While growing numbers of state governments are discovering the value of interagency data-sharing initiatives, they also are discovering that implementing these initiatives can be challenging. In integrating their data, agencies are facing legislative, privacy and technical barriers. With the right tools, support and expertise, however, these challenges can be overcome.


Creation of data-sharing policies can be time-consuming and complex, calling for the enactment of new legislation. To clear the way for data sharing in Illinois, for example, the state Legislature passed a bill creating an open data platform as well as regulatory architecture. Other states have taken similar steps before launching data-sharing initiatives.


Protecting the privacy of data and the people it is about requires protocols that those agencies sharing the data agree to follow. Establishing appropriate protocols will take research as well as an understanding of applicable state and federal laws. A variety of laws may apply, depending on the data shared and the state in which it is shared. Here are a few examples:

  • Federal HIPAA provisions protect the privacy and security of personal health information (PHI) and allow regulators to impose criminal and civil penalties for violations. If PHI is compromised in a data breach, covered entities must provide notice according to federal guidelines.[1]
  • CFR-42 restricts the disclosure and use of patients' alcohol and drug abuse records, including prognosis, diagnosis, and treatment information.[2]
  • The Federal Trade Commission (FTC) Act prohibits unfair and deceptive practices. It applies to offline and online privacy and data security policies. The FTC has brought enforcement actions against companies for failing to comply with posted privacy policies and for the unauthorized disclosure of personal data.[3]
  • The FTC also enforces the Children's Online Privacy Protection Act, which covers online collection of information from children.[4]
  • Many states also have enacted laws that protect personal data. Organizations that collect personal information online from California residents, for example, must comply with the California Online Privacy Protection Act.[5]


State agencies today use diverse database platforms. They also have diverse data models, which determine how data is captured and structured and how data elements relate to one another. The data is also likely to be varying quality.

All data integration projects, including those taking place in the private sector, face similar technical challenges. They are particularly complex when integration takes place across government agencies, because each agency historically has followed its own standards regarding data collection and design. Before an integration project gets under way, these inconsistencies will need to be remediated.

An effective strategy for establishing an integrated data platform also requires analysis, governance and technical expertise. In an upcoming blog, we'll discuss those three components in greater detail.

For more information about data sharing across state agencies, download my recent white paper:

Data Sharing Across State Agencies: Improving constituent services, enhancing policymaking and reducing costs.

About the Author

Gabriella Lively

Gabriella Lively is an IT professional with expertise in state government and the healthcare industry. She has experience in data warehousing, data engineering, data analytics, and business intelligence. Ms. Lively has helped a variety of clients utilize their existing data more efficiently to drive business planning and make more informed decisions through the integration of disparate systems and the implementation of analytic solutions to report, monitor, and predict outcomes.

[1] http://us.practicallaw.com/6-502-0467

[2] https://www.law.cornell.edu/cfr/text/42/part-2/subpart-A
[3] http://us.practicallaw.com/6-502-0467

[4] http://us.practicallaw.com/6-502-0467

[5] http://us.practicallaw.com/6-502-0467