SENATE HEALTH AND PUBLIC AFFAIRS COMMITTEE SUBSTITUTE FOR

SENATE BILL 452

56th legislature - STATE OF NEW MEXICO - first session, 2023

 

 

 

 

 

 

 

AN ACT

RELATING TO BROADBAND; AMENDING, REPEALING AND ENACTING SECTIONS OF THE DEPARTMENT OF INFORMATION TECHNOLOGY ACT; AUTHORIZING THE LEASE OR SALE OF BROADBAND INFRASTRUCTURE AND THE PROVISION OF CYBERSECURITY, INFORMATION TECHNOLOGY AND TELECOMMUNICATION NETWORK SERVICES; PROVIDING FOR ADMINISTRATIVE HEARINGS; CLARIFYING THE BASES FOR SOME SERVICE RATES; PROVIDING DEFINITIONS; AMENDING SECTIONS OF THE BROADBAND ACCESS AND EXPANSION ACT; REQUIRING REPORTING BY SOME INTERNET SERVICE PROVIDERS; ESTABLISHING CONDITIONS FOR LEASE OF THE STATE-OWNED BROADBAND NETWORK.

 

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF NEW MEXICO:

     SECTION 1. Section 9-27-3 NMSA 1978 (being Laws 2007, Chapter 290, Section 3, as amended) is amended to read:

     "9-27-3. DEFINITIONS.--As used in the Department of Information Technology Act:

          A. "agency", unless otherwise specified, means executive branch cabinet agencies and their administratively attached agencies, offices, boards and commissions;

          B. "cybersecurity" means acts, practices or systems that eliminate or reduce the risk of loss of critical assets, loss of sensitive information or reputational harm as a result of a cyberattack or breach within an organization's telecommunication network;

          [A.] C. "department" means the department of information technology;

          [B.] D. "information technology" means computer hardware, [and software and ancillary products and services, including:

                (1) systems design and analysis;

                (2) acquisition, storage and conversion of data;

                (3) computer programming;

                (4) information storage and retrieval;

                (5) voice, radio, video and data communications;

                (6) requisite systems;

                (7) simulation and testing; and

                (8) related interactions between users and information systems] storage media, networking equipment, physical devices, infrastructure, processes and code, firmware, software and ancillary products and services, including:

                (1) systems design and analysis;

                (2) development or modification of hardware or solutions used to create, process, store, secure or exchange electronic data;

                (3) information storage and retrieval systems;

                (4) voice, radio, video and data communication systems;

                (5) network, hosting and cloud-based systems;

                (6) simulation and testing; and

                (7) interactions between a user and an information system;

          [C.] E. "information technology project" means the purchase, replacement, development or modification of a hardware or software system;

          [D.] F. "secretary" means the secretary of information technology;

          [E.] G. "state information architecture" means a logically consistent set of principles, policies and standards that guides the engineering of state government's information technology systems and infrastructure in a way that ensures alignment with state government's business needs;

          [F.] H. "state information technology strategic plan" means the information technology planning document for the state that spans a three-year period; and

          [G.] I. "telecommunication network" means the physical and logical components and all associated infrastructure used in transporting, routing, aggregating and delivering voice and data information from computer and telecommunications systems in one location to peer systems in another."

     SECTION 2. Section 9-27-6 NMSA 1978 (being Laws 2007, Chapter 290, Section 6, as amended by Laws 2017, Chapter 7, Section 2 and by Laws 2017, Chapter 45, Section 2) is amended to read:

     "9-27-6. SECRETARY--DUTIES AND GENERAL POWERS.--

          A. The secretary is responsible to the governor for the operation of the department. It is the secretary's duty to manage all operations of the department and to administer and enforce the laws with which the secretary or the department is charged.

          B. To perform the secretary's duties, the secretary has every power expressly enumerated in the laws, whether granted to the secretary or the department or any division of the department, except where authority conferred upon any division is explicitly exempted from the secretary's authority by statute. In accordance with these provisions, the secretary shall:

                (1) exercise general supervisory and appointing authority over all department employees, subject to any applicable personnel laws and regulations;

                (2) delegate authority to subordinates as the secretary deems necessary and appropriate, clearly delineating such delegated authority and the limitations thereto;

                (3) organize the department into those organizational units the secretary deems will enable it to function most efficiently, subject to provisions of law requiring or establishing specific organizational units;

                (4) within the limitations of available appropriations and applicable laws, employ and fix the compensation of those persons necessary to discharge the secretary's duties;

                (5) take administrative action by issuing orders and instructions, not inconsistent with the law, to ensure implementation of and compliance with the provisions of law for whose administration or execution the secretary is responsible and to enforce those orders and instructions by appropriate administrative action in the courts;

                (6) conduct research and studies that will improve the operations of the department and the provision of services to state agencies and the residents of the state;

                (7) provide courses of instruction and practical training for employees of the department and other persons involved in the administration of programs with the objective of improving the operations and efficiency of administration;

                (8) prepare an annual budget of the department;

                (9) provide cooperation, at the request of heads of administratively attached agencies, in order to:

                     (a) minimize or eliminate duplication of services and jurisdictional conflicts;

                     (b) coordinate activities and resolve problems of mutual concern; and

                     (c) resolve by agreement the manner and extent to which the department shall provide budgeting, recordkeeping and related clerical assistance to administratively attached agencies; [and]

                (10) appoint for each division a "director". These appointed positions are exempt from the provisions of the Personnel Act. Persons appointed to these positions shall serve at the pleasure of the secretary; and

                (11) acquire, hold and maintain, through lease, trade or purchase, any real or personal property necessary to meet customer requirements or department obligations, including obligations of administratively attached offices or bodies.

          C. As the chief information officer, the secretary shall:

                (1) review executive agency plans regarding prudent allocation of information technology resources; reduction of duplicate or redundant data, hardware and software; and improvement of system interoperability and data accessibility among agencies;

                (2) approve executive agency information technology requests for proposals and other executive agency requests that are subject to the Procurement Code, prior to final approval;

                (3) promulgate rules for oversight of information technology procurement;

                (4) approve executive agency information technology contracts and amendments to those contracts, including emergency procurements, sole source contracts and price agreements, prior to approval by the department of finance and administration;

                (5) develop and implement procedures to standardize data elements, determine data ownership and ensure data sharing among executive agencies;

                (6) verify compliance with state information architecture and the state information technology strategic plan before approving documents referred to in Paragraphs (2) and (4) of this subsection;

                (7) monitor executive agency compliance with its agency plan, the state information technology strategic plan and state information architecture and report to the governor, executive agency management and the legislative finance committee on noncompliance;

                (8) develop information technology cost recovery mechanisms and information systems rate and fee structures of state agencies and other public or private sector providers and make recommendations to the information technology rate committee;

                (9) provide technical support to executive agencies in the development of their agency plans;

                (10) ensure the use of existing public or private information technology or telecommunications resources when the use is practical, efficient, effective and financially prudent and is in compliance with the Procurement Code;

                (11) review appropriation requests related to executive agency information technology requests to ensure compliance with agency plans and the state information technology strategic plan and make written recommendations by November 14 of each year to the department of finance and administration and by November 21 of each year to the legislative finance committee and the appropriate interim legislative committee; provided, however, that the recommendations to the legislative committees have been agreed to by the department of information technology and the department of finance and administration;

                 (12) promulgate rules to ensure that information technology projects satisfy criteria established by the secretary and are phased in with funding released in phases contingent upon successful completion of the prior phase;

                (13) provide oversight of information technology projects, including ensuring adequate risk management, disaster recovery and business continuity practices and monitoring compliance with strategies for information technology projects that affect multiple agencies;

                (14) conduct reviews of information technology projects and provide written reports to the appropriate legislative oversight bodies;

                (15) conduct background checks on department employees and prospective department employees that have or will have administrative access or authority to sensitive, confidential or private information or the ability to alter systems, networks or other information technology hardware or software; and

                (16) perform any other information technology function assigned by the governor.

          D. As the chief information officer, the secretary may:

                (1) upon the advice and recommendation of the director of the office of broadband access and expansion pursuant to the provisions of the Broadband Access and Expansion Act, make available by lease or sale at the department's established rates on a competitively neutral basis such state-owned broadband network infrastructure or internet service that would con