IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Pennsylvania Proposal Would Make CIO a Cabinet Position

Following the lead of Nevada and other states, two state senators say they will introduce a bill giving the state CIO a seat at the cabinet table. The move comes amid growing concerns about cybersecurity.

Some of the least prepared governments, such as Pennsylvania, have repeatedly struggled to balance budgets, even as the economy has recovered.
(David Kidd)
Pennsylvania’s state CIO could get a bigger role and spotlight — and presumably more responsibility for cybersecurity — under a proposal floated by at least two state senators there.

They want to make the CIO into a cabinet-level position.

Other states, including the recent addition of Nevada, have already elevated their CIOs to cabinet status, though not all of those officials directly report to their governors, according to a National Association of State CIOs report.

The Pennsylvania proposal, from senators Kristin Phillips-Hill, R-York, and Tracy Pennycuick, R-Montgomery/Bucks/Berks, has not yet been crafted into a bill. But the idea underscores how important the state CIO has become as public agencies embrace better technology.

“The proposed move aims to enhance the management of critical data, including birth and death records, tax information, criminal lab and evidence data and health records,” reads a statement from the two senators. “Recognizing the necessity for swift decision-making in the ever-evolving tech landscape, the senators support providing the CIO with autonomy, aligning with the successful approach adopted by more than half of states nationwide.”

The proposal comes as state lawmakers investigate “a massive data loss” that hit state police evidence logs and the State Employees’ Retirement System.

The statement said that the administration of Gov. Josh Shapiro, a Democrat, spent $530,000 on an “IT crisis firm” to handle the fallout of that data breach. News reports indicate that state senators are frustrated with the lack of details from the administration about the incident, with Pennycuick saying more hearings are forthcoming.

“The sheer growing scope of responsibility that the chief information officer is tasked with alone warrants (elevation) to the cabinet level,” Pennycuick said in favor of the new proposal. “This move will give the officer more flexibility to ensure that state government is on the cutting edge of the latest information technology.”

Meanwhile, state lawmakers also are looking into other cybersecurity failures.

The official memorandum that Pennycuick and Phillips-Hill submitted in advance of their bill — they said legislation will be introduced in the “near future” — says that more than half of state CIOs have cabinet-level status with “authority over a department, office or agency solely responsible for IT services.”

As for NASCIO, the group has no formal position on CIO reporting structures, “as we have seen CIOs experience great success in many models,” Meredith Ward, NASCIO’s deputy executive director, told Government Technology via email. “However, executive-level support is extremely important regardless of where a CIO sits.”