Enhancing citizen trust privacy and data security is step one

GROWTH IN DIGITAL CITIZEN INFORMATION

Citizens are demanding state and local governments and educational institutions to secure their most valuable personally identifiable information (PII). These organizations store data about constituents, including SocialSecurity numbers (SSNs), driver’s licenses, tax returns, health and school records, voter registration databases and more.

As agencies and educational institutions continue to offer new and valuable digital services to citizens, the vast amount of data collected and stored increases exponentially. Protecting this information has become a toppriority for government and educational CIOs.

In the 2022 Public Sector Identity Index, conducted by AuthO and Market Connections, the vast majority of government entities surveyed indicated that they are considering expansion of their digital services in the next two years. With these expanded service offerings, organizations expect rapid growth in constituent data they will be held accountable for. As a result, these same government entities consider protecting citizen’s privacy and data one of their most critically important priorities.

A 2021 Deloitte survey of improving trust in state and local government revealed that individuals who are pleased with a state government’s digital services tend to rate the state highly in measures of overall trust. Citizens had a very positive view of state agencies when they felt that digital services were easy to use, web-based services helped them accomplish their needs, and the government safeguarded their data securely. At the same time, when citizens found digital services difficult to use or inadequate, their trust of the state government agency was significantly lower. These results suggest a reasonable correlation between citizens’ digital experiences and their general confidence in the government.

DATA PROTECTION PRIORITIZATION

As expectations and demand for digital services increases, so does the need to protect privacy to ensure citizen information is secure. Government agencies and educational institutions must follow the highest standard of privacy due to the amount of sensitive information that is collected. Besides the associated costs of a data breach, government entities run the risk of fines associated with non-compliance, potential lawsuits and most importantly the loss of citizen’s trust.

State and local governments, as well as education institutions, are gatekeepers for critical records – voter, tax, school, financial and more. Because of the enormity of the information contained within these organizations, it is not a surprise they have become a focal point of attack and a security risk for constituents.

GOVERNMENT REGULATIONS

Privacy laws and directives enacted by state and local governments provide guidance on protecting citizens’ data. Many of these laws have been enacted in just the past several years, as cybersecurity threats and attacks against the government have increased¹.

In the education sector, the Family Educational Rights and Privacy Act (FERPA), a federal law that protects the privacy of student education records, applies to all colleges and universities that receive funds under an applicable program of the U.S. Department of Education. It’s essentially the education market’s version of the Health Insurance Portability and Accountability Act (HIPAA) – another legislative measure aimed at protecting privacy.

Adhering to privacy laws and regulations adds a layer of complexity to the information management function, providing significant challenges for government and educational institutions.

As cybersecurity threats and attacks against the government have increased¹:

AT LEAST 32 - of these states require by law that their agencies have measures implemented to ensure the protection of their systems and stored data¹.

AT LEAST 35 - have enacted laws that require private and governmental entities to destroy, dispose, or make personal information unreadable or indecipherable.

PROTECTING CITIZENS’ PRIVACY

As the expansion of customer data continues to grow, this presents an attractive opportunity for cyber criminals seeking to steal and sell data for profit as well as use illegally acquired data to breach sensitive networks, disrupt critical infrastructure, or deploy denial-of-service attacks.

Protecting PII and maintaining citizens’ trust has never been more critical for government and educational institutions. Since PII can be stored anywhere, on unused servers and mobile devices, in file cabinets, or even in the backseat of a car of a remote employee, it requires a significant focus by these organizations to attempt to mitigate lost or stolen data. State and local agencies and educational institutions are facing a barrage of attack vectors — from network intrusions to lost or stolen records or devices to simple errors made by employees — with the real possibility of exposing constituents’ personal data.

¹ National Conference of State Legislatures link

Download the whitepaper to learn more or talk to a representative of Iron Mountain Government Solutions at sled@ironmountain.com.