Michele Jones has been CPO in New York state for about two months. She said her appointment to the executive leadership team of the Office of Information Technology Services (ITS) signals the beginning of New York’s efforts to formalize its privacy practices.
During the NASCIO panel, Texas Privacy Officer and Assistant General Counsel Jennie Hoelscher said that five states have comprehensive privacy legislation on the books. A proposed federal law, the American Data Privacy and Protection Act (ADPPA), recently moved to the House floor, but both Hoelscher and fellow panelist Laura Gomez-Martin, Maryland CPO, are doubtful it will pass this year.
Similar to Europe’s General Data Protection Regulation (GDPR), which went into effect in 2018, ADPPA would limit what data companies collect from customers to what it deems reasonable. It would also supersede legislation in those five states that already have their own. Places like California, where an aggressive privacy protection law is in place, don’t think ADPPA goes far enough to restrict personal data collection.
Like Hoelscher and Gomez-Martin, New York CPO Jones thinks that a federal law would make protecting privacy easier. “It would certainly be helpful if we could have a uniform approach at the national level so that we could standardize on our process for the states,” she said.
In the meantime, however, Jones is working with her colleagues at ITS to adopt a privacy standard for the state and establish a strategic plan to keep New Yorkers’ data safe.
