Data Security Management Council

The Council consisted of the chief information officer, or the chief information officer's designee; one individual appointed by the governor; one individual appointed by the speaker of the House of Representatives and the president of the Senate from the Legislative Information Technology Steering Committee; and the highest ranking information technology official, or the highest ranking information technology official's designee, from each of: the Judicial Council; the State Board of Regents; the State Board of Education; the Utah System of Technical Colleges Board of Trustees; the State Tax Commission; and the Office of the Attorney General. Its purpose was to review existing state government data security policies; assess ongoing risks to state government information technology; create a method to notify state and local government entities of new risks; coordinate data breach simulation exercises with state and local government entities; and develop data security best practice recommendations for state government. In 2022, the law creating the Council was repealed, in favor of a new Cybersecurity Commission.