File #: Int 2193-2020    Version: * Name: Assessment of the feasibility of storing city agencies’ electronic data on cloud computing systems.
Type: Introduction Status: Filed (End of Session)
Committee: Committee on Technology
On agenda: 12/17/2020
Enactment date: Law number:
Title: A Local Law in relation to an assessment of the feasibility of storing city agencies' electronic data on cloud computing systems
Sponsors: Paul A. Vallone
Council Member Sponsors: 1
Summary: The proposed legislation would require the Department of Information Technology and Telecommunications to conduct an assessment of the feasibility of transferring city agencies’ electronic data to the cloud computing systems. The Department would also be required to submit a report of the results of the assessment to the Council.
Indexes: Report Required
Attachments: 1. Summary of Int. No. 2193, 2. Int. No. 2193, 3. Committee Report 12/15/20, 4. Hearing Testimony 12/15/20, 5. Hearing Transcript 12/15/20, 6. December 17, 2020 - Stated Meeting Agenda with Links to Files, 7. Hearing Transcript - Stated Meeting 12-17-20, 8. Minutes of the Stated Meeting - December 17, 2020
Date Ver.Prime SponsorAction ByActionResultAction DetailsMeeting DetailsMultimedia
12/31/2021*Paul A. Vallone City Council Filed (End of Session)  Action details Meeting details Not available
12/17/2020*Paul A. Vallone City Council Referred to Comm by Council  Action details Meeting details Not available
12/17/2020*Paul A. Vallone City Council Introduced by Council  Action details Meeting details Not available
12/15/2020*Paul A. Vallone Committee on Technology Hearing on P-C Item by Comm  Action details Meeting details Not available
12/15/2020*Paul A. Vallone Committee on Technology P-C Item Laid Over by Comm  Action details Meeting details Not available

Int. No. 2193

 

By Council Member Vallone

 

A Local Law in relation to an assessment of the feasibility of storing city agencies’ electronic data on cloud computing systems

 

Be it enacted by the Council as follows:

 

                     Section 1. Assessment of the feasibility of storing city agencies’ electronic data on cloud computing systems.

a. Definitions. For the purposes of this section, the term “department” means the department of information technology and telecommunications.

b. The department shall conduct an assessment to determine the feasibility of storing city agency electronic data at rest on cloud computing systems, rather than on physical data storage systems owned by the city.

c. No later than September 1, 2021, the department shall submit to the speaker of the council a report of the results of the assessment conducted pursuant to subdivision b of this section. Such report shall include, but not be limited to, the following:

1. an establishment of data classification categories for use with cloud computing services, including an inventory of the various data types;

2. an analysis of the feasibility and security of storing data from each data classification category on the cloud, including the legal implications, if any;

3. an analysis of the feasibility of transitioning legacy systems to utilize the cloud;

4. an analysis of any implications related to current software licenses;

5. an estimate of the costs, per unit of data, of storing, retrieving, and removing data from the average cloud computing system;

6. potential cost differentials, in both personal services and other than personal services costs, between physical data storage and cloud storage;

7. a brief analysis of the prospective cloud computing service providers, including a description of their physical principal places of business; and

8. recommendations on the requirements that a prospective cloud computing service provider should meet, such as on the physical data center location, the physical security of the data center, the deployment model of the cloud computing system, the disaster recovery strategy, the mechanics of reporting a security breach, the data duplication process utilized, the level of encryption utilized, the financial stability of the provider, the auto-deletion options, suggested auditing protocols, and any terms that a contract with a cloud computing service provider should include, such as an indemnification clause.

§ 2. This local law takes effect immediately.

 

 

IB

LS #13515; 15719

09/29/2020