CSSB 36(STA): "An Act relating to the data processing and telecommunications activities of the state; relating to the security of certain data processing records of the executive branch and making the Department of Administration responsible for the security of those records; and making the commissioner of administration the chief information officer of the state."
00 CS FOR SENATE BILL NO. 36(STA) 01 "An Act relating to the data processing and telecommunications activities of the state; 02 relating to the security of certain data processing records of the executive branch and 03 making the Department of Administration responsible for the security of those records; 04 and making the commissioner of administration the chief information officer of the 05 state." 06 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF ALASKA: 07 * Section 1. AS 40.21.030(b) is amended to read: 08 (b) In order to carry out the records management program, the state archivist 09 shall 10 (1) analyze, develop, and coordinate the standards and procedures for 11 record making and current record keeping; 12 (2) ensure the maintenance and security of records, subject to 13 AS 44.21.165;
01 (3) initiate action to recover state records removed without 02 authorization; 03 (4) establish and operate state records centers for the purposes of 04 accepting, servicing, storing, and protecting state records that must be preserved for 05 varying periods of time but that [WHICH] are not needed for the transaction of 06 current business; 07 (5) transfer records considered to have permanent value to the state 08 archives; 09 (6) institute and maintain a training and information program in all 10 phases of the management of current records for all state agencies, subject to 11 AS 44.21.165; 12 (7) make continuing surveys of paperwork operations and recommend 13 improvements in current records management practices, including the use of space, 14 equipment, and supplies; 15 (8) initiate programs for improving the management of 16 correspondence, forms, reports, and directives as integral parts of the overall records 17 management program; 18 (9) provide centralized microfilm service for state agencies as 19 determined to be necessary by the department; 20 (10) establish standards for the preparation of records retention 21 schedules providing for the retention of state records of permanent value and for the 22 prompt and orderly disposition of state records no longer possessing administrative, 23 legal, or historical value to warrant their retention; 24 (11) receive records retention schedules from the agencies and submit 25 them to the attorney general for review and approval; 26 (12) obtain from agencies reports that are required for the 27 administration of the program. 28 * Sec. 2. AS 40.21.060 is amended to read: 29 Sec. 40.21.060. Duties of chief executive officers of state agencies. Subject 30 to AS 44.21.165, the [THE] chief executive officer of each state agency shall 31 (1) make and preserve public records containing adequate and proper
01 documentation of the organization, functions, policies, decisions, procedures, and 02 essential transactions of the agency, and designed to furnish the information necessary 03 to protect the legal and financial rights of the state and of persons directly affected by 04 the agency's activities; 05 (2) establish and maintain an active, continuing program for the 06 efficient management of the records of the agency under the procedures prescribed by 07 the department, including effective controls over the creation, maintenance, and use of 08 records in the conduct of current business; 09 (3) submit to the department, in accordance with the standards 10 established by it, records retention schedules proposing the length of time that 11 [WHICH] records having administrative, legal, or historical value shall be retained; 12 (4) apply the provisions of approved records retention schedules to 13 ensure the orderly disposition of state records including transfer to a state records 14 center; 15 (5) identify, segregate, and protect records vital to the continuing 16 operation of an agency in the event of natural, man-made, or war-caused disaster; 17 (6) cooperate with the department in conducting surveys made by it 18 under the provisions of this chapter; 19 (7) establish safeguards against unauthorized or unlawful removal or 20 loss of state records; 21 (8) comply with the regulations, standards, and procedures relating to 22 records management and archives established by the department; 23 (9) appoint a records officer who shall act as a liaison between the 24 department and the agency on all matters relating to the records management program. 25 * Sec. 3. AS 44.21.010 is amended by adding a new subsection to read: 26 (b) The commissioner of administration is the chief information officer for the 27 state. The chief information officer for the state carries out the duties and powers of 28 the commissioner of administration and the Department of Administration under 29 AS 44.21.150 - 44.21.170 and 44.21.305 - 44.21.330. 30 * Sec. 4. AS 44.21 is amended by adding a new section to read: 31 Sec. 44.21.165. Security of records. (a) As the department responsible for the
01 operation and management of automatic data processing resources and activities of the 02 executive branch under AS 44.21.150, the department is the state agency responsible 03 for ensuring the security of the nonarchived records produced or maintained by the 04 automatic data processing resources and activities of state agencies through the 05 development and adoption of standards, policies, and procedures. 06 (b) The department shall 07 (1) develop, implement, and maintain policies to ensure that data 08 processing records are secure from unlawful release; 09 (2) define the responsibilities for the security of the data processing 10 records of each state agency, communicate the responsibilities to the state agency, and 11 coordinate the responsibilities among state agencies; and 12 (3) establish procedures for maintaining the security of the data 13 processing records and provide training for state agency personnel to implement the 14 procedures. 15 (c) The state information systems plan adopted by the commissioner must 16 satisfy the security requirements of this section. 17 (d) The department shall adopt regulations to implement this section. 18 (e) On or before January 1 every two years, the department shall submit to the 19 legislature a report that evaluates, for the two years since the period covered by the 20 previous report under this subsection, the effectiveness of the department's 21 implementation of this section in maintaining the security of data processing records. 22 (f) In this section, 23 (1) "data processing records" means the records that are produced or 24 maintained by the automatic data processing resources and activities of a state agency 25 and that are not being held by the Alaska State Archives; 26 (2) "records" includes personally identifiable information in a record; 27 (3) "state agency" means an agency of the executive branch. 28 * Sec. 5. The uncodified law of the State of Alaska is amended by adding a new section to 29 read: 30 FIRST REPORT. Notwithstanding AS 44.21.165(e), enacted by sec. 4 of this Act, the 31 first report under AS 44.21.165(e) is due on January 1 of the fifth calendar year after this Act
01 takes effect.