In recent years, state legislators have intensified their focus on data privacy legislation aimed at creating safer and more secure online experiences. But what impact might these efforts have on the public sector and how can government agencies best prepare?
Paul Hopingardner, CIO of Travis County, Texas, and Bryan Langley, senior fellow at the Center of Digital Government* and former senior vice president of defense development at Indiana Economic Development Corp., answered these questions last week during a webinar organized by Government technology.
Generally, legislation in this space aims to protect sensitive information about individuals, including employees or voters, explained event host Deb Snyder, a senior fellow at the Center of Digital Government and former CISO of New York State.
One of the most important things to understand, Hopingardner explained, is that the size of government can have a significant impact on how it views and responds to an issue like data privacy.
For example, large organizations tend to recognize risk management, confidentiality and other similar concepts, he said. However, small organizations sometimes struggle to apply these concepts, especially in states where there may not be laws regarding them.
Langley agreed, adding: “I think a lot of it is about managing risk, especially in vendor relationships and vendor management, to make sure where your data is going and who it really is. responsible.”
“It also involves being informed about what you have, where you have it and where it is going,” Langley said. “With that in mind, recognizing that there is a patchwork of guidelines for states, counties and cities, it can be difficult to determine what is the only thing we should be thinking about, and I think that is inherently the how to manage your risks.”
Regarding privacy, Snyder asked attendees to share their general views on the topic regarding state government organizations and how they manage associated risks.
For Hopingardner, the answer was twofold. “As I look at the patchwork of laws across the United States, I would like to see more federal legislation because that would give us the groundwork.” However, he added, privacy sometimes seems disconnected, leading to a management mentality as you go.
“We add a privacy officer under the same umbrella as risk, and then the same group is with the chief information security officer,” Hopingardner explained. “My goal is to try to keep them very closely aligned with each other in these conversations and hopefully provide us with a better way to navigate this.”
Langley, meanwhile, reiterated the importance of knowing how data is used and shared.
“When you show up for work, you imagine having some sort of tax custody of your assets when you log on,” Langley said. “But when you start using multiple technologies, you don’t know who’s getting that information, who’s the provider, or where your data is going.”
Langley added that having some level of opt-in consent or data minimization is helpful when working through various channels and technologies.
According to Langley, states should consider two areas when it comes to data privacy. The first relates to data control measures and the second to external influences.
“I think a lot of that will come down to data controls and the influence of individuals trying to work with the state legislature to see where we’re going with data privacy,” he said. declared. “There will just be a lot of external influence on states and legislatures from different sectors, but I believe that the states and the federal government are creating more of an overall structure to address these issues.”
Hopingardner, on the other hand, highlighted the need for comprehensive data governance.
“What you need to recognize and understand is where your data is, who controls it, and that sort of thing,” Hopingardner said. “If organizations don’t fully understand their current processes or how their data is managed and stored, it could be difficult to implement data loss prevention.”
Challenges associated with identity, privacy and other technologies were also discussed during the webinar.
“The most important thing is your consent, governance and data minimization,” Langley said. “What do we need to flesh out specifically for a business or government, especially if you’re working with a vendor?” What will they do with the information you provide? »
“I’m also thinking of technologies like facial recognition from a homeland security perspective; you have multiple groups that exchange information. But where does it go? How is it used?” he added.
Another area to consider is stronger assessment and identification analyses. Ultimately, it’s about making sure information is available, while being transparent and communicative about ongoing issues and how to resolve them, Langley said.
“I think a lot of it is more robust identity assessment, and I think a lot of it is analytics,” Langley said. “It’s also about making sure you’re getting information to the right people at the right time so they understand what kind of government structure might be in place and what kind of standardization needs to be implemented.
*The Center for Digital Government is part of e.Republic, Government technology head quarter.