Recording:

This is the Peers In Public Records Podcast with Jen Snyder, brought to you by GovQA.

Jen Snyder:

Thank you for joining us today on our PIP, our index with GovQA. I am thrilled to be joined today by Rita Reynolds, the CIO from NACo. And we are hoping today that we can bring to the table some great conversation around best practices in the government space, especially as it focuses on our counties today. And we also want to make sure that we can talk about what the 2022 priorities are going to be. And what’s changed? What’s staying the same, from last year to this year? This upcoming year, I should say.

Jen Snyder:

So we’re hoping that you’re going to walk away with some ideas on how you can improve your organization’s processes today, and goals, and as well as prepare for what seems to be important to the counties today, for 2022.

Jen Snyder:

Rita, thank you for joining us. If you want to take a second to say hello to our audience?

Rita Reynolds:

Sure. Thank you so much for having me. I appreciate the opportunity to speak with you, Jen, and on behalf of the National Association of Counties, and really on behalf of our county IT leaders. I’ve been with NACo quite a while, but I’ve also worked in local government for decades. And I’ve had the pleasure to work with so many different county IT leaders across the United States. So it’s very near and dear to my heart when it comes to technology and the challenges and opportunities that are before us even yet today and into the future. So thank you for having me.

Jen Snyder:

Yes. Thank you. So why don’t we start with a little bit of a focus on what the priorities are for 2022, and then we’ll tie in our best practices as we see those appropriately fitting into what some of these priorities are. And I know, from a priority perspective, you guys have quite a big list for next year.

Rita Reynolds:

We do. And it’s building off of the existing list that we used in 2021. And the list comes from not just my thinking of what’s important, but listening and hearing what county IT leaders have to say, and also our elected officials as it pertains to technology.

Rita Reynolds:

Of course, I would be remiss to not start with cybersecurity. Cybersecurity services across the board are very necessary and needed, and is an ever-evolving landscape when it comes to the cyber attacks that counties are faced with. So that is a priority. And I know we’re going to delve into that a little bit more here, in a bit.

Rita Reynolds:

But also IT leadership, talent recruitment and retention is extremely important now, even more so than it was before, because of something you and I talked about previously, and that’s the great resignation, of what this year is being called and into next year. A lot of our staff in many industries is taking a step back and saying, “What do I want to do for over the next 10 years?” And they’re leaving their positions that they’re in. And that’s making it even harder for local government, because some are leaving the positions, some are going to other organizations more so than they were before.

Rita Reynolds:

Of course the entity within NACo that I work with, we call it the NACo Tech Xchange. It’s a network of networks which connects county IT leaders is a priority. We have over 700 members and we’re continuing to grow that. More specifically though with counties and their priorities is data governance. That’s very critical and even more so, and actually we’ll pertain to some of the questions that you’re going to present here in a little bit. But we only are as good as what we know and where that data is.

Rita Reynolds:

And it’s not as simple as it was 20 years ago when it was in a file cabinet. Broadband is another focus or another priority. Cloud adoption, for sure, as counties continue to move to a managed solution in the cloud. And then rural and smaller county technologies support. Many of our counties more so than not are in a rural area are small in size, but they still have the same problems to deal with. So we have some projects that are going to be coming up in 2022 to help address that and provide additional resources. So I’ll stop there. There’s one or two other things, but these are the main priorities that we will be focusing on in 2022 on behalf of counties.

Jen Snyder:

So Rita, when you talk about cybersecurity, I know there’s a couple of things that you and I have talked about.

Jen Snyder:

One being the need for cloud-based solutions, data governance, multifactor authentication. Those seem to be some areas that are really going to be important as we move forward. And it seems to be something that is also affecting our counties financially, because if they don’t adopt these things and put some some processes and some products in place, they risk the fact that they’re going to pay more in insurance than they do today, or have been doing.

Jen Snyder:

Is that correct?

Rita Reynolds:

That it is correct. We are definitely seeing a lot of conversation, both from the counties as well as insurance providers. And it has to do with the fact that when you look at what’s called the actuarial reports, there’s decades of that type of information for auto and property and casualty, but there’s not for cyber. And what you’re seeing in recent years is the increase in cyber attacks and the increase in ransomware. And the insurance industry is trying to course correct, which makes complete sense.

Rita Reynolds:

The other part of it is that insurance industry recognizes that the risk will go down if certain basic priorities, cyber protections are in place, especially with local government. So they’re requiring that now where they weren’t requiring certain things before. Multifactor authentication is number one. And if you’re listening today as a county and you haven’t come up to your insurance renewal, I would encourage you to start having the conversation because that’s what you’re going to hear. Your premiums are going up with cyber insurance. And even if you have multifactor in place, they’re still going to go up, but they’re going to go up a whole lot more depending on what you have in place there. And if you don’t have multifactor in place at all, there are a number of insurance providers that are saying, “We’re not going to even provide the coverage.” So that creates a very difficult situation if you’ve had cyber insurance up until this point.

Rita Reynolds:

I would say as well that secure end user is important in that realm. And lastly, ongoing and frequent education on cyber best practices. Those are the three that I’ve heard repeatedly are showing up in those forms that you fill out for cyber insurance applications.

Jen Snyder:

Excellent. And I can attest to that. I know our organization ourselves have to go through very formal training every single year and have it authenticated by a third party to make sure that, we, as as an organization are following the rules that we say are in place for our software and the way we behave with it.

Rita Reynolds:

Absolutely.

Jen Snyder:

So when we talk about the cyber issues, and obviously one of the big things that was on your list was cloud adoption and bringing everything out to the cloud, which can add some additional layers of security if done correctly.

Jen Snyder:

But what that also does is adds a level of assistance to your retention schedules. I know when people are still using paper files and they’re in boxes and file cabinets, it’s very hard to go back and manage a retention schedule. But when you start to level in digitized documents and software and the cloud itself, you really have an opportunity to build on those retention schedules. And as much as they’re going to be varied by the different types of documentation, I think there’s still some folks who aren’t sure what to do with some of it.

Jen Snyder:

And I know you and I had talked about email, and I think that’s a big problem across the country.

Rita Reynolds:

Absolutely.

Rita Reynolds:

And first of all, open records requests and public records, that’s been a priority and in place for quite a while. And in each state the process or procedure, it can vary, but ultimately, if you get a public records request based on what that is defined as, you have to be able to respond to it within a certain timeframe.

Rita Reynolds:

And one of the early on approaches when it came to email was, “I’m just going to keep email forever.” As we fast forward into best practices and conversations, the direction is, we really probably need to rethink, are we keeping in email forever? So go back to the retention policy and the schedule, looking at that what’s important from a regulatory perspective is that whatever you have in writing, you’re following. So if you’re going to pick six months, two years, being able to enforce that across the county, that county staff and your automated systems are following that is really important. I’ve seen recent conversations because it’s being revisited in the environment that we’re in, because, I would guess we have more history here from the county perspective when it comes to actually filling or fulfilling open records or public records requests.

Rita Reynolds:

It’s time consuming when you start keeping records forever or emails just cart blanche, “We’re going to keep all these emails forever.” And the reality is that retention policies with timeframes, they’re there to protect the county, of course. If you have a policy in place and you don’t have it beyond seven years, you don’t have to produce it. You can’t produce it and you’re covered. It also protects employees because they’re clear on how long their information’s being kept within the county, but they also have clear guidance then on how long they should be keeping certain records. And hopefully, it’s automated, because we all know retention can be automated.

Rita Reynolds:

And then finally, and really more importantly, is that it does protect the resident or the requester of the information and/or the requester of the information because as we were talking, there’s some things that could have happened 10 years ago or 15 years ago, and they’ve been addressed, put bed and you don’t need to bring that back up again.

Rita Reynolds:

So revisiting how long you’re keeping email is really one of the best places to start and have a little bit more defined retention schedule on. And I would encourage everyone go back, look at your retention schedules and see what you have for email and have that conversation. You can have an approach where we’re going to keep email for two years and have an exception or two, except in the case of, and maybe that’s HR or another category.

Rita Reynolds:

But at least have that conversation with your stakeholders outside of the IT department.

Jen Snyder:

That’s a great point, Rita and I want to add one more point here, which would be the financial piece of it. So if you are holding onto information that you don’t need to be holding onto anymore, you are actually putting yourself at risk because someone could be requesting something that then all of a sudden, because you don’t have a consistent policy, there’s going to be challenges.

Jen Snyder:

Why did you get rid of one thing and not the other? So you’ve got some risk there. And then there’s a financial burden that is added to the county because you have staff who is doing things that shouldn’t really need to be done anymore. So that’s causing a financial burden there as well. So just to broaden the landscape a little bit, there’s a lot involved in not having that really good and consistent retention schedule.

Rita Reynolds:

Yeah. And just ahead of thought here, Jen, think of this. So if you have, and I’m going beyond email right now-

Jen Snyder:

Mm-hmm (affirmative).

Rita Reynolds:

I could include email, but use the court’s records for examples. Like maybe you’ve got 10, 15 years of course records and you have to keep them that long. And in that case, some things you have to keep longer.

Rita Reynolds:

And when you get a public records request, they can make the request and then the county has to do redaction or perhaps they’ve already done redaction. Depending on how old those records are, there’s electronic records, your redaction tool could have changed. So now you’re adding additional burden and workload to the processes to ensure that whatever you’re providing back out to the requester still meets current rules, regulations, and the software can do the redaction. I just had that thought.

Jen Snyder:

Yep. No, and I would completely agree because I think one of the things I’ve seen in the public record space specifically is that it has been changing at a very quick rate as to what can be released, what’s going to be a public record moving forward and a lot of change in that space. So if you’ve kept things unnecessarily that you don’t need to keep, and now the legislation has changed and it’s now a public record, now you have to produce it.

Jen Snyder:

So that retention schedule is really key.

Rita Reynolds:

Absolutely.

Jen Snyder:

I also wanted to make sure that we talked a smidge about the resources that you have. I know you have something that the counties and local government in general have been using to kind of help them put some policy in place around technology and what it should look like. Do you want to talk a little bit about that?

Rita Reynolds:

I think you’re referring to our priorities. Oh, a couple things. First, NACo works with county IT leaders earlier in 2021 summertime and we put together a publication called NACo Cyber Security Priorities and Best Practices. If you Google that, just put that in the Bing or Google search, it’ll come right off the link. And that publication contains about 11 different cybersecurity priorities specifically. And it’s funny because when we put it together, it was done with input from county IT leaders, other national associations, as well as other national agency input and best practices.

Rita Reynolds:

So think Department of Homeland Security, CISA, the Cybersecurity and Infrastructure Security Agency, the Multi-State Information Sharing and Analysis Center, and then regulations, NIST and some other resources when it comes to what should be in place if it’s criminally protected data, [inaudible 00:15:04] data, things like that.

Jen Snyder:

Mm-hmm (affirmative).

Rita Reynolds:

And these 11 priorities have had so much influence when it comes to conversations with legislature, with other national associations and counties taking this publication sitting down with their elected officials, as well as their other department heads to say, “These are priorities. This is something that was put together by counties, that the National Association of Counties has compiled, and they are absolute priorities we have to address.” Everything from multifactor authentication to the .gov domain and monitoring things like that. And having that publication to sit and have the conversation with elected officials, for example, it helps the county prioritize their budgetary requests as well as improving their cyber defenses.

Rita Reynolds:

So thankfully you asked me about that. That’s a really important resource available to counties. And then in the coming months, we are working on what we’re calling technology layman’s guides for elected officials around a number of areas, including cyber. So it’s going to take those priorities and do a deeper dive of questions, but also around budgeting and procurement and workforce recruitment and retention, because that is a challenge as well. And I want to tie back to data governance there. How we train the county workforce and help them understand the importance of records, requests and where you’re storing records, things like that, become really important. And we’re going to be delving into that in the coming months. If a county IT leader is a member of the Tech Xchange, they’ll see those announcements. Here, if you’re interested, you can go to NACo and search for Tech Xchange, X-C-H-A-N-G-E, without the E.

Rita Reynolds:

And you’ll get more information on that. So those are the three resources that I would the want to highlight. So thank you for asking.

Jen Snyder:

No, absolutely. Because I think those for me are best practices. When you can learn from your fellow peers and you can build upon that and you’ve got some basic standard guidelines and ideas, it really kind of helps jumpstart what’s going to be your move forward. And I think some of the resources that you described actually help you write a business plan. Right?

Rita Reynolds:

Absolutely.

Jen Snyder:

You have a strategic plan of things that you need to improve upon because as we know, technology is ever changing and this gives you a great way to put that framework in place and present what needs to be presented in a very professional manner.

Rita Reynolds:

Yeah. And Jen, I do want to mention as well, the fact that you and I, and I’ve had this with other partners in our corporate space, the conversation about we’re starting to see questionnaires before we sign contracts. Questionnaires on how we, as a partner, keep information secure. And that’s another area where we have some templates for counties to use on the type of questions to ask. But there’s a whole lot of different varieties of questionnaires out there, and they’re all asking the same thing.

Rita Reynolds:

So I want to thank you for being willing to fill all those out as you get them. It’s important for us as counties to know that our partners are taking cybersecurity serious as well. So thank you.

Jen Snyder:

Oh, absolutely. And I can pile onto that and say that as a provider of technology in the government sector, we see that trend just growing rapidly. We’re seeing it in different states and states that didn’t have it, are now having it. And then it’s coming down to our local cities and counties and they’re creating their own.

Jen Snyder:

So the fact that you have those resources out there for them to kind of jumpstart is in my opinion, huge. I think as we wrap up here, I wanted to just touch one second on complexity. So we’ve talked a lot about all of these different things and what they basically tell us is that complexity is on the rise. This area of technology and information governance, and all things associated to it, including public records, all of that is adding a level of complexity that really makes it important for us to look at those types of resources and look at how we’re doing things today and are we scalable? And are we secure? And really use those questions in your head to start to build the plan. And I can tell you based on some information that’s out on my website, which is govqa.com, you can see some information out there that basically addresses what we’ve been talking about today, which is the complexity in a lot of these areas.

Jen Snyder:

And overall, we have seen complexity grow to about 173% from Q1 in 2018, the complexity rate has gone up 173%. And it has been trending in that direction for years. So we don’t believe that’s going away. So being able to leverage all this information and a great organization like NACo and all of their resources, I think is a great start to building your plans for the future and being prepared for what’s going to need to be scalable.

Rita Reynolds:

Absolutely. And I could just add to that more reasons why internet acceptance and the use of technology which has been fueled by the pandemic and the inability to travel and even make it to the courthouse and factor in our younger generations that are now adults in the workforce.

Rita Reynolds:

And then finally, the recognition that data, data driven decisions are so important to being efficient and moving local government forward in a more cost effective, but a more focused manner that’s going to meet citizen needs. So real quick, like I said, four bullet point there on that complexity.

Jen Snyder:

Absolutely. Thank you, Rita. Any parting thoughts before we wrap up today’s podcast?

Rita Reynolds:

Absolutely. I want to share something I shared earlier. This [inaudible 00:21:18] up on our Tech Xchange in discussions and I’m seeing counties have success, and I want to provide a quote in closing. And that it goes back to the fact that data is so important. This one county said, “We know that the appetite for data is growing. So we are trying to steer the ship. We don’t want to end up having too many department solutions to the problem.” That’s the end of the quote.

Rita Reynolds:

And the other parts of it are, “Working to be focused and make sure there’s good governance in place.” And that’s really, I think part of why we wanted to do this conversation today is take a step. It doesn’t have to be a big step. But take a step in data governance.

Jen Snyder:

Absolutely. I completely agree. And once you had that data governance in place, it really helps you plan that retention schedule and know what you have. So I think it’s great. Rita, I cannot thank you enough for joining us today. I hope everyone has enjoyed this PIPR podcast today. GovQA, thanks to you. We invite you to come out to our website or to NACo’s website and take a look at all the resources that are out there. There are tons. And with that, I’m going to go ahead and close out our podcast today. Everyone, have a wonderful day and stay safe.

Recording:

Thank you for listening to the Peers In Public Records Podcast. To continue the conversation and learn more about public records, visit us at govqa.com or follow us on LinkedIn and Twitter.