Laws of North Carolina (Last Updated: May 12, 2015) |
Chapter143B. Executive Organization Act of 1973. |
Article9. Department of Administration |
Part28. Office of the State Controller |
§143B-426.38A. Government Data Analytics Center; State data-sharing requirements
-
(a) State Government Data Analytics. - The State shall initiate across State agencies, departments, and institutions a data integration and data-sharing initiative that is not intended to replace transactional systems but is instead intended to leverage the data from those systems for enterprise-level State business intelligence as follows:
(1) Creation of initiative. - In carrying out the purposes of this section, the Office of the State Chief Information Officer (CIO) shall conduct an ongoing, comprehensive evaluation of State data analytics projects and plans in order to identify data integration and business intelligence opportunities that will generate greater efficiencies in, and improved service delivery by, State agencies, departments, and institutions. The State CIO shall continue to utilize public-private partnerships and existing data integration and analytics contracts and licenses as appropriate to continue the implementation of the initiative.
(2) Application to State government. - The initiative shall include all State agencies, departments, and institutions, including The University of North Carolina.
(3) Governance. - The State CIO shall lead the initiative established pursuant to this section. The Chief Justice of the North Carolina Supreme Court and the Legislative Services Commission each shall designate an officer or agency to advise and assist the State CIO with respect to implementation of the initiative in their respective branches of government. The judicial and legislative branches shall fully cooperate in the initiative mandated by this section in the same manner as is required of State agencies.
(b) Government Data Analytics Center. -
(1) GDAC established. - There is established in the Office of the State CIO the Government Data Analytics Center (GDAC). GDAC shall continue the work, purpose, and resources of the previous data integration effort in the Office of the State Controller and shall otherwise advise and assist the State CIO in the management of the initiative. The State CIO shall make any organizational changes necessary to maximize the effectiveness and efficiency of GDAC.
(2) Powers and duties of the GDAC. - The State CIO shall, through the GDAC, do all of the following:
a. Continue and coordinate ongoing enterprise data integration efforts, including:
1. The deployment, support, technology improvements, and expansion for the Criminal Justice Law Enforcement Automated Data System (CJLEADS).
2. The pilot and subsequent phase initiative for the North Carolina Financial Accountability and Compliance Technology System (NCFACTS).
3. Individual-level student data and workforce data from all levels of education and the State workforce.
4. Other capabilities developed as part of the initiative.
b. Identify technologies currently used in North Carolina that have the capability to support the initiative.
c. Identify other technologies, especially those with unique capabilities, that could support the State's business intelligence effort.
d. Compare capabilities and costs across State agencies.
e. Ensure implementation is properly supported across State agencies.
f. Ensure that data integration and sharing is performed in a manner that preserves data privacy and security in transferring, storing, and accessing data, as appropriate.
g. Immediately seek any waivers and enter into any written agreements that may be required by State or federal law to effectuate data sharing and to carry out the purposes of this section.
h. Coordinate data requirements and usage for State business intelligence applications in a manner that (i) limits impacts on participating State agencies as those agencies provide data and business knowledge expertise and (ii) assists in defining business rules so the data can be properly used.
i. Recommend the most cost-effective and reliable long-term hosting solution for enterprise-level State business intelligence as well as data integration, notwithstanding Section 6A.2(f) of S.L. 2011-145.
(c) Implementation of the Enterprise-Level Business Intelligence Initiative. -
(1) Phases of the initiative. - The initiative shall cycle through these phases on an ongoing basis as follows:
a. Phase I requirements. - In the first phase, the State CIO through GDAC shall:
1. Inventory existing State agency business intelligence projects, both completed and under development.
2. Develop a plan of action that does all of the following:
I. Defines the program requirements, objectives, and end state of the initiative.
II. Prioritizes projects and stages of implementation in a detailed plan and benchmarked time line.
III. Includes the effective coordination of all of the State's current data integration initiatives.
IV. Utilizes a common approach that establishes standards for business intelligence initiatives for all State agencies and prevents the development of projects that do not meet the established standards.
V. Determines costs associated with the development efforts and identifies potential sources of funding.
VI. Includes a privacy framework for business intelligence consisting of adequate access controls and end user security requirements.
VII. Estimates expected savings.
3. Inventory existing external data sources that are purchased by State agencies to determine whether consolidation of licenses is appropriate for the enterprise.
4. Determine whether current, ongoing projects support the enterprise-level objectives.
5. Determine whether current applications are scalable or are applicable for multiple State agencies or both.
b. Phase II requirements. - In the second phase, the State CIO through the GDAC shall:
1. Identify redundancies and recommend to the General Assembly any projects that should be discontinued.
2. Determine where gaps exist in current or potential capabilities.
c. Phase III requirements. - In the third phase:
1. The State CIO through GDAC shall incorporate or consolidate existing projects, as appropriate.
2. The State CIO shall, notwithstanding G.S. 147-33.76 or any rules adopted pursuant thereto, eliminate redundant business intelligence projects, applications, software, and licensing.
3. The State CIO through GDAC shall complete all necessary steps to ensure data integration in a manner that adequately protects privacy.
(2) Project management. - The State CIO shall ensure that all current and new business intelligence/data analytics projects are in compliance with all State laws, policies, and rules pertaining to information technology procurement, project management, and project funding and that they include quantifiable and verifiable savings to the State. The State CIO shall report to the Joint Legislative Oversight Committee on Information Technology on projects that are not achieving projected savings. The report shall include a proposed corrective action plan for the project.
The Office of the State CIO, with the assistance of the Office of State Budget and Management, shall identify potential funding sources for expansion of existing projects or development of new projects. No GDAC project shall be initiated, extended, or expanded:
a. Without the specific approval of the General Assembly unless the project can be implemented within funds appropriated for GDAC projects.
b. Without prior consultation to the Joint Legislative Commission on Governmental Operations and a report to the Joint Legislative Oversight Committee on Information Technology if the project can be implemented within funds appropriated for GDAC projects.
(d) Funding. - The Office of the State CIO, with the support of the Office of State Budget and Management, shall identify and make all efforts to secure any matching funds or other resources to assist in funding this initiative. Savings resulting from the cancellation of projects, software, and licensing, as well as any other savings from the initiative, shall be returned to the General Fund and shall remain unexpended and unencumbered until appropriated by the General Assembly in a subsequent fiscal year. It is the intent of the General Assembly that expansion of the initiative in subsequent fiscal years be funded with these savings and that the General Assembly appropriate funds for projects in accordance with the priorities identified by the Office of the State CIO in Phase I of the initiative.
(d1) Repealed by Session Laws 2014-100, s. 7.6(a), effective July 1, 2014.
(e) Reporting. - The Office of the State CIO shall:
(1) Submit and present quarterly reports on the implementation of Phase I of the initiative and the plan developed as part of that phase to the Chairs of the House of Representatives Appropriations and Senate Base Budget/Appropriations Committees, to the Joint Legislative Oversight Committee on Information Technology, and to the Fiscal Research Division of the General Assembly. The State CIO shall submit a report prior to implementing any improvements, expending funding for expansion of existing business intelligence efforts, or establishing other projects as a result of its evaluations, and quarterly thereafter, a written report detailing progress on, and identifying any issues associated with, State business intelligence efforts.
(2) Report the following information as needed:
a. Any failure of a State agency to provide information requested pursuant to this section. The failure shall be reported to the Joint Legislative Oversight Committee on Information Technology and to the Chairs of the House of Representatives Appropriations and Senate Base Budget/Appropriations Committees.
b. Any additional information to the Joint Legislative Commission on Governmental Operations and the Joint Legislative Oversight Committee on Information Technology that is requested by those entities.
(f) Data Sharing. -
(1) General duties of all State agencies. - Except as limited or prohibited by federal law, the head of each State agency, department, and institution shall do all of the following:
a. Grant the Office of the State CIO access to all information required to develop and support State business intelligence applications pursuant to this section. The State CIO and the GDAC shall take all necessary actions and precautions, including training, certifications, background checks, and governance policy and procedure, to ensure the security, integrity, and privacy of the data in accordance with State and federal law and as may be required by contract.
b. Provide complete information on the State agency's information technology, operational, and security requirements.
c. Provide information on all of the State agency's information technology activities relevant to the State business intelligence effort.
d. Forecast the State agency's projected future business intelligence information technology needs and capabilities.
e. Ensure that the State agency's future information technology initiatives coordinate efforts with the GDAC to include planning and development of data interfaces to incorporate data into the initiative and to ensure the ability to leverage analytics capabilities.
f. Provide technical and business resources to participate in the initiative by providing, upon request and in a timely and responsive manner, complete and accurate data, business rules and policies, and support.
g. Identify potential resources for deploying business intelligence in their respective State agencies and as part of the enterprise-level effort.
h. Immediately seek any waivers and enter into any written agreements that may be required by State or federal law to effectuate data sharing and to carry out the purposes of this section, as appropriate.
(2) Specific requirements. - The State CIO and the GDAC shall enhance the State's business intelligence through the collection and analysis of data relating to workers' compensation claims for the purpose of preventing and detecting fraud, as follows:
a. The North Carolina Industrial Commission shall release to GDAC, or otherwise provide electronic access to, all data requested by GDAC relating to workers' compensation insurance coverage, claims, appeals, compliance, and enforcement under Chapter 97 of the General Statutes.
b. The North Carolina Rate Bureau (Bureau) shall release to GDAC, or otherwise provide electronic access to, all data requested by GDAC relating to workers' compensation insurance coverage, claims, business ratings, and premiums under Chapter 58 of the General Statutes. The Bureau shall be immune from civil liability for releasing information pursuant to this subsection, even if the information is erroneous, provided the Bureau acted in good faith and without malicious or willful intent to harm in releasing the information.
c. The Department of Commerce, Division of Employment Security (DES), shall release to GDAC, or otherwise provide access to, all data requested by GDAC relating to unemployment insurance coverage, claims, and business reporting under Chapter 96 of the General Statutes.
d. The Department of Labor shall release to GDAC, or otherwise provide access to, all data requested by GDAC relating to safety inspections, wage and hour complaints, and enforcement activities under Chapter 95 of the General Statutes.
e. The Department of Revenue shall release to GDAC, or otherwise provide access to, all data requested by GDAC relating to the registration and address information of active businesses, business tax reporting, and aggregate federal tax Form 1099 data for comparison with information from DES, the Rate Bureau, and the Department of the Secretary of State for the evaluation of business reporting. Additionally, the Department of Revenue shall furnish to the GDAC, upon request, other tax information, provided that the information furnished does not impair or violate any information-sharing agreements between the Department and the United States Internal Revenue Service. Notwithstanding any other provision of law, a determination of whether furnishing the information requested by GDAC would impair or violate any information-sharing agreements between the Department of Revenue and the United States Internal Revenue Service shall be within the sole discretion of the State Chief Information Officer. The Department of Revenue and the Office of the State CIO shall work jointly to assure that the evaluation of tax information pursuant to this subdivision is performed in accordance with applicable federal law.
(3) All information shared with GDAC and the State CIO under this subdivision is protected from release and disclosure in the same manner as any other information is protected under this section.
(g) Provisions on Privacy and Confidentiality of Information.
(1) Status with respect to certain information. - The State CIO and the GDAC shall be deemed to be all of the following for the purposes of this section:
a. With respect to criminal information, and to the extent allowed by federal law, a criminal justice agency (CJA), as defined under Criminal Justice Information Services (CJIS) Security Policy. The State CJIS Systems Agency (CSA) shall ensure that CJLEADS receives access to federal criminal information deemed to be essential in managing CJLEADS to support criminal justice professionals.
b. With respect to health information covered under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, and to the extent allowed by federal law:
1. A business associate with access to protected health information acting on behalf of the State's covered entities in support of data integration, analysis, and business intelligence.
2. Authorized to access and view individually identifiable health information, provided that the access is essential to the enterprise fraud, waste, and improper payment detection program or required for future initiatives having specific definable need for the data.
c. Authorized to access all State and federal data, including revenue and labor information, deemed to be essential to the enterprise fraud, waste, and improper payment detection program or future initiatives having specific definable need for the data.
d. Authorized to develop agreements with the federal government to access data deemed to be essential to the enterprise fraud, waste, and improper payment detection program or future initiatives having specific definable need for such data.
(2) Release of information. - The following limitations apply to (i) the release of information compiled as part of the initiative, (ii) data from State agencies that is incorporated into the initiative, and (iii) data released as part of the implementation of the initiative:
a. Information compiled as part of the initiative. - Notwithstanding the provisions of Chapter 132 of the General Statutes, information compiled by the State CIO and the GDAC related to the initiative may be released as a public record only if the State CIO, in that officer's sole discretion, finds that the release of information is in the best interest of the general public and is not in violation of law or contract.
b. Data from State agencies. - Any data that is not classified as a public record under G.S. 132-1 shall not be deemed a public record when incorporated into the data resources comprising the initiative. To maintain confidentiality requirements attached to the information provided to the State CIO and GDAC, each source agency providing data shall be the sole custodian of the data for the purpose of any request for inspection or copies of the data under Chapter 132 of the General Statutes.
c. Data released as part of implementation. - Information released to persons engaged in implementing the State's business intelligence strategy under this section that is used for purposes other than official State business is not a public record pursuant to Chapter 132 of the General Statutes.
d. Data from North Carolina Rate Bureau. - Notwithstanding any other provision of this section, any data released by or obtained from the North Carolina Rate Bureau under this initiative relating to workers' compensation insurance claims, business ratings, or premiums are not public records and public disclosure of such data, in whole or in part, by the GDAC or State CIO, or by any State agency, is prohibited.
(h) Definition/Additional Requirements. - For the purposes of this section, the term "business intelligence (BI)" means the process of collecting, organizing, sharing, and analyzing data through integrated data management, reporting, visualization, and advanced analytics to discover patterns and other useful information that will allow policymakers and State officials to make more informed decisions. The term also includes (i) broad master data management capabilities such as data integration, data quality and enrichment, data governance, and master data management to collect, reference, and categorize information from multiple sources and (ii) self-service query and reporting capabilities to provide timely, relevant, and actionable information to business users delivered through a variety of interfaces, devices, or applications based on their specific roles and responsibilities. All State agency business intelligence requirements, including any planning or development efforts associated with creating BI capability, as well as any master data management efforts, shall be implemented through GDAC. The State Chief Information Officer shall ensure that State agencies use the GDAC for agency business intelligence requirements.