The South Carolina Department of Revenue data breach in 2012 exposed 3.6 million Social Security numbers to hackers. While the rupture was disruptive and damaging to those whose data was compromised, the incident had a silver lining: It helped push forward a complete overhaul of South Carolina’s decentralized IT governance model.
Lawmakers passed the South Carolina Restructuring Act of 2014 earlier this year, giving the governor’s office more executive power. Legislators created a new cabinet agency – the Department of Administration and put state technology underneath the agency’s purview.
In an interview with Government Technology, State Sen. A. Shane Massey, explained that historically, the governor’s office hasn’t had a lot of power in South Carolina. While he felt that separation of powers was “good government,” Massey also believes it led to the Legislature doing “very little to look under the hood” of what’s going on in agencies, including technology issues.
“The hope is that this oversight will allow us to catch problems before they’ve become real problems and avoid some of these things going forward,” Massey said, referring to the 2012 data breach. “My belief is that if we had been doing regular oversight, somebody, somewhere, at some point, would have asked the Department of Revenue about their security. And that would have had them focusing on it before we ever got hacked.”