Prepared for:
CHECO ConferenceHB-1364 Act & Council
Overview
Office of the State Chief Information Officer
2
HB 08-1364 Overview
HB 08-1364 – creation of an interdepartmental data protocol to enable data sharing across agencies for more effective policy-making.
Roots in Governor’s P-20 Education Coordinating Council
Ability to analyze longitudinal data for a variety of purposesMirrors the State’s needs as an enterprise to analyze and determine effectiveness of policies, programs, and resource allocation
Protocols and Procedures to be used in:Collecting dataStoring dataManipulating dataSharing dataRetrieving dataReleasing data
3
1364 Council
Mission is to provide guidance, policies, and procedures for implementing a data sharing architecture across the State enterprise that will achieve the stated goal and objectives of HB 08-1364.
1364 Council Participants – includes executive branch agencies that collect unit records
And others determined necessary by State CIOState, Judicial, LawCommittee representation – DGWG, STRAC
Dedicated Program Manager and Data Architect
4
1364 Council Scope
August 21, 2008 – February 26, 2009Bi-monthly meetings
Unit Records – Records regarding Individuals
Baseline As-Is: one major application per agency (more if possible)SystemDataComplianceProcedures and Governance – leverage work of DGWG Data Sharing – leverage success and lessons learned of current & failed state data sharing initiatives
Benchmark similar work in up to 5 other States
Controls to protect privacy of citizen data
Develop To-Be recommendations
Work with pilot application – State Traffic Records Advisory Committee (STRAC)
5
HB 08-1364 Objectives
Understand and document the data captured, stored and maintained by all State Executive
Branch Agencies;
Understand and document the policies and statutes that currently govern the privacy of
information held by all State Executive Branch Agencies;
Develop an architecture for the development of the data protocol, including data
normalization, identity resolution, and source data authority;
Develop recommendations and identify associated costs for a full implementation of the data
protocol;
Establish the circumstances under which a state agency may release data to a political
subdivision, a nongovernmental entity or an individual;
Develop a governance structure, including processes and procedures, to be used by state
agencies for sharing information with another state agency, with a political subdivision, or
with a nongovernmental entity or an individual;
Establish the format in which a state agency may release data to a political subdivision, a
nongovernmental entity or an individual; and to,
Ensure personal privacy and the protection of personal information.
6
Project Deliverables
Templates and procedures to capture all agency baseline data - done
A comprehensive reporting structure to store and maintain the reported agency baseline data
– in development
A report with the recommendations and strategy to be delivered to the State Chief
Information OfficerSuggested technical architecture and approach
Cost analysis
Timeline for implementation
Recommended governance structure
Policies and procedures to achieve data sharing
Identified statutory/regulatory changes necessary to the success of the data sharing protocol
Other recommendations as needed to facilitate objectives – e.g., data governance process, organization
structure changes, etc.
Final report to be delivered to Governor and Legislature
by State CIO
7
Communications & Subcommittee Structure
1364 Council Communication ToolsSharePoint portal: https://securityportal.isoc.state.co.us/1364 OIT website: www.colorado.gov/oit
Key Initiatives section
Subcommittees - To expedite and facilitate discussion of objectives and
decisioningTechnical – Mike Armbruster (CDOT), Chair
Business – Guy Mellor (CDOT), Chair
Legal – Susan Lin (AG), Chair
8
Subcommittees
9
Technical Subcommittee
Understand and document the data captured, stored and maintained by all State Executive
Branch Agencies;
Develop an architecture for the development of the data protocol, including data
normalization, identity resolution, and source data authority;
Develop recommendations and identify associated costs for a full implementation of the data
protocol;
Establish the format in which a state agency may release data to a political subdivision, a
nongovernmental entity or an individual.
Work with Business and Legal Subcommittees on the following:Does the recommended approach meet business-side needs?
Will in work within the existing structure that exists today? If not, what are recommended changes?
Does the recommended approach meet legal, compliance and privacy requirements?
10
Business Subcommittee
Understand policies and statutes that currently govern the privacy of information held by all State Executive
Branch Agencies;
Understand and document major data sharing initiatives happening today among State Executive Branch
Agencies;
Develop a governance structure, including processes and procedures, to be used by state agencies for
sharing information with another state agency, with a political subdivision, or with a nongovernmental entity
or an individual;
Benchmark the work of up to 5 other states in this area;
Assist Technical and Legal Subcommittees with the following:Develop an architecture for the development of the data protocol, including data normalization, identity resolution, and
source data authority
HELP RESOLVE BUSINESS-SIDE ISSUES
Develop recommendations and identify associated costs for a full implementation of the data protocol
ARE RECOMMENDATIONS REALISTIC?
IS THE TIME FRAME REALISTIC?
WHAT ARE THE POTENTIAL RISKS/ISSUES WITH THE RECOMMENDED APPROACH?
Are the legal, compliance and privacy needs of the agencies being met?
IF NOT, IDENTIFY GAPS
ASSIST IN IDENTIFICATION OF POTENTIAL STATUTORY/REGULATORY CHANGES THAT MAY NEED TO BE
MADE (IF POSSIBLE)
11
Legal Subcommittee
Understand and document the policies and statutes that currently govern the privacy of
information held by all State Executive Branch Agencies;
Establish the circumstances under which a state agency may release data to a political
subdivision, a nongovernmental entity or an individual;
Ensure personal privacy and the protection of personal information.
Assist the Technical and Business Subcommittees with the following:Identify existing statutory/regulatory changes or interpretations that may need to happen (if possible) to
facilitate the implementation of HB-1364.
Does the recommended technical approach stay within Federal and State legal, compliance and privacy
requirements?
Does the recommended governance structure stay within State legal, compliance and privacy
requirements?
12
Baseline Inventory – Systems and Data
13
Taking Inventory of information to formulate the basis for data sharing.
Platform: Hardware, OS Software, Virus Software, network, etc. Application information Database: Database management system Data Elements: Begin the Data dictionary Targeting 1 primary system containing unit data from each agency.
What are we doing?
14
Leverage the work already completed in the government sector
Primary reference models
The Federal Enterprise Architecture1 (FEA)
National Information Exchange Model2 (NIEM)
Adhere as close as possible to the Federal Enterprise ArchitectureFocus on the Data Reference Model3 (DRM) for the unit data elements. Include data component information from the National Information Exchange Model as appropriate.
1 References in this document to the FEA are to FEA Consolidated Reference Model Document Version 2.3 October of 2007.2 References to NIEM include the Introduction to the National Information Exchange Model (NIEM) February 12, 2007, Requirements for a NIEM Information Exchange Package Documentation Specification 2.1 Draft. 3 References in this document to the DRM are to the Data Reference Model Version 2.0 November 17, 2005
What is the approach for gathering the information?
What is the approach?
15
Federal Enterprise ArchitectureFederal Enterprise ArchitectureA Framework for communication.
Purpose: to facilitate cross-agency analysis, duplication, gaps, opportunities for collaboration.
Goal: Better management, communication through common framework and vocabulary.
Method: Five FEA Reference Models
Input Tool: Excel Spreadsheet
What is the FEA?
16
Colorado is standardizing on a best-practice models The FEA is a complete model with specific guidelines for managing sensitive dataNIEM has completed work on Information Exchange PackagesProvides Colorado with compatibility with the Federal GovernmentMany states have adopted the FEA and DRMIt is a relatively mature modelBuild on work done by the Data Governance Working Group
1 References in this document to the FEA are to FEA Consolidated Reference Model Document Version 2.3 October of 2007.
Why the Federal Enterprise Model and NIEM?
Why the FEA?
17
Agency Input: 1.Each agency will create a copy of the Unit Information Data Element Definitions spreadsheet, populate it with information from their primary application that accepts/processes unit data, and upload it to the SharePoint site.. 2.Each agency will copy the System Inventory spreadsheet and populate the copy with information from their primary application that accepts/processes unit data.
Upload: We will upload this data to a DBMS for analysis by the subcommittee. This will give us a base from which to determine how much modeling and transformation work will be needed.
Baseline Data Collection Process
Work is already underway and due by October 30th
18
Questions
[email protected] or 303-866-6280
Next meeting: Sept. 18th
Time: 11 am – 1 pm
Location: CDE, 1560 Broadway