States push feds to 'harmonize' cybersecurity regulations in 2018
January 19, 2018
New advocacy priorities released by the National Association of State Chief Information Officers shows a continued push for simplified regulations.
NASCIO has launched the first in a series of reports to show states how to craft high value data-sharing agreements.
Jason Shueh is a tech editor at StateScoop with a specialty for civic tech and smart city news. His articles and writing have covered numerous subj...
To get better data in the hands of decision-makers, the National Association of State Chief Information Officers has published a new report that offers CIOs a few guidelines on data-sharing agreements between agencies.
The NASCIO report, released today, is the first in a series, and is designed to cultivate internal and state-to-state data sharing that improves services, detects fraud and waste, and embeds an evidence-based approach to the decision-making process. The other aim is to ensure data sharing generates value and doesn't create unintended problems in areas such as privacy.
Ohio CIO Stu Davis, who serves as co-chairman of the NASCIO Data Management Working Group, said that because of the sensitive nature of state data — some may contain non-public data sets — the right terms of agreement are often critical to protect both states and their residents.
"Terms should be clearly specified and must align with an established set of principles that guide information sharing," Davis said in a release. "The intent is rather simple — let's make sure decision makers have the information they need to reach the outcomes for our citizens that we're trying to achieve."
Among the report's 11 recommendations, NASCIO advised states to "establish a discipline" for drafting data sharing agreements to ensure the agreements are aligned with a state's data management policies. Another suggestion was for states to create agreement templates based on policies and to periodically review their agreements to check that they remain relevant with compliance issues, changing needs and security and privacy regulations.
Indiana provided one of the use cases cited in the 23-page report. To qualify for federal disaster mitigation funding through the Federal Emergency Management Agency (FEMA), the state had to have emergency management plans that included a quantified risk analysis of its lands and resources. Indiana collaborated with its 92 counties to create an agreement for sharing state parcel and address data. The geospatial data agreement served as a backbone for the the risk analysis and eventually qualified the state for federal mitigation funding.
Indiana CIO Dewand Neely, the other co-chairman of the NASCIO working group, said the initiative is one of many that has helped the state. They need to be regularly monitored and updated to drive value, he said.
"We have hundreds of data sharing agreements that must be managed proactively." Neely said. "We need to provide for periodic review to determine if an agreement should be terminated, or revised based on business needs."