Bill Text: NC S284 | 2013-2014 | Regular Session | Amended


Bill Title: OSC/Gov't Data Analytics/State Data Sharing

Spectrum: Partisan Bill (Republican 2-0)

Status: (Introduced - Dead) 2013-04-30 - Re-ref Com On Judiciary I [S284 Detail]

Download: North_Carolina-2013-S284-Amended.html

GENERAL ASSEMBLY OF NORTH CAROLINA

SESSION 2013

S                                                                                                                                                    2

SENATE BILL 284

Commerce Committee Substitute Adopted 4/30/13

 

Short Title:        OSC/Gov't Data Analytics/State Data Sharing.

(Public)

Sponsors:

 

Referred to:

 

March 14, 2013

A BILL TO BE ENTITLED

AN ACT to rename the government business intelligence competency center in the office of the state controller as the government data analytics center, to augment its work by codifying its Mission, powers, and duties, and to amend the revenue and motor vehicle laws to enhance the data sharing required to increase the state's business intelligence.

The General Assembly of North Carolina enacts:

SECTION 1.(a)  G.S. 20‑7(b2) reads as rewritten:

"(b2)    Disclosure of Social Security Number. – The social security number of an applicant is not a public record. The Division may not disclose an applicant's social security number except as allowed under federal law. A violation of the disclosure restrictions is punishable as provided in 42 U.S.C. § 408, and amendments to that law.

In accordance with 42 U.S.C. 405 and 42 U.S.C. 666, and amendments thereto, the Division may disclose a social security number obtained under subsection (b1) of this section only as follows:

(1)        For the purpose of administering the driver's license laws.

(2)        To the Department of Health and Human Services, Child Support Enforcement Program for the purpose of establishing paternity or child support or enforcing a child support order.

(3)        To the Department of Revenue for the purpose of verifying taxpayer identity.

(4)        To the Office of Indigent Defense Services of the Judicial Department for the purpose of verifying the identity of a represented client and enforcing a court order to pay for the legal services rendered.

(5)        To each county jury commission for the purpose of verifying the identity of deceased persons whose names should be removed from jury lists.

(6)        To the Office of the State Controller for the purposes of G.S. 143B‑426.38A."

SECTION 1.(b)  G.S. 20‑43(a) reads as rewritten:

"(a)       All records of the Division, other than those declared by law to be confidential for the use of the Division, shall be open to public inspection during office hours in accordance with G.S. 20‑43.1. A photographic image or signature recorded in any format by the Division for a drivers license or a special identification card is confidential and shall not be released except for law enforcement purposes. A photographic image recorded in any format by the Division for a drivers license or a special identification card is confidential and shall not be released except for law enforcement purposes or to the Office of the State Controller for the purposes of G.S. 143B‑426.38A."

SECTION 2.  G.S. 105‑259(b) is amended by adding a new subdivision to read:

"(44)    To furnish tax information to the Office of the State Controller under G.S. 143B‑426.38A. The use and reporting of individual data may be restricted to only those activities specifically allowed by law when potential fraud or other illegal activity is indicated."

SECTION 3.(a)  Part 28 of Article 9 of Chapter 143B of the General Statutes is amended by adding a new section to read:

"§ 143B‑426.38A.  Government Data Analytics Center; State data-sharing requirements.

(a)        State Government Data Analytics. – The State shall initiate across State agencies, departments, and institutions a data integration and data-sharing initiative that is not intended to replace transactional systems but is instead intended to leverage the data from those systems for enterprise‑level State business intelligence.

(1)        Creation of initiative. – In carrying out the purposes of this section, the Office of the State Controller shall conduct an ongoing, comprehensive evaluation of State data analytics projects and plans in order to identify data integration and business intelligence opportunities that will generate greater efficiencies in, and improved service delivery by, State agencies, departments, and institutions. The Office of the State Controller may partner with current vendors and providers to assist in the initiative. However, to limit the cost to the State, the Office of the State Controller shall use current licensing agreements wherever feasible.

(2)        Application to State government. – The initiative shall include all State agencies, departments, and institutions, including The University of North Carolina.

(3)        Governance. – The State Controller shall lead the initiative established pursuant to this section. The Chief Justice of the North Carolina Supreme Court and the Legislative Services Commission each shall designate an officer or agency to advise and assist the State Controller with respect to implementation of the initiative in their respective branches of government. The judicial and legislative branches shall fully cooperate in the initiative mandated by this section in the same manner as is required of State agencies.

(b)        Government Data Analytics Center.

(1)        GDAC established. – There is established in the Office of the State Controller the Government Data Analytics Center (GDAC). GDAC shall assume the work, purpose, and resources of the current data integration effort in the Office of the State Controller and shall otherwise advise and assist the State Controller in the management of the initiative. The State Controller shall make any organizational changes necessary to maximize the effectiveness and efficiency of GDAC.

(2)        Powers and duties of the GDAC. – The State Controller shall, through the GDAC, do all of the following:

a.         Continue and coordinate ongoing enterprise data integration efforts, including:

1.         The deployment, support, technology improvements, and expansion for CJLEADS.

2.         The pilot and subsequent phase initiative for NC FACTS.

3.         Individual‑level student data and workforce data from all levels of education and the State workforce.

4.         Other capabilities developed as part of the initiative.

b.         Identify technologies currently used in North Carolina that have the capability to support the initiative.

c.         Identify other technologies, especially those with unique capabilities, that could support the State's business intelligence effort.

d.         Compare capabilities and costs across State agencies.

e.         Ensure implementation is properly supported across State agencies.

f.          Ensure that data integration and sharing is performed in a manner that preserves data privacy and security in transferring, storing, and accessing data, as appropriate.

g.         Immediately seek any waivers and enter into any written agreements that may be required by State or federal law to effectuate data sharing and to carry out the purposes of this section.

h.         Coordinate data requirements and usage for State business intelligence applications in a manner that (i) limits impacts on participating State agencies as those agencies provide data and business knowledge expertise and (ii) assists in defining business rules so the data can be properly used.

i.          Recommend the most cost‑effective and reliable long‑term hosting solution for enterprise‑level State business intelligence as well as data integration, notwithstanding Section 6A.2(f) of S.L. 2011‑145.

(c)        Implementation of the Enterprise‑Level Business Intelligence Initiative. –

(1)        Phases of the initiative. – The initiative shall cycle through these phases on an ongoing basis:

a.         Phase I requirements. – In the first phase, the State Controller through GDAC shall:

1.         Inventory existing State agency business intelligence projects, both completed and under development.

2.         Develop a plan of action that does all of the following:

I.          Defines the program requirements, objectives, and end state of the initiative.

II.         Prioritizes projects and stages of implementation in a detailed plan and benchmarked time line.

III.       Includes the effective coordination of all of the State's current data integration initiatives.

IV.       Utilizes a common approach that establishes standards for business intelligence initiatives for all State agencies and prevents the development of projects that do not meet the established standards.

V.        Determines costs associated with the development efforts and identifies potential sources of funding.

VI.       Includes a privacy framework for business intelligence consisting of adequate access controls and end user security requirements.

VII.      Estimates expected savings.

3.         Inventory existing external data sources that are purchased by State agencies to determine whether consolidation of licenses is appropriate for the enterprise.

4.         Determine whether current, ongoing projects support the enterprise‑level objectives.

5.         Determine whether current applications are scalable or are applicable for multiple State agencies or both.

b.         Phase II requirements. – In the second phase, the State Controller through the GDAC shall:

1.         Identify redundancies and determine which projects should be discontinued.

2.         Determine where gaps exist in current or potential capabilities.

c.         Phase III requirements. – In the third phase:

1.         The State Controller through GDAC shall incorporate or consolidate existing projects, as appropriate.

2.         The State Controller shall, notwithstanding G.S. 147‑33.76 or any rules adopted pursuant thereto, eliminate redundant business intelligence projects, applications, software, and licensing.

3.         The State Controller through GDAC shall complete all necessary steps to ensure data integration in a manner that adequately protects privacy.

(2)        Commencement of projects. – The State Controller may expand existing data integration or business intelligence contracts with current data integration efforts, as appropriate, in order to implement the plan required by this section in accordance with the schedule established and the priorities developed during Phase I of the initiative and may use public‑private partnerships as appropriate to implement the plan.

(d)        Funding. The Office of the State Controller, with the support of the Office of State Budget and Management, shall identify and make all efforts to secure any matching funds or other resources to assist in funding this initiative. Savings resulting from the cancellation of projects, software, and licensing, as well as any other savings from the initiative, shall be returned to the General Fund and shall remain unexpended and unencumbered until appropriated by the General Assembly in a subsequent fiscal year. It is the intent of the General Assembly that expansion of the initiative in subsequent fiscal years be funded with these savings and that the General Assembly appropriate funds for projects in accordance with the priorities identified by the Office of the State Controller in Phase I of the initiative.

(e)        Reporting. The Office of the State Controller shall:

(1)        Submit and present quarterly reports on the implementation of Phase I of the initiative and the plan developed as part of that phase to the Chairs of the House of Representatives Appropriations and Senate Base Budget/Appropriations Committees, to the Joint Legislative Oversight Committee on Information Technology, and to the Fiscal Research Division of the General Assembly. The State Controller shall submit a report prior to implementing any improvements, expending funding for expansion of existing business intelligence efforts, or establishing other projects as a result of its evaluations, and quarterly thereafter, a written report detailing progress on, and identifying any issues associated with, State business intelligence efforts.

(2)        Report the following information as needed:

a.         Any failure of a State agency to provide information requested pursuant to this section. The failure shall be reported to the Joint Legislative Committee on Information Technology and to the Chairs of the House of Representatives Appropriations and Senate Base Budget/Appropriations Committees.

b.         Any additional information to the Joint Legislative Commission on Governmental Operations and the Joint Legislative Oversight Committee on Information Technology that is requested by those entities.

(f)         Data Sharing. –

(1)        General duties of all State agencies. – The head of each State agency, department, and institution shall do all of the following:

a.         Grant the Office of the State Controller access to all information required to develop and support State business intelligence applications pursuant to this section. The State Controller and the GDAC shall take all necessary actions and precautions, including training, certifications, background checks, and governance policy and procedure, to ensure the security, integrity, and privacy of the data in accordance with State and federal law and as may be required by contract.

b.         Provide complete information on the State agency's information technology, operational, and security requirements.

c.         Provide information on all of the State agency's information technology activities relevant to the State business intelligence effort.

d.         Forecast the State agency's projected future business intelligence information technology needs and capabilities.

e.         Ensure that the State agency's future information technology initiatives coordinate efforts with the GDAC to include planning and development of data interfaces to incorporate data into the initiative and to ensure the ability to leverage analytics capabilities.

f.          Provide technical and business resources to participate in the initiative by providing, upon request and in a timely and responsive manner, complete and accurate data, business rules and policies, and support.

g.         Identify potential resources for deploying business intelligence in their respective State agencies and as part of the enterprise‑level effort.

h.         Immediately seek any waivers and enter into any written agreements that may be required by State or federal law to effectuate data sharing and to carry out the purposes of this section, as appropriate.

(2)        Specific requirements. – The State Controller and the GDAC shall enhance the State's business intelligence through the collection and analysis of data relating to workers' compensation claims for the purpose of preventing and detecting fraud, as follows:

a.         The North Carolina Industrial Commission shall release to GDAC, or otherwise provide electronic access to, all data requested by GDAC relating to workers' compensation insurance coverage, claims, appeals, compliance, and enforcement under Chapter 97 of the General Statutes.

b.         The North Carolina Rate Bureau (Bureau) shall release to GDAC, or otherwise provide electronic access to, all data requested by GDAC relating to workers' compensation insurance coverage, claims, business ratings, and premiums under Chapter 58 of the General Statutes. The Bureau shall be immune from civil liability for releasing information pursuant to this subsection, even if the information is erroneous, provided the Bureau acted in good faith and without malicious or willful intent to harm in releasing the information.

c.         The Department of Commerce, Division of Employment Security (DES), shall release to GDAC, or otherwise provide access to, all data requested by GDAC relating to unemployment insurance coverage, claims, and business reporting under Chapter 96 of the General Statutes.

d.         The Department of Labor shall release to GDAC, or otherwise provide access to, all data requested by GDAC relating to safety inspections, wage and hour complaints, and enforcement activities under Chapter 95 of the General Statutes.

e.         The Department of Revenue shall release to GDAC, or otherwise provide access to, all data requested by GDAC relating to the registration and address information of active businesses, business tax reporting, and aggregate federal tax Form 1099 data for comparison with information from DES, the Rate Bureau, and the Department of the Secretary of State for the evaluation of business reporting. Additionally, the Department of Revenue shall furnish to the GDAC, upon request, other tax information, provided that the information furnished does not impair or violate any information-sharing agreements between the Department and the United States Internal Revenue Service. Notwithstanding any other provision of law, a determination of whether furnishing the information requested by GDAC would impair or violate any information-sharing agreements between the Department of Revenue and the United States Internal Revenue Service shall be within the sole discretion of the Secretary of the Department of Revenue. The Department of Revenue and the Office of the State Controller shall work jointly to assure that the evaluation of tax information pursuant to this subdivision is performed in accordance with applicable federal law.

(3)        All information shared with GDAC and the State Controller under this subdivision is protected from release and disclosure in the same manner as any other information is protected under this section.

(g)        Provisions on Privacy and Confidentiality of Information.

(1)        Status with respect to certain information. – The State Controller and the GDAC shall be deemed to be all of the following for the purposes of this section:

a.         With respect to criminal information, and to the extent allowed by federal law, a criminal justice agency (CJA), as defined under Criminal Justice Information Services (CJIS) Security Policy. The State CJIS Systems Agency (CSA) shall ensure that CJLEADS receives access to federal criminal information deemed to be essential in managing CJLEADS to support criminal justice professionals.

b.         With respect to health information covered under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, and to the extent allowed by federal law:

1.         A business associate with access to protected health information acting on behalf of the State's covered entities in support of data integration, analysis, and business intelligence.

2.         Authorized to access and view individually identifiable health information, provided that the access is essential to the enterprise fraud, waste, and improper payment detection program or required for future initiatives having specific definable need for the data.

c.         Authorized to access all State and federal data, including revenue and labor information, deemed to be essential to the enterprise fraud, waste, and improper payment detection program or future initiatives having specific definable need for the data.

d.         Authorized to develop agreements with the federal government to access data deemed to be essential to the enterprise fraud, waste, and improper payment detection program or future initiatives having specific definable need for such data.

(2)        Release of information. – The following limitations apply to (i) the release of information compiled as part of the initiative, (ii) data from State agencies that is incorporated into the initiative, and (iii) data released as part of the implementation of the initiative:

a.         Information compiled as part of the initiative. – Notwithstanding the provisions of Chapter 132 of the General Statutes, information compiled by the State Controller and the GDAC related to the initiative may be released as a public record only if the State Controller, in that officer's sole discretion, finds that the release of information is in the best interest of the general public and is not in violation of law or contract.

b.         Data from State agencies. – Any data that is not classified as a public record under G.S. 132‑1 shall not be deemed a public record when incorporated into the data resources comprising the initiative. To maintain confidentiality requirements attached to the information provided to the State Controller and GDAC, each source agency providing data shall be the sole custodian of the data for the purpose of any request for inspection or copies of the data under Chapter 132 of the General Statutes.

c.         Data released as part of implementation. – Information released to persons engaged in implementing the State's business intelligence strategy under this section that is used for purposes other than official State business is not a public record pursuant to Chapter 132 of the General Statutes."

SECTION 3.(b)  G.S. 143B‑426.39 is amended by adding a new subdivision to read:

"(17)    Coordinate data integration and data sharing pursuant to G.S. 143B‑426.38A across State agencies, departments, and institutions to support the State's enterprise‑level business intelligence initiative."

SECTION 3.(c)  The purpose of this section is to codify provisions of Section 6A.7A of S.L. 2012‑142, and to the extent that any provision of that section conflicts with G.S. 143B‑426.38A, as enacted by this act, then the provisions of the statute shall be construed to prevail over any conflicting noncodified provisions.

SECTION 4.(a)  The Revisor of Statutes shall replace the name of the Government Business Intelligence Competency Center with the name Government Data Analytics Center wherever it is used in S.L. 2012‑142.

SECTION 4.(b)  The Revisor of Statutes shall replace the acronym GBICC with the acronym GDAC wherever it is used in S.L. 2012‑142.

SECTION 5.  This act is effective when it becomes law.

feedback