contact for State agencies on policy matters involving data privacy and data protection. Requires the Chief Privacy Officer to serve as the Director of the Office. Sets the Office’s primary duties as: (1) conducting an annual privacy review; (2) conducting an annual privacy training for State agencies and employees; (3) articulating privacy principles and best practices; (4) coordinating data protection in cooperation with the agency; and (5) participating with the Office of the State CIO in the review of major State agency projects involving personally identifiable information. Also requires the Office to be a resource for local governments and the public on data privacy and protection concerns by: (1) developing and promoting the dissemination of best practices for the collection and storage of personally identifiable information, including establishing and conducting a training program or programs for local governments; and (2) educating consumers about the use of personally identifiable information on mobile and digital networks and measures that can help protect this information.

    Requires the Office to submit a report evaluating its performance, due to the specified NCGA committee by December 1, 2023, and every four years thereafter. Requires the Office to establish performance measures in its 2023 report, including the specified measures, and demonstrate the extend to which performance results have been achieved in subsequent reports. Requires submitting the performance measures and a data collection plan by July 1, 2023, to the same NCGA committee for review and comment. Requires submitting a report to the same NCGA committee by October 1, 2023, on the extent to which telecommunication providers in the State are deploying advanced telecommunications capability and the existences of any inequality in access to advanced telecommunications infrastructure experienced by residents of rural areas, trial lands, and economically distressed communities. Requires this report to be submitted at least once every four years, only to the extent the Office is able to gather and present the information within existing resources.

    Amends GS 143B-1320 by adding the Office to the terms used in Article 15 (Department of Information Technology) of GS Chapter 143B.

    Section 2.2

    Amends GS 143B-1375 to prohibit confidential data from being entered into or processed through any information technology system or network established under Article 15 until safeguards for both the data’s security and privacy (was, security) satisfactory to the State CIO have been designed and installed and are fully operational. Makes changes throughout Part 7 of Article 15, Security of Information Technology, to make provisions apply to both security and privacy instead of just security.

    Section 2.3

    Amends GS 143B-1320 by adding privacy incident to the term used in Article 15, defined as an occurrence which raises a reasonable risk of harm, whether suspected or confirmed: (1) where a person other than an authorized user has actual or potential access to identifying information as defined in GS 14-113.20(b), personal information as defined in GS 75-66(c), or protected health information in usable physical or electronic form; (2) where an authorized user has access to identifying information as defined in GS 14-113.20(b) or personal information as defined in GS 75-66(c) for an unauthorized purpose; or (3) that otherwise involves loss of control, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar compromise affecting information in the above provisions.

    Section 3.1

    Amends GS 143B-1322 to require the State CIO to submit an annual report, beginning February 1, 2024, on State government information technology and governance with a focus on broadband and connectivity, cybersecurity, privacy, procurement, and digital transformation to the specified NCGA committee and division.

    Section 4.1

    Recodifies GS Chapter 116E (Education Longitudinal Data System) into Part 13 (titled North Carolina Longitudinal Data System) of Article 15 of GS Chapter 143B, making conforming changes to the numbers of those statutory provisions and makes the following changes. Moves the North Carolina Longitudinal Data System (System) from the Department of Public Instruction to the Department of Information Technology. Adds the Department to those entities for which the System is considered an authorized representative. No longer requires that the System only use aggregate data in the release of data in reports and in response to data requests. Adds that the System must facilitate the sharing of data with approved requestors at the individual record level in accordance with memoranda of understanding executed by current data contributors. Makes additional technical changes.

    Section 5.1

    Amends GS 93B-14 by expanding upon the entities to which occupation licensing boards can share the social security number of an applicant for licensure, to also include the Government Data Analytics Center of the Department of Information Technology for purposes authorized under GS Chapter 143B, Article 15.

    Section 5.2

    Amends GS 143B-1385 to prohibit initiating, extending, or expanding a Government Data Analytics Center (GDAC) project without approval from the State CIO (was, without the specific approval of the NCGA unless the project can be implemented within funds appropriated for GDAC projects and without prior consultation with the Joint Legislative Commission on Governmental Operations and a report to that Commission if the project can be implemented within funds appropriated within funds appropriated for GDAC projects).

    Section 5.3

    Amends GS 116E-2, setting out the purpose of the North Carolina Longitudinal Data System, by removing the provision limiting the linkage of student data and workforce data for the purposes of the System to no longer than five years form the later of the date of the student’s completion of secondary education or the date of the student’s latest attendance at an institution of higher education in the State.

    Section 6.1

    Amends GS 143B-1421 by stating that the Chief Geographic information Officer (was, Director of the CGIA) is the secretary of the North Carolina Geographic Information Coordinating Council.

    Section 7.1

    Amends GS 143B-1330 to require that as a part of the State Information Technology Plan that the State CIO develop and update a long-range State Information Technology Plan that forecasts, at a minimum, the needs of State agencies for the next five years (was, 10 years).

    Section 8.1

    Amends GS 14-113.20 by amending the definition of identifying information as it is used in Article 19C (Identity Theft) of GS Chapter 14, so that also includes: (1) numbers or information that can be used to access a person’s resources to cause harm (was, limited to a person’s financial resources and did not require causing harm), which includes the stated harms; and (2) information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.

    Section 8.2

    Amends GS 75-66, which prohibits a person from knowingly broadcast or publishing to the public on radio, television, cable television, in a writing of any kind, or on the Internet, the personal information of another with actual knowledge that the person whose personal information is disclosed has previously objected to any such disclosure. Expands upon what is considered to be personal information to also include a person’s first name or first initial and last name in combination with information that can be used to distinguish to trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual.

    Section 9.1

    Amends GS 91-414.4 to no longer require dentists to begin submitting demographic and clinical data to the Health Information Exchange (HIE) Network by January 1, 2023. Instead, adds dentists and chiropractors to those who may connect to the HIE Network and submit data voluntarily.

    Section 9.2

    Increases by one the number of members appointed to the North Carolina Health Information Exchange Advisory Board by (1) the President Pro Tempore of the Senate to also include a provider of Medicaid or other State-funded health care services that is connected to the HIE Network, and (2) the Speaker of the House to also include a provider of Medicaid or other State-funded health care services that is connected to the HIE Network.


  • Summary date: Feb 23 2023 - View Summary

    To be summarized.