Oregon has an ethical responsibility to safeguard the privacy of its citizens’ data
Is Your Private Information at Risk?
How many times have we heard about the state’s outdated technology? Unemployment benefits were held up for months and more recently we learned that the voting system is run on outdated systems. How does this affect the security of information? The growth in information technology has made it easier to collect personally identifiable information, which puts that information at increased risk of being compromised.
Privacy is such an important topic that some states have explicit privacy protections written into their constitutions. Oregon is not one of them. Reviewing 17 sectors shows the public sector takes the second longest to detect and contain a data breach. That longer response time results in increased exposure of compromised data.
According to an audit released by the Secretary of State
, Oregon lacks a senior official responsible for managing data privacy, which increases the risk that private, personally identifiable information is not appropriately safeguarded. The findings are outlined in the report entitled: “The State Does Not Have A Privacy Program to Manage Enterprise Privacy Risk.”
State agencies collect and store personally identifiable information from virtually all Oregonians. This data includes health information, driving records, education data, and more. However, auditors found there is no statewide official charged with assessing the risks associated with processing that information and ensuring appropriate response strategies are in place.
As a result, the state has not established a privacy program to assess and respond to risk. The state has also not established guidance on incident response roles when security incidents arise that involve personally identifiable information.
“Oregon has an ethical responsibility to safeguard the privacy of its citizens’ data,” said Secretary of State Bev Clarno. “It is important that a senior official is charged with ensuring risks to data privacy are understood and addressed throughout the state.” Indeed, Clarno's Elections Director left his job
just a few weeks ago, citing lack of spending on information technology infrastructure.
Even though a data privacy manager won’t cure the outdated technology issues, it could provide some transparency to the vulnerability of private information.
|Post Date: 2020-11-18 19:55:31|