Maryland Statutes
Subtitle 3 - Information Processing and Security
Section 3A-303 - Duties of Secretary

(a)    The Secretary is responsible for carrying out the following duties:
        (1)    developing, maintaining, revising, and enforcing information technology policies, procedures, and standards;
        (2)    providing technical assistance, advice, and recommendations to the Governor and any unit of State government concerning information technology matters;
        (3)    reviewing the annual project plan for each unit of State government to make information and services available to the public over the Internet;
        (4)    developing and maintaining a statewide information technology master plan that will:
            (i)    be the basis for the management and direction of information technology within the Executive Branch of State government;
            (ii)    include all aspects of State information technology including telecommunications, security, data processing, and information management;
            (iii)    consider interstate transfers as a result of federal legislation and regulation;
            (iv)    work jointly with the Secretary of Budget and Management to ensure that information technology plans and budgets are consistent;
            (v)    ensure that State information technology plans, policies, and standards are consistent with State goals, objectives, and resources, and represent a long–range vision for using information technology to improve the overall effectiveness of State government; and
            (vi)    include standards to assure nonvisual access to the information and services made available to the public over the Internet;
        (5)    adopting by regulation and enforcing nonvisual access standards to be used in the procurement of information technology services by or on behalf of units of State government in accordance with subsection (b) of this section;
        (6)    in consultation with the Attorney General, advising and overseeing a consistent cybersecurity strategy for units of State government, including institutions under the control of the governing boards of the public institutions of higher education;
        (7)    advising and consulting with the Legislative and Judicial branches of State government regarding a cybersecurity strategy; and
        (8)    in consultation with the Attorney General, developing guidance on consistent cybersecurity strategies for counties, municipal corporations, school systems, and all other political subdivisions of the State.
    (b)    Nothing in subsection (a) of this section may be construed as establishing a mandate for any entity listed in subsection (a)(8) of this section.
    (c)    On or before January 1, 2020, the Secretary, or the Secretary’s designee, shall:
        (1)    adopt new nonvisual access procurement standards that:
            (i)    provide an individual with disabilities with nonvisual access in a way that is fully and equally accessible to and independently usable by the individual with disabilities so that the individual is able to acquire the same information, engage in the same interactions, and enjoy the same services as users without disabilities, with substantially equivalent ease of use; and
            (ii)    are consistent with the standards of § 508 of the federal Rehabilitation Act of 1973; and
        (2)    establish a process for the Secretary or the Secretary’s designee to:
            (i)    determine whether information technology meets the nonvisual access standards adopted under item (1) of this subsection; and
            (ii)    1.    for information technology procured by a State unit before January 1, 2020, and still used by the State unit on or after January 1, 2020, work with the vendor to modify the information technology to meet the nonvisual access standards, if practicable; or
                2.    for information technology procured by a State unit on or after January 1, 2020, enforce the nonvisual access clause developed under § 3A–311 of this subtitle, including the enforcement of the civil penalty described in § 3A–311(a)(2)(iii)1 of this subtitle.