This report is the result of a survey of 20 state chief privacy officers in the spring of 2022 and is an update to the previous survey in 2019. The report covers how the role is structured, the background of state CPOs, challenges, resources needed and more. We also offer recommendations for states looking to create or build on the CPO role.
The sixth biennial Deloitte-NASCIO Cybersecurity Study reflects insights from all 50 states and 1 territory on the CISO’s role and budget, governance, reporting, workforce and operations. The CISOs filled out this year’s survey in May/June 2020—an unprecedented time as the world adjusted to the impact of the COVID-19 pandemic. State governments responded by moving their enterprise operations, services and employees to a virtual environment, and the study captures COVID-19’s impact on state cyber posture to the extent visible during the early response to the pandemic.
2020 is a year that has undoubtedly been defined by the COVID-19 pandemic. In this eleventh annual state chief information officer (CIO) survey, we received the perspective of 47 state and territory CIOs on the extraordinary and unprecedented challenges they faced this year. In addition to directly addressing the issues and lessons learned by CIOs in responding to the pandemic, we also received updates from CIOs on many of the traditional topics covered by the survey, including CIO organization business models, digital government, adoption of cloud and emerging technologies and state and local collaboration. As might be expected, there was not a single topic area where the pandemic did not impact state CIO experiences in some way. The continuing work to address the immediate challenges of COVID-19 and to prepare for the long-term impacts to state and citizen work and personal lives is reflected throughout this year’s survey.
Annual Conference interview on pressing privacy issues with Ted Cotterill, Chief Privacy Officer, Indiana.
Compared to a private company or even any other level of government, the need to focus on privacy at the state level is significant. The amount of personal information citizens provide to their state outweighs anything a citizen provides to any one company. Because of this, we have seen number of states who have hired a chief privacy officer increase rapidly over the last several years. This NASCIO research provides a snapshot of the state chief privacy officer position, the background of CPOs, what they do in their roles, how the role is administratively structured and their advice for states interested in creating the position.
This webinar covered the findings of the 2018 Cost of a Data Breach study and how states are preparing for and responding to data breaches.
The brief, a joint project between NASCIO’s Cybersecurity Committee and Data Protection Working Group, explains why a risk based cybersecurity approach is the most beneficial to state government data. When states take a risk based approach they improve operational efficiency, assessments are more accurate, attack surfaces are reduced and decision making is improved. As the brief states, taking an enterprise mentality brings together previously silo-based security and IT tools and allows for ongoing and continuous data monitoring and assessing.
Government is using more data than ever in rendering services to citizens, yet government has few tools to enforce privacy rules or considerations and can’t simply hire enough to meet the demand for expertise. After consulting with academic and legal experts form the privacy community in Seattle, the state’s Chief Privacy Officer, Alex Alben, retained a software firm to create a web application which returns relevant search requests based on the intended use of personal information in a product or service.
NASCIO, Grant Thornton LLP and CompTIA have collaborated for a seventh consecutive year to survey state government IT leaders on current issues, trends and perspectives. New service delivery models, innovative technology solutions, and rising customer expectations all require state CIOs to adapt continually to changing circumstances. We asked state CIOs to share their perspective on a number of topics, with a particular focus on the continued evolution of the CIO as a broker of shared services, on the IT workforce challenges facing CIOs, and on the use of data management and analytics at an enterprise level. These topics all involve CIOs looking into the future and adapting their strategies and plans to address a state IT and business environment that is becoming ever more complex. Cybersecurity, cloud solutions, mobility, procurement, cross-jurisdictional collaboration and privacy represent other high priority topics covered in the survey.
States are finding that the “Internet of Things” (IoT) can improve efficiency, reduce waste and connect citizens to state services in faster and more affordable ways. But with that value comes vulnerability. States must consider security, privacy, accessibility and standardization when crafting a roadmap for IoT. This policy brief describes ways that states are currently implementing IoT, possibilities for the coming years, and recommendations on avoiding difficulties along the way.