2015 Utah Code
Title 63F - Utah Technology Governance Act
Chapter 2 - Data Security Management Council
Section 102 - Data Security Management Council -- Membership -- Duties.

Effective 5/12/2015
63F-2-102. Data Security Management Council -- Membership -- Duties.

• (1) There is created the Data Security Management Council composed of nine members as follows:
  • (a) the chief information officer appointed under Section 63F-1-201, or the chief information officer's designee;
  • (b) one individual appointed by the governor;
  • (c) one individual appointed by the speaker of the House of Representatives and the president of the Senate from the Legislative Information Technology Steering Committee; and
  • (d) the highest ranking information technology official, or the highest ranking information technology official's designee, from each of:
    • (i) the Judicial Council;
    • (ii) the State Board of Regents;
    • (iii) the State Office of Education;
    • (iv) the Utah College of Applied Technology;
    • (v) the State Tax Commission; and
    • (vi) the Office of the Attorney General.

• (2) The council shall elect a chair of the council by majority vote.

• (3)
  • (a) A majority of the members of the council constitutes a quorum.
  • (b) Action by a majority of a quorum of the council constitutes an action of the council.

• (4) The Department of Technology Services shall provide staff to the council.

• (5) The council shall meet monthly, or as often as necessary, to:
  • (a) review existing state government data security policies;
  • (b) assess ongoing risks to state government information technology;
  • (c) create a method to notify state and local government entities of new risks;
  • (d) coordinate data breach simulation exercises with state and local government entities; and
  • (e) develop data security best practice recommendations for state government that include recommendations regarding:
    • (i) hiring and training a chief information security officer for each government entity;
    • (ii) continuous risk monitoring;
    • (iii) password management;
    • (iv) using the latest technology to identify and respond to vulnerabilities;
    • (v) protecting data in new and old systems; and
    • (vi) best procurement practices.

• (6) A member who is not a member of the Legislature may not receive compensation or benefits for the member's service but may receive per diem and travel expenses as provided in:
  • (a) Section 63A-3-106;
  • (b) Section 63A-3-107; and
  • (c) rules made by the Division of Finance under Sections 63A-3-106 and 63A-3-107.

Enacted by Chapter 371, 2015 General Session