At least 28 states have legislation pending that would require state vendors to use a software application that would track actual computer time by state vendors who bill for hours of work on computers. Monitoring by the software would include frequent screen shots and logging of key strokes, and the referred to technology is currently only being offered by one company.
An analysis by the Department of Finance and Administration in Arkansas finds that:
The provisions in this legislation create significant issues with privacy and federal regulatory compliance. It is not possible to take a screen shot every three minutes and not capture individual and personal data. Key logging software would record everything including passwords, healthcare, and other personal information with no mechanism for redaction before being recorded or stored by the tracking software.
The National Association of State Chief Information Officers has issued the following statement.
NASCIO, which represents state CIOs, opposes state legislation which would mandate contractor monitoring software because of the significant risks to citizen privacy and federal regulatory compliance concerns it could create. While NASCIO certainly supports contractor productivity, cost efficiency and successful project outcomes, legislation of this nature could introduce unnecessary risks to citizen data by essentially transferring ownership of private citizen data to a third party. This type of legislation also has the potential for unintended consequences, such as impacting a state’s cybersecurity insurance policy coverage. State CIOs inherently understand and appreciate the seriousness of protecting citizens’ data, and therefore do not support legislation that could serve to increase or introduce additional risk.
According to NASCIO, legislation has been introduced in the following states: Arizona, Arkansas, Colorado, Connecticut, Hawaii, Iowa, Idaho, Illinois, Indiana, Kansas, Louisiana, Maryland, Minnesota, Mississippi, Montana, Nebraska, New Jersey, New Mexico, Oklahoma, Oregon, Rhode Island, South Dakota, Tennessee, Texas, Virginia, Washington and West Virginia.
NASACT members should be aware that the software company seeking to have the legislation passed is billing it as an important fraud prevention and accountability tool. Your office may receive questions from your state legislators.
Questions should be directed to NASACT’s Washington Office at (202) 624-5451.