As privacy, data protection, and data governance continue to be key topics of board room conversation across the globe, many states have introduced--or passed--legislation to protect their citizens and state agencies from the loss of sensitive or personal data. In Texas, Senate Bill (SB) 475, passed in 2021, requires Texas state agencies and institutions of higher education to implement sound data management, security, and data governance processes throughout their departments. Governor Greg Abbott signed Senate Bill 475 into law and the Department of Information Resources (DIR) was tasked with heading this effort to ensure all departments comply.
While SB 475 addresses many new requirements around networks and security, it also requires that all state agencies and institutions with greater than 150 employees appoint a data management officer (DMO). This DMO can be an existing full-time employee or a new hire, although the law does not provide additional funding for the new position. It is the expectation of DIR that this individual has the competency, capability, and authority to guide and direct the agency toward a more mature data governance program. SB 475 Sec.2054.137 outlines several duties of the DMO, including:
This requirement of a data maturity assessment is continued, in Sec. 2054.515 of SB 475:
For many state agencies and institutions, the concept of data governance may be new, and perhaps a bit abstract. Additionally, many agencies and institutions employ a federated model for data management that can make data governance a challenge. In higher education, for example, central campus administration typically has very little insight into research data being held at the college of business, making it difficult to understand the institution’s complete data footprint. In the near term, DIR has adopted the posture that incremental growth is acceptable since there is a reduced window for conducting the first assessment, which is due to the DIR on November 15, 2022.
Data governance is not a new concept, and there are many frameworks and tools available that can help your department assess and remediate gaps in your program. P&N Data Governance and Privacy professionals take a risk-based approach to this assessment to understand your areas of least capability with the highest potential risk for loss, miscategorization, duplication, or data corruption. Most data governance frameworks have a dozen or more domains, so just getting started can be daunting task.
P&N has helped large Texas state institutions assess their current data governance and data management posture against best practice frameworks. We work closely with internal audit, compliance teams, data management officers, and institution leadership to identify key risk areas and provide a road map to a more mature data governance program. Our assessment methodology leans heavily on the standards leveraged by TAC-202. We can help you grow in incremental compliance with SB 475, better understand your data footprint, and reduce duplication of activities across your agency or institution. Contact us for help assessing how SB 475 may impact your organization, and for support throughout the compliance process.