As federal agencies find themselves awash in data collected through far-flung cloud, mobile and sensor-enabled IT systems, the CIO has a pivotal role to play in establishing sound governance structures.
"I think it is the CIO's ultimate responsibility to ensure that the data is accessible and that it's secure," Todd Simpson, CIO at the Food and Drug Administration, said during a recent panel discussion hosted by Federal News Radio.
"Ultimately accountability really comes back to the CIO," adds Maria Road, CTO at the Department of Transportation.
But what those governance policies should look like, and how to define the roles of various leaders throughout the organization, can be harder challenges to solve.
Data ownership remains top issue
Despite the White House mandates to move toward open, machine-readable data, a culture of siloed, proprietary data ownership that runs counter to the ethos of openness and shared assets persists in many agencies.
"You know how government works," says Ann Dunkin, CIO at the Environmental Protection Agency. "Folks in those stovepipes feel like they own that data."
Data ownership -- perhaps the crux of the governance challenge -- has proved a thorny issue that can create friction between the IT division and business units, or between one fiefdom within the agency and another.
So with data piling up in all corners of the government, it's no wonder that more agencies are creating positions with titles like chief data officer, often talked of as the newest role in government IT. The Department of Transportation hired a data chief last summer, as part of a series of "steps to get our arms around the governance," Roat explains.
Federal IT insiders only expect that trend to continue as the data keeps rolling in and agencies devise new ways to glean insights from an increasingly valuable asset.
"It's very clear that data is the lifeblood of government," says Melvin Greer, senior fellow and chief strategist at Lockheed Martin, the largest IT vendor serving the federal government.
But the EPA's Dunkin highlights the challenges that face the CIO in playing a coordinating role that balances the security and privacy concerns of maintaining large stores of data with ensuring that that information remains available and useful to the business lines of the agency.
"It's pretty similar in all the agencies, so the CIO has responsibility for data in general, so overall that responsibility resides with the CIO," Dunkin says.
"There's a component related to security, so the CISO has a tremendous amount of responsibility for making decisions about how secure a particular dataset needs to be in consultation with the folks in the program who own that data, who collect that data, who manage the systems. And finally our privacy officer obviously ... weighs in," she adds. "Both privacy and security again roll right up to the CIO, but there are others within the agency who have authority and responsibility to implement those things, so our privacy folks our security folks and then the programs are all looking at that data together to determine how secure it should be, what the risks are, where it should be stored."