CHARLESTON, W.Va. – Gov. Jim Justice signed Executive Order No. 3-17 on Thursday, May 18, 2017, which directs the West Virginia Board of Risk and Insurance Management (BRIM) to protect personally identifiable information, including protected health information, collected and maintained by Executive Branch agencies. It also directs the Chief Technology Officer (CTO), who oversees the West Virginia Office of Technology, to conduct cyber risk management oversight in the identification, analysis and decision making process to ensure cyber security protections.
As part of the Executive Order, BRIM will maintain the State Privacy Office, which was previously organized under the Department of Health and Human Resources’ Health Care Authority, and will be responsible for issuing privacy policies, providing awareness and conducting assessments. A Privacy Management Team will be maintained, comprised of appointed representatives from all Executive Branch department-level organizations.
“Incorporating the State Privacy Office into the organization of BRIM is an efficient and logical blending of core functions since BRIM already exists to protect the state against risks and has been instrumental in enabling West Virginia to be one of the first states to administer cyber-liability insurance for its government agencies,” said Cabinet Secretary John Myers of the Department of Administration. BRIM and the Office of Technology are organizationally structured under the Department of Administration.
The CTO is empowered by the Order to develop and oversee a Cyber Security Program, which will encompass a Cyber Security Team to inform strategy and advance governance, create technology focused workgroups to conduct cyber security training, issue cyber security policies and baselines indicating minimum levels of cyber security protection, and conduct or oversee cyber security risk assessments.
“The importance of protecting our state’s systems against cyber security threats is crucial. The CTO will heighten his organization’s role in providing more outreach to our employees and citizens to ensure awareness against these risks,” Secretary Myers added.
Click
here to see the signed Executive Order 3-17 for additional information.