Washington State

House of Representatives

Office of Program Research

BILL

ANALYSIS

Gen Govt & Info Tech Committee

HB 1008

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

Brief Description: Authorizing the state auditor to conduct audits of state government and local agencies' data storage and management practices thereby protecting privacy and securing personal information from computer hacking or misuse of data.

Sponsors: Representatives Smith, Hudgins, Hayes, Stanford, Moeller, Magendanz and Buys.

Brief Summary of Bill

  • Authorizes the State Auditor to conduct audits of a state or local agency's data management and storage practices.

  • Requires state agencies and local governments to report computer breaches to the State Auditor.

Hearing Date: 1/30/15

Staff: Marsha Reilly (786-7135).

Background:

The State Auditor (Auditor) is authorized to audit public accounts, investigate improper governmental activity, request prosecutions of wrongdoings, and report to the Director of the Office of Financial Management the names of persons who have received moneys belonging to the state that are not accounted for. The Auditor may also conduct independent, comprehensive performance audits of public agencies.

In December 2014, the Auditor released a report of a performance audit of the state's information technology security, including data security, network security, access security, application security, and operations management. The audit revealed that the agencies audited were not in full compliance with security standards.

Summary of Bill:

The Auditor is authorized, at his or her discretion, or when there is reasonable cause to believe that a misuse or inappropriate management of citizen data has occurred, to conduct an audit of a state or local agency's data management and storage practices. State agencies and local governments are required to immediately report computer breaches to the Auditor.

Appropriation: None.

Fiscal Note: Available.

Effective Date: The bill takes effect 90 days after adjournment of the session in which the bill is passed.