Maryland Governor Creates Privacy Officer Roles

Maryland Governor Larry Hogan took steps to improve his state’s data privacy practices last week.

In two executive orders, the governor established the roles of State Chief Data Officer (SCDO) and State Chief Privacy Officer (SCPO). Though the positions have not been filled yet, Maryland’s Chief Information Security Officer, Chip Stewart, told Government Technology that a nationwide search is underway, adding that citing a need to protect the increasing amount of data collected by governments–and the rising threats being levied against those data troves:

“Privacy, security and data governance go hand in hand. If you look at events across the nation over the past few years, a consistent theme in all of these breaches is that at least some component of all three of those roles could’ve helped prevent the breach.”

What do State Chief Data and Privacy Officers do exactly? Coordinate closely with the state’s CISO to carry out the objectives of Maryland’s “Data Strategic Plan.” But the SCPO and SCDO will not report to the CISO. Stewart told Government Technology that grouping data privacy under the umbrella of cybersecurity can create a scenario where data security is prioritized at the expense of usability.

For example, the SCDO will be tasked with leveraging public health data to develop safety initiatives like combatting the state’s opioid addiction and overdose crisis, while the SCPO will work to develop policies to keep that data private and protected.

In addition to the SCPO, each of Maryland’s government agencies will be required to appoint a privacy officer and a data officer which will report to the SCPO and SCDO respectively.

Maryland’s approach to coordinated but siloed data privacy and cybersecurity functions is a posture that private organizations may consider adopting. Read more about building your governance program here.