Estimated read time: 5-6 minutes
This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.
SALT LAKE CITY — During the interim, lawmakers attempted to tackle liquor license and education budget issues, as well as Common Core standards and the many mistakes that led to the massive data breach at the Department of Health.
Questions raised by critics of the Common Core State Standards were dealt with swiftly during Wednesday's meeting of the Interim Education Committee, but opponents said the issue requires more discussion.
Committee staff were asked to give an overview of the standards to lawmakers, notably the timeline that led to Utah's adoption of the controversial education benchmarks and the legal obligations the program presents to the state.
The Common Core State Standards are a set of achievement benchmarks in mathematics and English language arts. They are voluntarily adopted, with the goal of improving college- and career-readiness among students as well as establishing a degree of educational consistency between states.
Angela Stallings, associate general counsel to the committee, said she had reviewed the agreements entered into by the State Office of Education and focused on four questions. To the first two - Can Utah withdraw from the Common Core and can Utah withdraw from the Smarter Balanced Assessment Consortium (SBAC)? - she answered yes.
To the second two - Will Utah be required to use SBAC tests and will Utah be required to disclose personal information of students? - she answered no.
Trying to get more liquor licenses
The chairman of the Legislature's Business and Labor Interim Committee said Wednesday he's working on a way to increase the number of restaurant liquor licenses available in the state. But he wants to do it without increasing the negative impacts of alcohol.
Sen. John Valentine, R-Orem, declined to be specific about what changes he'll propose at next month's meeting to alter the population-based quota system used to set limits on the number of liquor licenses.
"There are all kinds of possibilities. We haven't decided yet," Valentine said after the committee meeting, which included testimony that a major restaurant chain would open 12 steakhouses across the state if licenses were available.
The committee also heard that only one full-service restaurant license is currently available and that last month, the state Department of Alcoholic Beverage Control Commission turned away 15 applicants seeking to put beer, wine and liquor on their menus.
"There are not enough licenses for restaurants, an area where there is significant demand," Valentine said, adding he believes he can balance public safety concerns with the economic development benefits that more licenses will bring.
Filling the $25 million education budget error
State Superintendent of Public Instruction Larry Shumway tried to explain Wednesday what caused a $25 million accounting error in the state education budget and how similar problems will be avoided in the future.
"We apologize," Shumway told the Education Interim Committee, speaking on behalf of the State Office of Education. "We're sorry it happened."
Shumway said the error was the result of a mathematical formula in an Excel spreadsheet referencing the wrong cell to calculate the state's weighted pupil units. That inaccurate figure was then used for a per-pupil funding estimate that resulted in public education being underfunded by the Utah Legislature.
Jonathan Ball, director of the Office of the Legislative Fiscal Analyst, said his office works cooperatively with the State Office of Education in determining the amount of funding necessary for student growth, but added that an oversight failure exists in the calculation of the weighted pupil unit. He suggested that a long term solution to avoid similar errors would be for his office to make its own weighted pupil estimate to compare to the office of education — a practice his office has already begun.
Multiple 'mistakes' led to massive health data breach
New details of what went wrong in a costly health information data breach emerged Wednesday, and for the first time, the man fired over the matter spoke up about the increasing difficulty of his former job.
"There has been a huge increase in the number of attacks against state systems — about a 600 percent increase in the last four months — and it is always a difficult challenge to make sure that you have adequate resources there to make sure the attacks are turned away," said Stephen Fletcher, who was director of the state's Department of Technology Services until he was asked to resign on Tuesday.
Fletcher said he agreed with the governor's decision and takes full responsibility for the security breach, as it "took place under my watch."
Mark VanOrden, who was appointed to take over the department, told lawmakers in the Public Utilities and Technology interim committee meeting Wednesday that more than one human error is to blame for the health information of nearly 800,000 Utahns falling into untrusted hands.
"Two, three or four mistakes were made," VanOrden said, adding that it is hard to expect employees to memorize at least 100 pages of policy. "Ninety-nine percent of the state's data is behind two firewalls, this information was not. It was not encrypted and it did not have hardened passwords."
Utah's Medicaid Management Information System, which receives eligibility inquiries and billing information from providers, was not protected by a firewall as it was upgrading on March 10, when hackers in Eastern Europe first gained access to the state server.
That server was also installed by an independent contractor more than a year ago, which is not typical protocol for the department, VanOrden said. A process to ensure that new servers are monitored and a risk assessment performed prior to use was not followed, and factory-issued default passwords were still in effect on the server, which is also not "routine."
The final "mistake," he said, is that information stayed on the server for too long and while it was there, it was not encrypted, leaving it vulnerable to hackers who began downloading the sensitive information March 30.
Contributing: Benjamin Wood, Lisa Riley Roche, Wendy Leonard
