Three Maryland IT officials now report to governor and CIO
Three Maryland technology officials — the state’s chief privacy officer, chief data officer and chief information security officer — now report both to Gov. Wes Moore and statewide Chief Information Officer Katie Savage, who’s also secretary of the Department of Information Technology.
Officials said the change, which happened July 1, will improve coordination ahead of new generative artificial intelligence projects.
The change in reporting structure follows the hire in May of Natalie Evans Harris as the Maryland’s first statewide chief data officer and a successful trial with the state CISO Gregory Rogers serving inside both the governor’s office and IT department simultaneously, a DoIT spokesperson told StateScoop. The spokesperson said the change is hoped to foster collaboration among the state’s senior technology officials.
Maryland Chief Privacy Officer Caterina Pangilinan said reporting to both the governor and state CIO will help her build out her office and how it communicates data-privacy best practices to other agencies.
Many state privacy officials have told StateScoop that data-privacy policies are crucial before adopting AI policies. Maryland is already making moves on AI — in January, Moore signed an AI executive order that set guardrails for the ethical integration of AI into state government work.
‘Align our resources’
Pangilinan said she oversees 29 agency privacy officers, with whom she meets monthly. The resources of DoIT and its Office of Security Management, she said, will help improve and streamline her communication strategy to the agencies — a key part of the chief privacy officer role.
“Part of the reason [for the change] is so that we can align our resources, communication and get some efficiencies so that we’re not doing a lot of rework, or asking agencies to have the same thing done three separate times,” Pangilinan said.
One of these efficiencies, she said, includes reducing the redundancy of security impact assessments, accessibility assessments and privacy impact assessments conducted by the IT department. And soon, she said, the state will add AI assessments.
“Rather than having all of our separate assessments, we’re putting them all together, so that you only see what the system is once — you only see what the intent is once,” she said. “And if, say, there is no AI component, then that module falls out. You don’t have to do that module. Or if there’s no [personally identifiable information], then you don’t have to do the privacy impact.”
‘Where are the gaps?’
Evans Harris, the state’s new chief data officer, said she’ll help the IT department bridge the space between the data protection practices led by the CISO with the data privacy practices led by Pangilinan. Having a unified technology presence within government will better position the state to implement any new AI solutions.
“I don’t think anybody will question — I hope not — that any AI solution and gen AI solution that is developed and deployed requires trust in the data that feeds it,” Evans Harris said. “As we look at [AI] use cases … we all get to talk about, well, what data is ready to actually support that solution? Where are the gaps? Where are the investments we need to make to make sure that we as a state are ready to leverage gen AI and other innovations as they come up.”
She added that the tech leadership team will regularly consult with Nishant Shah, Maryland’s senior adviser for responsible AI.
Savage, the statewide CIO, said the change will help the leaders better manage outreach to agencies and allow them more influence on gubernatorial policies.
“The State’s operations must be built on the critical pillars of data, privacy, and security,” Savage wrote in an email. “In structuring these roles as dual reports to the Governor’s Office and the Maryland Department of Information Technology, we ensure the highest level of visibility into needed policy and governance reforms that promote the responsible and productive use of technology while providing these Officers with boots-on the-ground resources to drive and implement our products and services.”
