SB 36: "An Act relating to the security of certain data processing records of the executive branch and making the Department of Administration responsible for the security of those records."
00 SENATE BILL NO. 36 01 "An Act relating to the security of certain data processing records of the executive 02 branch and making the Department of Administration responsible for the security of 03 those records." 04 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF ALASKA: 05 * Section 1. AS 40.21.030(b) is amended to read: 06 (b) In order to carry out the records management program, the state archivist 07 shall 08 (1) analyze, develop, and coordinate the standards and procedures for 09 record making and current record keeping; 10 (2) ensure the maintenance and security of records, subject to 11 AS 44.21.165; 12 (3) initiate action to recover state records removed without 13 authorization; 14 (4) establish and operate state records centers for the purposes of
01 accepting, servicing, storing, and protecting state records that must be preserved for 02 varying periods of time but that [WHICH] are not needed for the transaction of 03 current business; 04 (5) transfer records considered to have permanent value to the state 05 archives; 06 (6) institute and maintain a training and information program in all 07 phases of the management of current records for all state agencies, subject to 08 AS 44.21.165; 09 (7) make continuing surveys of paperwork operations and recommend 10 improvements in current records management practices, including the use of space, 11 equipment, and supplies; 12 (8) initiate programs for improving the management of 13 correspondence, forms, reports, and directives as integral parts of the overall records 14 management program; 15 (9) provide centralized microfilm service for state agencies as 16 determined to be necessary by the department; 17 (10) establish standards for the preparation of records retention 18 schedules providing for the retention of state records of permanent value and for the 19 prompt and orderly disposition of state records no longer possessing administrative, 20 legal, or historical value to warrant their retention; 21 (11) receive records retention schedules from the agencies and submit 22 them to the attorney general for review and approval; 23 (12) obtain from agencies reports that are required for the 24 administration of the program. 25 * Sec. 2. AS 40.21.060 is amended to read: 26 Sec. 40.21.060. Duties of chief executive officers of state agencies. Subject 27 to AS 44.21.165, the [THE] chief executive officer of each state agency shall 28 (1) make and preserve public records containing adequate and proper 29 documentation of the organization, functions, policies, decisions, procedures, and 30 essential transactions of the agency, and designed to furnish the information necessary 31 to protect the legal and financial rights of the state and of persons directly affected by
01 the agency's activities; 02 (2) establish and maintain an active, continuing program for the 03 efficient management of the records of the agency under the procedures prescribed by 04 the department, including effective controls over the creation, maintenance, and use of 05 records in the conduct of current business; 06 (3) submit to the department, in accordance with the standards 07 established by it, records retention schedules proposing the length of time that 08 [WHICH] records having administrative, legal, or historical value shall be retained; 09 (4) apply the provisions of approved records retention schedules to 10 ensure the orderly disposition of state records including transfer to a state records 11 center; 12 (5) identify, segregate, and protect records vital to the continuing 13 operation of an agency in the event of natural, man-made, or war-caused disaster; 14 (6) cooperate with the department in conducting surveys made by it 15 under the provisions of this chapter; 16 (7) establish safeguards against unauthorized or unlawful removal or 17 loss of state records; 18 (8) comply with the regulations, standards, and procedures relating to 19 records management and archives established by the department; 20 (9) appoint a records officer who shall act as a liaison between the 21 department and the agency on all matters relating to the records management program. 22 * Sec. 3. AS 44.21 is amended by adding a new section to read: 23 Sec. 44.21.165. Security of records. (a) As the department responsible for the 24 operation and management of automatic data processing resources and activities of the 25 executive branch under AS 44.21.150, the department is the state agency responsible 26 for maintaining the security of the nonarchived records produced or maintained by the 27 automatic data processing resources and activities of state agencies. 28 (b) The department shall 29 (1) develop, implement, and maintain policies to ensure that data 30 processing records are secure from unlawful release; 31 (2) define the responsibilities for the security of the data processing
01 records of each state agency, communicate the responsibilities to the state agency, and 02 coordinate the responsibilities among state agencies; and 03 (3) establish procedures for maintaining the security of the data 04 processing records and provide training for state agency personnel to implement the 05 procedures. 06 (c) The state information systems plan adopted by the commissioner must 07 satisfy the security requirements of this section. 08 (d) The department shall adopt regulations to implement this section. 09 (e) On or before January 1 every two years, the department shall submit to the 10 legislature an audit that evaluates, for the two years since the period covered by the 11 previous audit under this subsection, the effectiveness of the department's 12 implementation of this section in maintaining the security of data processing records. 13 (f) In this section, 14 (1) "data processing records" means the records that are produced or 15 maintained by the automatic data processing resources and activities of a state agency 16 and that are not being held by the Alaska State Archives; 17 (2) "records" includes personally identifiable information in a record; 18 (3) "state agency" means an agency of the executive branch. 19 * Sec. 4. The uncodified law of the State of Alaska is amended by adding a new section to 20 read: 21 FIRST REPORT. Notwithstanding AS 44.21.165(e), enacted by sec. 3 of this Act, the 22 first report under AS 44.21.165(e) is due on January 1 of the fifth calendar year after this Act 23 takes effect.