IT Legislative Lookback: Where Are They Now?

Supposition about upcoming tech legislation is one thing, but looking back at which bills are succeeding and which aren't paints an interesting picture of just where states stand on big IT issues.

At Government Technology, we talk a fair amount about what is coming around the legislative corner in states around the country. While some of the proposals we focus on succeed and ultimately become law, others wither and die on the vine.

From preparing for the seemingly inevitable onslaught of autonomous vehicles on U.S. roadways to reworking the physical structure of state IT agencies, lawmakers use their proposals to highlight what they see as important priorities.   

Looking back at the landscape and taking stock of these successes and failures can be a good indicator of the overall health of a state’s IT environment. In this retrospective piece, you’ll find the status of many of the bills we looked at earlier in 2017.

Autonomous Vehicle Testing on California Roads:
California Senate Bill 145 aims to amend the state’s vehicle code to streamline the application process for autonomous vehicle (AV) testing. The bill would eliminate the requirement for the Department of Motor Vehicles to notify the Legislature upon receipt of AV testing application on public roadways. Additionally, the proposal eliminates the 180-day delay of the application prior to approval. As it currently stands, the bill passed, as of May 4, and is being reviewed by the Assembly’s Committee on Transportation, as of May 18. A similar bill in the Assembly, Assembly Bill 87, seems to have lost steam as of March 20.

Like California, lawmakers in Texas have been eyeing AV testing on public roadways throughout the state. On May 20 the House tentatively approved legislation that would allow manufacturers to test driverless vehicles on public roads with the requirement they meet federal and state safety standards and carry liability insurance.  

Privacy and Security in Washington: In Washington, House Bill 1421 was proposed as a means to remove sensitive payment information from state data systems. Under the proposal, payment information would need to be handled and retained by a third party. The effort, which was reintroduced via resolution April 24, was returned to the House Rules Committee for a third reading. If successful, agencies currently storing payment data would have until July 1, 2020, to remove applicable data from state systems. The last day of the regular legislative session was April 23; the special session convened April 24.

Alabama IT Gains Autonomy:
Senate Bill 219 brought Alabama’s Office of Information Technology (OIT) out from under the umbrella of the state’s Department of Finance. After some coordination between OIT Secretary Joanne Hale and her finance counterparts, the IT agency was granted autonomy May 9 when Gov. Kay Ivey signed the bill into law. While the change doesn’t come with a host of new power, it represents what Hale described to Government Technology as part of the evolution process of state IT. The newly minted law will officially go into effect Oct. 1, 2017, though the agency has already been operating under its new charge for the last several months through an interagency agreement.

Florida IT Agency Escapes Legislative Assault to Autonomy: House Bill 5301 was launched out of a House subcommittee in late March, with the intention of kneecapping and rebranding the Agency for State Technology (AST). The proposal not only would have taken away the IT agency’s authority over the state’s data center, but also would have crippled the enterprise structure, allowing data center customer agencies to unilaterally move to cloud solutions. Though state officials and industry leaders spoke out against the proposal — spearheaded by Rep. Blaise Ingoglia, R-District 35 — it moved along the legislative process tied to the state’s budget. After some negotiation, AST was able to solidify its funding, saving it from the legislative assault. The attempt to restructure and/or defund the agency is just one of a handful of attempts in recent years.   

Private-Public Partnerships in Montana: Efforts to codify new rules around public-private partnerships throughout the state fell short after Senate Bill 335 failed on April 28. The proposal would have opened the door to the use of the partnerships as an alternative means to other procurement methods through state and local government. Though the legislation would have allowed public-private partnerships in a number of arenas, it would have also allowed state and local entities to pursue tech-centric projects. The legislation was initially proposed in November 2016. The last day of the legislative session was April 27.

Reduced Barriers for Telemedicine in Texas: A bill reducing the restrictions on telemedicine passed the Texas Legislature May 18. Senate Bill 1107 allows medical professionals to establish the doctor-patient relationship via electronic/audiovisual means, while holding them to the same standards as an in-person encounter. Under the legislation, the requirement that approval is sought before telemedicine services can be reimbursed has been removed, as has the stipulation that a so-called "telepresenter" be present with the patient at the time of the appointment. The governor is expected to sign the legislation.  

Getting Tougher on Cybercrime: In Texas, House Bill 9, which would stiffen penalties around malicious disruption of computer networks, is with the Senate awaiting a vote after passing in the House April 13. Under the terms of the proposal, felony sentences could be applied to network disruption and the use of malware or ransomware for profit. 

Though similar in overall objective, Vermont’s House Bill 474, has not moved since Feb. 24. Like Texas’ version, the bill aimed to stiffen the penalties associated with cybercrime. 

Minnesota’s slightly more focused anti-cybercrime proposal, HB 817, would have applied incremental penalties to hackers interfering with point-of-sale terminals, ATMs and gas pumps. The last action on the legislation was March 9, when amendments were made and it was rereferred to the Committee on Public Safety and Security Policy and Finance for review.

Washington Codifies Biometrics Laws: Gov. Jay Inslee signed two pieces of legislation relating to biometric identifiers on May 16. Under House Bill 1493, companies must receive consent before being allowed to collect customers' biometric data for commercial purposes. Key examples of biometric data are iris scans or heartbeat identifier data. Similarly, House Bill 1717 requires state agencies to obtain constituent consent before collecting biometric data. The new rule applies to data like iris scans, facial geometry, fingerprints and DNA, though law enforcement agencies are exempt from the collection of fingerprints and DNA and are subject to other guidelines.

Eyragon Eidam is the Web editor for Government Technology magazine, after previously serving as assistant news editor and covering such topics as legislation, social media and public safety. He can be reached at