How State CDOs Can Find a Balance Between Data Sharing and Data Privacy

How State CDOs Can Find a Balance Between Data Sharing and Data Privacy

Seven in 10 Americans are concerned about how governments use the data it collects about them, according to a recent Pew Research Center survey. While this concern about data privacy is representative of a downward trend of trust in government, it also creates an opportunity to address it. By prioritizing the protection of constituents’ privacy and showcasing how data enhances public services, governments have an excellent opportunity to strengthen trust and foster a positive relationship with the public.   

State chief data officers are in a prime position to make an impact.   

These data leaders are a relatively new addition to government C-suites. In 2018, only 18 states counted a CDO among its leaders. In 2023, the number jumped to 31. Across the country, CDOs were initially responsible for establishing enterprise-wide data strategies and governance policies and improving data use.  

However, many CDOs find their role evolving from a back-office tech position to an essential mission partner. As they build data-driven organizations, they’re at the center of crucial policy decisions for data-sharing rules, artificial intelligence programs, and privacy requirements.  

Residents rightfully expect that agencies will respect their privacy and protect their personally identifiable information (PII). Lapses can have severe consequences for individuals, such as identity theft or other financial losses. Organizations face potential reputational damage. For agencies, that can mean losing the already declining trust of the public.  

State CDOs can help governments strike the right balance by designing meaningful data-sharing programs that safeguard residents’ personal information. Building privacy into data governance can do more to protect resident data than relying on cybersecurity protocols alone.  

Blog Images (1)

Look at the Big Picture Without Individual Details

State and local governments collect tremendous data about their residents, including demographics, vital statistics, education levels, employment status, and more. Analyzing the data in aggregate allows officials to spot trends and triggers that can help refine programs to benefit individuals. However, they can apply data analytics without seeing the PII of the people within datasets.   

Privacy has become a bigger worry for many constituents. According to a Publishers Clearing House Consumer Insights study of more than 45,000 adults, 86% of Americans are more concerned about data privacy and security than the economy. Almost half view data protection as the government’s responsibility.  

One strategy to work with many datasets without putting PII at risk is categorizing data attributes. By creating different buckets of data, officials can converge datasets but keep data streams that identify individuals separate.   

One set of data attributes may refer to an individual’s identifying features, such as name, date of birth, Social Security number, or driver’s license number. Other data attributes could be the government services they participate in, such as whether they receive benefits from Medicaid, food assistance programs, or unemployment. Yet another set could be trends affecting an individual, like rising unemployment or high inflation rates.  

State CDOs can keep categories of data attributes separate by creating a universal entity index. The universal entity index acts as a crosswalk table linking residents across programs, benefits, or systems without relying on names, SSNs, or other information that reveals their identity.  

This strategy allows analysts to see whether the same individual appears in multiple datasets without seeing anything that identifies who they are. For example, if officials find many unemployment recipients are eligible for other assistance but have yet to enroll, they could launch new enrollment or outreach initiatives. Robust data privacy protocols do not prevent officials from using datasets. Instead, they enable analysis and program improvements while respecting confidentiality. 

Share with Trustworth Partners

A principal responsibility of state CDOs is finding siloed data and turning it into a valuable tool for agencies. Creating a data trust is another successful strategy for enabling data-sharing platforms that respect residents’ privacy concerns.  

A data trust is a legal framework that defines the roles and responsibilities of the participants in a data-sharing relationship. A governance board establishes the rules, carefully vets members, and oversees data sharing to ensure that all participants remain in compliance. Each member certifies that they understand their duties, regardless of whether an organization provides data or consumes it.   

The Commonwealth of Virginia used a data trust to create an interagency data-sharing platform to tackle opioid use in the state. Framework for Addiction Analysis & Community Transformation (FAACT) lets law enforcement and healthcare organizations converge datasets—such as police incident reports, EMS dispatches, and hospital admissions—to respond to spikes in usage and evaluate how effective agency programs are. FAACT members see only the universal entity index, allowing them to see opioid user demographics without revealing individual identities. Even the team that manages the universal entity index follows strict access management protocols and cybersecurity controls that allow activity to be audited.   

By building data privacy into data governance, state CDOs can continue to use analytics to improve operations and services for residents while effectively protecting their privacy and honoring confidentiality. 

-Voyatek Leadership Team