wa-law.org > bill > 2025-26 > SB 6164 > Original Bill
The legislature finds that Washington technology solutions (WaTech) exists to serve as a strategic, centralized information technology partner for state agencies, enabling better service delivery to Washingtonians, achieving cost savings through shared services, and ensuring uniform information technology standards across government. It provides these services to enhance transparency, efficiency, and the overall effectiveness of government operations through the appropriate use of technology.
[Empty]
Given that technological innovation and new uses of data can help Washingtonians solve societal problems and improve quality of life, the legislature intends to shape responsible public policies where innovation and protection of individual privacy coexist and provide for the confidentiality of identifying personal information.
The legislature further intends to strengthen and enhance the protection of the information submitted to Washington technology solutions to provide information technology services.
The definitions in this section apply throughout this chapter unless the context clearly requires otherwise.
"Agency" means Washington technology solutions.
"Board" means the technology services board.
"Cloud computing" has the same meaning as provided by the special publication 800-145 issued by the national institute of standards and technology of the United States department of commerce as of September 2011 or its successor publications.
"Customer agencies" means all entities that purchase or use information technology resources, telecommunications, or services from Washington technology solutions.
"Digital experience platform" includes the agency's online systems, applications, or websites through which people find, access, interact with, or manage government services.
"Director" means the state chief information officer, who is the director of Washington technology solutions.
"Enterprise architecture" means an ongoing activity for translating business vision and strategy into effective enterprise change. It is a continuous activity. Enterprise architecture creates, communicates, and improves the key principles and models that describe the enterprise's future state and enable its evolution.
"Equipment" means the machines, devices, and transmission facilities used in information processing, including but not limited to computers, terminals, telephones, wireless communications system facilities, cables, and any physical facility necessary for the operation of such equipment.
"Information" includes, but is not limited to, data, text, voice, and video.
"Information security" means the protection of communication and information resources from unauthorized access, use, disclosure, disruption, modification, or destruction in order to:
Prevent improper information modification or destruction;
Preserve authorized restrictions on information access and disclosure;
Ensure timely and reliable access to and use of information; and
Maintain the confidentiality, integrity, and availability of information.
"Information technology" includes, but is not limited to, all electronic technology systems and services, automated information handling, system design and analysis, conversion of data, computer programming, information storage and retrieval, telecommunications, requisite system controls, simulation, electronic commerce, radio technologies, and all related interactions between people and machines.
"Information technology portfolio" or "portfolio" means a strategic management process documenting relationships between agency missions and information technology and telecommunications investments.
"K‑20 network" means the network established in RCW 43.41.391.
"Local governments" includes all municipal and quasi-municipal corporations and political subdivisions, and all agencies of such corporations and subdivisions authorized to contract separately.
"Oversight" means a process of comprehensive risk analysis and management designed to ensure optimum use of information technology resources and telecommunications.
"Proprietary software" means that software offered for sale or license.
"Public agency" means any agency of this state or another state; any political subdivision or unit of local government of this state or another state including, but not limited to, municipal corporations, quasi-municipal corporations, special purpose districts, and local service districts; any public benefit nonprofit corporation; any agency of the United States; and any Indian tribe recognized as such by the federal government.
"Public benefit nonprofit corporation" means a public benefit nonprofit corporation as defined in RCW 24.03A.245 that is receiving local, state, or federal funds either directly or through a public agency other than an Indian tribe or political subdivision of another state.
"Public record" has the definitions in RCW 42.56.010 and chapter 40.14 RCW and includes legislative records and court records that are available for public inspection.
"Public safety" refers to any entity or services that ensure the welfare and protection of the public.
"Ransomware" means a type of malware that attempts to deny a user or organization access to data or systems, usually through encryption, until a sum of money or other currency is paid or the user or organization is forced to take a specific action.
"Security incident" means an accidental or deliberative event that results in or constitutes an imminent threat of the unauthorized access, loss, disclosure, modification, disruption, or destruction of communication and information resources.
"State agency" means every state office, department, division, bureau, board, commission, or other state agency, including offices headed by a statewide elected official.
"Telecommunications" includes, but is not limited to, wireless or wired systems for transport of voice, video, and data communications, network systems, requisite facilities, equipment, system controls, simulation, electronic commerce, and all related interactions between people and machines.
"Utility-based infrastructure services" includes personal computer and portable device support, servers and server administration, security administration, network administration, telephony, email, and other information technology services commonly used by state agencies.
State agencies and local governments that collect and enter information concerning individuals into electronic records and information systems that will be widely accessible by the public under RCW 42.56.010 shall ensure the accuracy of this information to the extent possible. To the extent possible, information must be collected directly from, and with the consent of, the individual who is the subject of the data. State agencies shall establish procedures for correcting inaccurate information, including establishing mechanisms for individuals to review information about themselves and recommend changes in information they believe to be inaccurate. The inclusion of personal information in electronic public records that is widely available to the public should include information on the date when the database was created or most recently updated. If personally identifiable information is included in electronic public records that are made widely available to the public, state agencies must follow retention and archival schedules in accordance with chapter 40.14 RCW, retaining personally identifiable information only as long as needed to carry out the purpose for which it was collected. At least once every five years, each agency that collects information must review the information collected and justify why it is being collected and for what purpose.
Information submitted to the agency for the purpose of providing information technology related to digital experience platform services is exempt from public disclosure and copying under chapter 42.56 RCW.
The following personal information is exempt from public inspection and copying under this chapter: