IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Pennsylvania Legislation Looks to Codify State IT Office

If passed by the state’s Legislature, the proposal would cement the Office of Information Technology within the Office of Administration – formalizing in law what started as an executive order in 2004.

Pennsylvania Capitol
Pennsylvania Capitol
Shutterstock/Jon Bilous
Pennsylvania lawmakers have proposed a bill to codify the state’s Office of Information Technology within the Governor’s Office of Administration.

The office has operated within the Office of Administration (OA) through an executive order since 2004.

According to state CIO John MacMillan, “SB 482 is the latest version of legislation that has been introduced in recent years to codify the office and certain responsibilities into statute.”

“OA has met with members of the General Assembly and testified at multiple hearings about the proposed legislation,” MacMillan said via email. “We are committed to continuous improvement in the delivery of information technology services to the agencies we support.”

Sen. Kristin Phillips-Hill explained that security concerns were the origin of this iteration of the bill. In July, the state suffered a data breach involving Insight Global, a third-party vendor responsible for COVID-19 tracing on behalf of the state’s Department of Health.

“We had no idea it even happened,” Phillips-Hill said. “It turns out people’s sensitive information was on Google spreadsheets just floating around on the Internet.”

Some of that sensitive information included individuals’ COVID-19 statuses, counties of residence, gender identities, age, date of birth and other personal health information.

In addition to security concerns, modernizing the state’s IT system and operations would also be addressed within the bill.

“What we have proposed to do is to update and modernize our state’s full IT system, instead of what we have come to learn is more of a siloed or piecemeal approach where every agency gets a set amount of money and spends it as they see fit,” Phillips-Hill said.

Overall, she said, the legislation will put in place measures that will continue to improve state IT while protecting citizens’ sensitive information. But the legislation might also protect the IT office from politically motivated changes.

“It’s not one size fits all,” said Center for Digital Government* Executive Director Teri Takai. “The challenge with an executive order is that a new administration coming in can either decide to override that executive order or write another executive order, which means for the legislature that it almost becomes at the whim of the governor’s office.”

On the flip side, if the office is enforced via statute, things can still be changed, but it would require a legislative vote, essentially making the office more difficult to eliminate.

Takai also pointed to the visibility and decision-making authority that comes with reporting directly to the governor.

“The big pros of having it report to the governor is that it’s got direct visibility,” Takai said. “If the governor’s office is interested in technology, it gives that chief information officer more standing.”

The bill was re-referred to the Senate Appropriations Committee in November.

*The Center for Digital Government is part of e.Republic, Government Technology’s parent company.

Editor's note: This story has been changed to more accurately reflect the language of the legislation.
Katya Diaz is a staff writer for Government Technology. She has a bachelor’s degree in journalism and a master’s degree in global strategic communications from Florida International University.