Audit: State Should Create a privacy office

The state: Oregon

Why is a state privacy office necessary?

• state agencies collect a lot of personal information
• there is no consistent statewide policy unhanding personal information
• state must ensure that privacy risks are identified and managed
• state must ensure there is a process to handle security incidents

A fragmented system relying on each agency to protect data separately falls short in protecting personal data

What does Oregon have in place? Enterprise Information Services, a statewide data and information systems agency

How many states have a single point in charge of protecting personal data? 15

Statesman Journal | Audit suggests state take this step to protect Oregonians’ personal information