Bill Summary for H 217 (2019-2020)

Printer-friendly: Click to view

Summary date: 

Apr 25 2019

Bill Information:

View NCGA Bill Details2019-2020 Session
House Bill 217 (Public) Filed Wednesday, February 27, 2019
Intro. by Saine, Jones, K. Hall.

View: All Summaries for BillTracking:

Bill summary

House committee substitute makes the following changes to the 1st edition.

Deletes the proposed changes to GS 143B-1353, which prohibits financial interest of officers within the Department of Information Technology (Department) in sources of information technology supply. Instead, deletes all of the existing language and establishes that the provisions of GS 133-32, which regulates gifts and favors of public works contractors, apply to all Department employees. 

Adds the following provisions.

Section 6

Amends GS 143B-1322 and GS 166A-19.12 to require the State Chief Information Officer (State CIO) and the Division of Emergency Management to coordinate to manage statewide response to cybersecurity incidents and significant cybersecurity incidents, as defined. Additionally requires the Division of Emergency management to coordinate with the Adjutant General, and specifically directs the Division to develop and promulgate necessary policies, plans, and procedures for cybersecurity and critical infrastructure protection, and to annually review, update, and test cyber incident response plans and procedures. 

Adds to GS 143B-1321 to require that confidentiality be kept for information technology information that is protected from public disclosure under GS 132-6.1(c), including, but not limited to, specified examples provided.

Amends GS 143B-1320 to eliminate the defined terms information technology security incident and security incident. Adds the term cybersecurity incident and defines the term to mean an occurrence that either (1) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system or (2) constitutes a violation or imminent threat of violation of law, security policies, privacy policies, security procedures, or acceptable use policies. Adds the term significant cybersecurity incident and defines the term to mean a cybersecurity incident likely to result in demonstrable harm to the state's security interests, economy, critical infrastructure, or to the public confidence, civil liberties, or public health and safety of residents. Provides factors for determining significant cybersecurity incidents. Makes conforming changes throughout Article 15, Department of Information Technology.

Amends GS 143B-1379 to modify and add to the information all principal department heads and Council of State agency heads must provide to the State CIO. Now includes the full details of all of the agency's significant cybersecurity incidents within 24 hours of confirmation; comprehensive information concerning the information technology security employed to protect the agency's data, including documentation and reporting of remedial or corrective action plans to address any deficiencies in the information security policies, procedures, and practices of the State agency; and a forecast of the parameters of the agency's projected future cybersecurity and privacy needs and capabilities. Additionally requires the department and agency heads to complete mandatory annual security awareness training and reporting compliance for all personnel, including contractors and other users of state information technology systems. Adds a new requirement for county and municipal governments to report cybersecurity incidents to the Department. Provides that the information reported is protected from public disclosure. Additionally, encourages private sector entities to report cybersecurity incidents to the Department. 

Expands GS 143B-1376 to charge the State CIO with the responsibility for the security and privacy (was, only the security) of all State information technology systems and associated data. Makes conforming changes. Adds that the State CIO must ensure that agencies are periodically testing and evaluating information security controls and techniques for effective implementation. Additionally requires the State CIO to ensure that all agency and contracted personnel are held accountable for complying with the Statewide information security program. 

Amends GS 143B-1378 to require the State CIO to annually assess the ability of each agency and each agency's contracted vendors to comply with the current cybersecurity enterprise-wide set of standards established under the statute. Requires the assessment to estimate the initial cost of implementing necessary security measures for the agency to comply with the standards, as well as the costs over the lifecycle of the State agency information system (previously only required implementation costs).

Section 7

Modifies and adds to GS 143B-1400, which sets forth defined terms applicable to Part 10, Emergency Telephone Service, Article 15. Adds the terms agent, emergency medical dispatch, next generation 911 network, regional PSAP, State Emergency Services IP (ESInet) Network, and telecommunicator. Modifies the terms 911 State Plan, 911 system, communications service, CMRS provider, FCC Order, GIS (rather than GIS mapping), next generation 911 system, and service supplier.

Modifies and adds to the duties of the 911 Board (Board) prescribed in GS 143B-1402. In developing the 911 State Plan, requires the Board to ensure individual public safety answering point (PSAP) plans incorporate 911 call routing in an emergency and coordination with State emergency operations including Telecommunicator Emergency Response Taskforce (TERT). Provides for the adoption of policies, procedures, and rules by the Board to execute its powers and duties. Requires communication of determined policies and procedures and adopted rules to the Executive Director, who has enforcement authority, as enacted. Specifies that only the Executive Director has the responsibility and authority to give operational directives to any Board employee. Requires the Board to distribute revenue in the 911 Fund (Fund) (previously specified distribution to Commercial Mobile Radio Service (CMRS) providers and PSAPs). In establishing policies and procedures to fund advisory services and training programs, requires the Board to include Emergency Medical Dispatch and quality assurance of Emergency Medical Dispatch programs for PSAPs, and in setting operating standards for PSAPs and back-up PSAPs, requires the Board to include minimum staffing and mandatory telecommunicator training and certification requirements for 911 call taking. Adds that the policies, procedures, and standards established for procurement contracts, advisory services, training programs, and operations are subject to the limitations of GS 143B-1406(d), which sets forth restricted use provisions of funds distributed to PSAPs from the Fund. Prohibits the Board from adopting rules that regulate any communications service, including technical standards for communications service providers to process 911 voice and data. Adds the duty of the Board to collect and distribute data from and to PSAPs and communications service providers so long as data distribution is subject to the state public records law and federal privacy laws and regulations. Adds the duty to coordinate, adopt, and communicate all necessary technical and operational standards, and requirements to ensure an effective statewide interconnected next generation 911 network, the State ESInet, including design specifications, processing standards and requirements, and performance measures. Adds the duty to establish and operate a network management center for the State ESInet staffed by the Board to monitor PSAP and communications service provider compliance and State ESInet performance and security testing protocols in coordination with the Department.

Directs the Department Secretary to select an Executive Director of the Board with the advice of the Board. Deems the Executive Director the chief administrative officer of the Board and the State 911 coordinator for purposes of state and federal law and program requirements. Provides qualifications and responsibilities of the Executive Director, including the duty of drafting suggested legislation incorporating Board findings, and executing the Board's policies, powers, and duties subject to appropriations, available funds, and State employment and procurement laws. 

Authorizes the Board to meet in the Department offices or in facilities that satisfy the Board's needs and state public meeting laws. Mandates the Department to provide office space for the Board's staff.

Amends GS 143B-1403 to provide for a monthly service charge for each active communications service connection that provides access to the 911 system through a communications provider (was, voice communications service), payable by the subscriber to the service provider of the communications service. Makes conforming terminology changes. Describes the changes as a clarification of existing law, and provides that no subscriber or communications service provider is liable to any person or entity for billing or remitting a different number of 911 service charged than that required by the Part for any services for which a bill is or has been rendered prior to 180 days following the date the act becomes law. Requires service charges imposed to ensure full cost recovery for communications service providers over a reasonable period of time, for monthly distributions to primary PSAPs, and for the State ESInet (previously referred to rates rather than charges imposed and required full cost recovery for communications service providers and for primary PSAPs over a reasonable period of time; did not include cost recovery for the State ESInet). Make conforming changes.

Amends GS 143B-1404 to increase from 2% to 3.5% the amount of the total service charges remitted to the Board under GS 143B-1403 the Board may retain for its administrative expenses. Now requires the Board to allocate 15% rather than 10% of the total service charges to the Next Generation 911 Reserve Fund, and 5% of the total service charges to the PSAP Grant and Statewide Projects Account. Requires the remaining revenues to be allocated for distribution to the primary PSAPs, CMRS providers, or the Accounts establishes in GS 143B-1407 (the PSAP Grant and Statewide Projects Account and the Next Generation 911 Reserve Fund). Makes technical and conforming changes. Makes further conforming changes throughout the remainder of the Part to refer to the Accounts rather than the PSAP Grant and Statewide Projects Account alone.

Amends GS 143B-1405 to require a CMRS provider to request reimbursement from the 911 Fund by presenting a request to the Board within six months prior to the end of the Board's fiscal year and identifying the provider's anticipated qualified expenses for reimbursement during the Board's next fiscal year. Eliminates the provision regarding accrual of interest on deferred payments. Provides for reallocation of excess funds to the Accounts established under GS 143B-1407 if reimbursement amounts to CMRS providers budgeted by the Board for a fiscal year exceed the amount of funds disbursed. Removes the requirement that the Board consider reduction of the service charge if reallocation totals more than $3 million in a calendar year. Makes further technical and conforming changes. 

Makes conforming changes to GS 143B-1406 regarding monthly distribution from the 911 Fund to primary PSAPs. Concerning the funding formula, requires the Board to consider any interlocal government funding agreement to operate a regional PSAP (previously did not specify the nature of the interlocal agreement) among other specified considerations in existing law. Specifies that if the Board does not designate an amount to be allocated to the Accounts established under GS 143B-1407, the Board must distribute all remaining funds to regional or primary PSAPs on a per capita basis (previously did not specify which PSAPs). Conditions eligibility to carryforward distributions on compliance with the requirements of subsection (f) of the statute, as modified. Adds that amounts carried forward to the next fiscal year from distributions made by the Board cannot be used to lower distributions unless the monthly distribution amount in subsection (a) is modified based upon the Board's expenditures for Statewide 911 projects or the PSAP's migration to a next generation 911 network (in addition to the exception provided in existing law for when the monthly distribution amount is greater than 20% of the average yearly amount distributed to the PSAP in the prior two years). Modifies the authorized use of distributions to include the lease, purchase, or maintenance of emergency medical, fire, and law enforcement pre-arrival instruction software. Prohibits use of the funds for addressing or service supplier 911 service and other recurring charges supplanted by the State ESInet costs paid by the Board, following the earlier of July 1, 2021, or compliance with new subsection (e1), which mandates implementation of plans to migrate PSAPs to the State ESInet by July 1, 2021. No longer authorizes the use of funds to pay for nonrecurring costs of establishing a 911 system. New subsection (e1) details parameters for the migration of PSAPs to the State ESInet on a regional basis and provides for extension of the deadline for good cause. Details requirements of all communication service providers and State ESInet service providers regarding points of interconnection for routing and delivering 911 calls. Modifies and adds to the compliance provisions set forth in subsection (f) on which the monthly distribution is conditioned. Now requires each PSAP dispatching emergency medical services to develop policies and procedures for implementing an approved Emergency Medical Dispatch program, as specified, by July 1, 2019. Further requires each PSAP to deploy equipment, products, and services necessary or appropriate for receipt and processing of calls for emergency assistance sent by text messages consistent with the specified FCC Order(s). Mandates that every local government participate in a 911 system. Requires that the establishment and operation of Regional PSAPs be a coordinated effort among local governments and the Board. Clarifies that Article 15 does not prohibit or discourage the formation of Regional PSAPs. Additionally, establishes a forty-hour training course requirement for telecommunicators within their first year of employment for persons beginning employment after July 1, 2019, as specified, and establishes a requirement of completion of a medical dispatch course or emergency medical dispatch course for all telecommunicators by July 1, 2020, or within six months of the date of employment if employed after that date. 

Amends GS 143B-1407 to require that eligible projects for use of funds from the Accounts be an eligible expense under GS 143B-1406(d) (as amended concerning authorized uses) rather than GS 143B-1406(e) (local funds). Additioanlly, authorizes the Board to provide funds from the Next Generation 911 Fund directly to primary PSAPs (previously did not limit the authority to primary PSAPs) to implement next generation 911 systems.

Makes technical changes to GS 143B-1408 concerning recovery of unauthorized use of funds, to require monies received under the Part rather than the statute to be credited to the 911 Fund. 

Makes clarifying and conforming changes to GS 143B-1409 (Conditions for providing enhanced 911 service).

Expands GS 143B-1413 regarding immunity for service and system providers and their employees, directors, officers, vendors, and agents to acts and omissions concerning text-to-911 service. Makes conforming changes.