Report Title:

Information Security

Description:

Requires the department of accounting and general services to establish a statewide information security protection program.

HOUSE OF REPRESENTATIVES

H.B. NO.

2836

TWENTY-THIRD LEGISLATURE, 2006

 

STATE OF HAWAII

 


 

A BILL FOR AN ACT

 

RELATING TO INFORMATION SECURITY.

 

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:

SECTION 1. Section 26-6, Hawaii Revised Statutes, is amended to read as follows:

"§26-6 Department of accounting and general services. (a) The department of accounting and general services shall be headed by a single executive to be known as the comptroller.

(b) The department shall:

(1) Preaudit and conduct after-the-fact audits of the financial accounts of all state departments to determine the legality of expenditures and the accuracy of accounts;

(2) Report to the governor and to each regular session of the legislature as to the finances of each department of the State;

(3) Administer the state risk management program;

(4) Establish and manage motor pools;

(5) Manage the preservation and disposal of all records of the State;

(6) Undertake the program of centralized engineering and office leasing services, including operation and maintenance of public buildings, for departments of the State;

(7) Undertake the functions of the state surveyor;

(8) Establish accounting and internal control systems;

(9) Provide centralized computer information management and processing services, coordination in the use of all information processing equipment, software, facilities, and services in the executive branch of the State, and consultation and support services in the use of information processing and management technologies to improve the efficiency, effectiveness, and productivity of state government programs; and

(10) Establish, coordinate, and manage a program to provide a means for public access to public information and develop and operate an information network in conjunction with its overall plans for establishing a communication backbone for state government.

(c) The state communication system shall be established to:

(1) Facilitate implementation of the State's distributed information processing and information resource management plans;

(2) Improve data, voice, and video communications in state government;

(3) Provide a means for connectivity among the state, university, and county computer systems; and

(4) Provide a long-term means for public access to public information.

(d) The department may adopt rules as may be necessary or desirable for the operation and maintenance of public buildings, and for the operation and implementation of a program to provide a means for public access to the State's information network system and public information. The rules shall be adopted pursuant to chapter 91.

(e) The King Kamehameha celebration commission shall be placed within the department of accounting and general services for administrative purposes. The functions, duties, and powers, subject to the administrative control of the comptroller, and the composition of the commission shall be as heretofore provided by law.

(f) The functions and authority heretofore exercised by the comptroller, board of commissioners of public archives, the archivist, the disposal committee, and the insurance management, surplus property management, and central purchasing functions of the bureau of the budget and the nonhighway functions of the department of public works as heretofore constituted are transferred to the department of accounting and general services established by this chapter.

(g) The department shall also develop no later than January 1, 2007, a statewide information security protection program, to be implemented by the other departments, that is commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of either information collected or maintained by or on behalf of each department or information systems used or operated by each department. The department shall update the program on no later than an annual basis.

The department shall also establish policies and procedures for all departments that cost-effectively reduce information security risks to acceptable levels and ensure that information security is addressed throughout the life cycle of each department's information system."

SECTION 2. There is appropriated out of the general revenues of the State of Hawaii the sum of $ , or so much thereof as may be necessary for fiscal year 2006-2007, to establish the information security protection program established under this Act.

SECTION 3. The sum appropriated shall be expended by the department of accounting and general services for the purposes of this Act.

SECTION 4. New statutory material is underscored.

SECTION 5. This Act shall take effect on July 1, 2006.

INTRODUCED BY:

_____________________________