CHAPTER 126-A DEPARTMENT OF HEALTH AND HUMAN SERVICES
Data Privacy and Information Technology Security Governance Board
Section 126-A:104
126-A:104 Duties. –
I. The data privacy and information technology security governance board shall:
(a) Meet at least 3 times a year and post public facing meeting minutes within 2 weeks of the completion of each meeting on the department's web page.
(b) Become educated in what data governance means, how it will work for the organization, and what it means to embrace data governance and activate enterprise data stewards.
(c) Actively promote improved data governance practices across the department.
(d) Identify and approve of pivotal data governance roles and responsibilities for the department including cross-enterprise domain stewards and coordinators.
(e) Advise, review, and approve the department's data control, governance, and privacy practices in compliance with federal and state law and federal and state information privacy and security policies, with the goal to meet or exceed private market benchmarks for governance, risk management, and compliance.
(f) Drive strategic and timely implementation of a department-wide privacy policy, related procedures and processes to operationalize policy-derived controls, and effective risk management methodologies, including industry standards such as privacy impact assessments and privacy by design.
II. The data privacy and information technology security governance board may solicit information from any person or entity the board deems relevant to its quest.