Determined to thwart cyber attacks, the Board of Supervisors voted to establish strict security standards for confidential and sensitive information handled by Los Angeles County contractors and subcontractors. It is the first in the nation to take such comprehensive step in data protection.
The new policy comes just months after Los Angeles County encrypted all 88,392 of its desktop computers.
Supervisor Mark Ridley-Thomas authored the motion that prompted both of those efforts to safeguard personally identifiable information and protected health information.
“Efficient, reliable, useful, modern, quality and secure Information Technology systems are a critical component of good government,” he said. “Our security and quality safeguards need to keep up with the increasing cyber-security threats.”
County Chief Executive Officer Sachi Hamai recommended the new policy, saying it “reduces our overall risk of a data breach.”
Sophisticated encryption software and tools will add security layers to protected Personally Identifiable Information, which includes social security numbers, names, home addresses, phone numbers, credit card numbers and biometric records. It will also secure Protected Health Information, which applies to data about a person’s physical or mental health condition as recorded by a healthcare provider, health plan, public health authority, employer, life insurer, school and other entities.
Over the years, Supervisor Ridley-Thomas has put in motion several efforts to upgrade and secure the County’s Information Technology systems, including:
• requiring regular audits for IT safety
• consolidating 49 separate data centers into one centralized location
• creating a centralized electronic health record system for the Departments of Health, Public Health, Mental Health and Public Safety; and
• fostering accountability and transparency by creating a state-of-the-art Open Data website where residents can access information ranging from restaurant ratings to crime statistics to county expenditures.