Efforts to reform state government by creating a Department of Administration may get a much-needed boost from the Department of Revenue computer hacking.
At least two groups of lawmakers are working on Department of Administration bills to streamline state government and make it more efficient by creating a new department under the direct control of the governor.
Both bills are expected to include provisions to increase oversight over state agencies’ computer systems to ensure private information is kept out of the wrong hands.
However, some legislators are expressing concern about placing more of state government under the direct control of Gov. Nikki Haley, noting the Department of Revenue and other state agencies that recently have fouled up already are under her direct control.
State officials said Oct. 26 that 3.6 million personal income tax returns filed since 1998 were compromised by an international computer hacker. Haley later said up to 657,000 business filings also were exposed. Subsequently, state officials said another 200,000 individual tax returns also had been compromised.
Experts say it may be the largest cyber-attack against a state tax department in the nation’s history.
“We tend to do restructuring in South Carolina only after there’s a crisis or some kind of scandal, which makes sense to some degree, but it’s reactionary instead of proactive. That is unfortunate,” said state Sen. Shane Massey, R-Edgefield, who is working on a Department of Administration bill with state Sen. Vincent Sheheen, D-Kershaw. “But the situation with the Department of Revenue may be just the incentive we need to do more oversight.”
Massey and Sheheen’s bill is likely to include yet-to-be-determined ways to streamline the computer systems used by state agencies and ensure common security standards.
It also will include the creation of a position of a chief information officer for the state. That person would set security protocols for the state agencies, such as encrypting information and limiting access to certain information, and report directly to the governor.
“It doesn’t make sense that each agency operates its own computer system,” Massey said. “The Department of Revenue certainly needs a secure system but so does the Department of Motor Vehicles, the Department of Transportation, the Department of Health and Human Services. This may be a chance to do something strong and better for all of state government.”
Currently, no central oversight authority exists that dictates computer system requirements for state agencies, said Lindsey Kremlick, spokeswoman for the Budget and Control Board. In most cases, agencies independently manage their own information technology, including data, applications, security and infrastructure. Each agency determines the type of information technology it utilizes based on its own business needs.
Sheheen, who has been working to pass a Department of Administration bill for several years, said the hacking is hurting his efforts to convince fellow lawmakers to vote for a new Department of Administration.
That is because the new department would be under direct control of the governor, just as the Department of Revenue was when it was hacked.
Other Cabinet agencies, also under the direct control of Haley, also have had problems, including:
• A state employee inappropriately gained access to personal information for more than 228,000 Medicaid beneficiaries at the Department of Health and Human Services earlier this year.
• The Department of Employment and Workforce goofed and improperly doled out $86.2 million in unemployment payments last fiscal year, representing nearly 18 percent of all claims paid, it was revealed in January.
“This puts us at a disadvantage,” Sheheen said. “Some are asking me what’s the point of giving the governor the authority if you won’t have any more accountability?”
Sheheen said his response is that a creating a Department of Administration, particularly including the creation of a state chief information officer, increases security.
“It’s a good idea to have a CIO who could set protocol for all the agencies,” Sheheen said. “It would create better coordination and more likelihood that the agencies would be uniform.”
Last year, the Department of Administration, a key agenda item for Haley, failed to pass the Senate on the final day of the session because some senators did not want Haley to have the victory.
Haley still is determined to get the reform passed — but is more suspect than ever of some of the players, particularly Democrat Sheheen, who only narrowly lost the 2010 governor’s race to Haley.
“We appreciate Senator Massey, who fought tremendously hard for this bill last year,” said Rob Godfrey, Haley’s spokesman. “Surprising that Senator Sheheen has taken an interest, being that if he had voted for the bill last year, it would already be law and we wouldn’t have to talk about it this year.”
Godfrey added: “The Department of Administration bill that died on the floor of the Senate last year would have allowed us to take a strategic approach to IT security, so its passage sure would have been helpful.”
Also working on a Department of Administration bill is state Rep. Garry Smith, R-Greenville, who sponsored the bill that passed the House last year.
Smith said he hopes to draft a bill similar to the one that passed the House last year, including the creation of a state chief information officer.