Joint Technology Committee votes to draft bill clarifying oversight of Office of Information Technology

The Joint Technology Committee voted 3–2 to authorize drafting a bill “concerning the Office of Information Technology” after members discussed shortcomings identified in an OIT audit and debated how narrowly to write statutory fixes.

The move, approved by the Chair, Representative Haskell and Vice Chair Tatone with Senator Bazely and Representative Kelty opposed, directs legislative drafters to prepare language the committee will review before filing.

The committee’s chair said the proposal grew from yesterday’s audit and was intended to capture "low-hanging fruit" that would not expand OIT’s authority or create new programs but would codify existing responsibilities. "There are some things that came out of the audit that I think are what I would say low hanging fruit," the chair said, adding she had shared five suggested clarifications with the department.

Legislative staff explained the committee can vote to open drafting broadly and then work with bill drafters on specific language. Samantha Focal of legislative council staff told the panel: "The committee would make a motion to draft a bill," and that the wording can be refined before introduction.

Members described several specific items the draft should address: explicitly codifying the duties of the chief information security officer (CISO), requiring privileged‑access deactivation when appropriate, establishing standard operating procedures for deprovisioning accounts when staff leave, and requiring annual appearances before the legislative audit committee to improve accountability.

A committee member pressing for stronger enforcement said the legislature currently lacks effective tools to compel information from the executive branch and suggested studying other states’ approaches. "If there's no willingness to actually answer our questions under law and we have no way of compelling it, then we're gonna keep running around in circles," the member said, citing National Conference of State Legislatures material and California as an example of a jurisdiction with stronger subpoena‑enforcement penalties.

Senator Bazely raised a separate concern about shifting the Joint Technology Committee’s role from an advisory body toward a more direct oversight authority, saying the change raises statutory and historical questions about the committee’s mission. "What I believe we're doing is evolving the role of the Joint Technology Committee from being an advisory committee to having more direct oversight authority over the agencies," Bazely said.

Caroline Martin of the Office of Legislative Legal Services advised that a broadly worded motion "concerning the Office of Information Technology" would likely cover the issues members discussed. Martin asked the committee to provide contact people so drafters could follow up; she said once a draft is prepared it will return to the committee to vote on where the bill starts and who the sponsors will be.

The final roll-call vote recorded three aye votes and two no votes, with one member excused. The committee passed the motion to begin drafting by a 3–2 margin and then adjourned. The committee’s legislative staff will coordinate with members to identify contacts and the initial drafting language.