IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

What Is Government's Responsibility When a Breach Hits?

Alaska’s inaugural CISO Shannon Lawson and CIO Bill Vajda weigh in on what government should do in the event of a cyberincident.

From left, Alaska Chief Information Security Officer Shannon Lawson and Chief Information Officer Bill Vajda
AUSTIN, Texas — Some of the criticism of Equifax's handling of its recent data breach centered around the time that passed between when the company first became aware of the incident and when the news got out months later. CIOs at the annual NASCIO conference in Austin this week offered their takes on the fallout from the breach. 

"It's something that shakes all organizations to the core, government in particular," said Alaska CIO Bill Vajda. 

But what are the rules when it comes to notifying customers that their data has been exposed?

"Communication is really important when you're talking about breaches or incidents," said Lynne Pizzini, Montana chief information security officer (CISO), in an interview with Government Technology. "I believe organizations really do need to have a very firm plan on how they're going to carry out any type of notification after an incident."

Vajda, joined by Alaska's newly named (and first ever) CISO Shannon Lawson, explained the responsibility of the public sector when a cyberincident takes place.

Noelle Knell is the executive editor for e.Republic, responsible for setting the overall direction for e.Republic’s editorial platforms, including Government Technology, Governing, Industry Insider, Emergency Management and the Center for Digital Education. She has been with e.Republic since 2011, and has decades of writing, editing and leadership experience. A California native, Noelle has worked in both state and local government, and is a graduate of the University of California, Davis, with majors in political science and American history.