I. The data privacy and information technology security governance board shall: (a) Meet at least 3 times a year and post public facing meeting minutes within 2 weeks of the completion of each meeting on the department's web page. (b) Become educated in what data governance means, how it will work for the organization, and what it means to embrace data governance and activate enterprise data stewards. (c) Actively promote improved data governance practices across the department. (d) Identify and approve of pivotal data governance roles and responsibilities for the department including cross-enterprise domain stewards and coordinators. (e) Advise, review, and approve the department's data control, governance, and privacy practices in compliance with federal and state law and federal and state information privacy and security policies, with the goal to meet or exceed private market benchmarks for governance, risk management, and compliance. (f) Drive strategic and timely implementation of a department-wide privacy policy, related procedures and processes to operationalize policy-derived controls, and effective risk management methodologies, including industry standards such as privacy impact assessments and privacy by design. II. The data privacy and information technology security governance board may solicit information from any person or entity the board deems relevant to its quest.
‹ Prev All New Hampshire sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.