SENATE BILL REPORT

SHB 2400

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

As Reported by Senate Committee On:

Environment, Energy & Technology, February 27, 2020

Title: An act relating to privacy assessment surveys of state agencies.

Brief Description: Concerning privacy assessment surveys of state agencies.

Sponsors: House Committee on State Government & Tribal Relations (originally sponsored by Representatives Hudgins, Smith, Van Werven and Wylie).

Brief History: Passed House: 2/16/20, 96-0.

Committee Activity: Environment, Energy & Technology: 2/20/20, 2/26/20, 2/27/20 [DP, w/oRec].

Brief Summary of First Substitute Bill

Requires the Office of Privacy and Data Protection to survey all state agencies annually regarding their collection, use, and sharing of data, and their use of security measures to secure data against unauthorized access or disclosure.
Requires state agencies to complete the survey within a reasonable time.

SENATE COMMITTEE ON ENVIRONMENT, ENERGY & TECHNOLOGY

Majority Report: Do pass.

Signed by Senators Carlyle, Chair; Lovelett, Vice Chair; Sheldon, Assistant Ranking Member, Energy & Technology; Brown, Das, Hobbs, Liias, McCoy, Nguyen, Rivers, Short, Stanford and Wellman.

Minority Report: That it be referred without recommendation.

Signed by Senators Ericksen, Ranking Member; Fortunato, Assistant Ranking Member, Environment.

Staff: Angela Kleis (786-7469)

Background: The Consolidated Technology Services (CTS) agency supports state agencies as a centralized provider and procurer of information technology services. Within CTS, the Office of the Chief Information Officer (OCIO) has primary duties related to information technology for state government, which include establishing statewide enterprise architecture and standards for consistent and efficient operation. Within the OCIO, the Office of Privacy and Data Protection (OPDP) serves as a central point of contact for state agencies on policy matters involving data privacy and data protection.

The primary duties of the OPDP with respect to state agencies are to:

conduct an annual privacy review;
conduct an annual privacy training for state agencies and employees;
articulate privacy principles and best practices;
coordinate data protection in cooperation with the agency; and
participate with the state chief information officer in the review of major state agency projects involving personally identifiable information.

Summary of Bill: The annual privacy review conducted by the OPDP must include a survey of all state agencies regarding their collection, use, and sharing of data, and their use of security measures to secure data against unauthorized access or disclosure.

State agencies are required to complete the survey within a reasonable time. Agencies may request assistance from the OPDP in completing the assessment.

Appropriation: None.

Fiscal Note: Available.

Creates Committee/Commission/Task Force that includes Legislative members: No.

Effective Date: Ninety days after adjournment of session in which bill is passed.

Staff Summary of Public Testimony: None.

Persons Testifying: No one.

Persons Signed In To Testify But Not Testifying: No one.