Donald Gainsborough stands at the intersection of public policy and digital infrastructure as the leader of Government Curated. With a sharp eye for legislative nuance and a commitment to modernization, he has become a pivotal figure in reshaping how government entities handle their most valuable asset: data. His work focuses on navigating the complex tension between the public’s right to privacy and the necessity of high-performance digital services. In this discussion, we explore the evolving landscape of data management, the technicalities of CCPA compliance, and the ongoing cultural shift required to bring state-level data practices into the modern era.
Transitioning an organization toward a data-driven culture often requires more than just new tools. What specific milestones define a successful “culture shift” in government data management, and how are you measuring the resulting impact on inter-departmental collaboration?
A successful culture shift is marked by the moment data moves from being a static departmental asset to a shared strategic resource. We see a significant milestone when agencies move beyond simply collecting text files to actively utilizing first-party cookies to remember user preferences like language or login details. This shift is measured by how seamlessly different departments can interact with shared data frameworks without compromising security. By establishing these internal data standards, we create a environment where collaboration feels natural rather than forced. It is a rewarding process to watch different arms of government begin to speak the same digital language to improve the citizen experience.
Modern digital platforms distinguish between “strictly necessary” cookies and those used for performance or marketing. How do you decide which technologies are essential for site functionality, and what steps are taken to ensure these choices remain compliant with CCPA standards regarding the sale of data?
Deciding which technologies are essential comes down to a fundamental assessment of what the site needs to actually exist and function for the user. We categorize “strictly necessary” cookies as those that handle basic tasks like prompting our cookie banner or remembering a visitor’s privacy choices. Because these specific tools are purely for site health and performance monitoring, they do not fall under the “sale” of data according to CCPA standards. We maintain compliance by being transparent about these first-party requirements and ensuring they aren’t used for external marketing purposes. It is a rigorous balancing act, ensuring that we are following the letter of the law while keeping the digital lights on.
Users are increasingly offered toggle switches to opt out of personalized advertising and social media tracking. What challenges arise when trying to deliver a tailored experience while honoring these privacy selections, especially since these choices are often limited to specific browsers or devices?
The primary challenge is the technical fragmentation that occurs when a user exercises their right to opt out. When a user flips that toggle switch, they are opting out of the “sale” of their personal information and the targeted content that comes with it, but this choice is physically tied to that specific browser and device. We do not track individuals across different devices or various properties, which means a selection made on a laptop doesn’t automatically carry over to a smartphone. This creates a hurdle in delivering a consistent experience, as the user might still see general advertising regardless of their selection. We have to be very clear with our audience that their privacy settings are localized to their immediate environment.
Blocking certain functional or performance cookies can lead to websites not working as intended for the end user. How do you communicate these technical trade-offs to the public, and what metrics do you monitor to ensure site performance remains stable when privacy controls are tightened?
We make it a point to inform users through our preferences menu that while they can set their browsers to block all cookies, doing so will inevitably break certain parts of the site. If a user blocks performance cookies, they might lose the ability to have their login information remembered or find that site navigation becomes clunky. We monitor site traffic and performance metrics closely to see where these “breaks” occur and how they impact the overall user journey. It is vital to point them toward resources like allaboutcookies.org so they understand the trade-off between absolute privacy and a smooth digital experience. Our goal is to provide a stable platform where the user feels in control of the data they share.
What is your forecast for Maryland’s data landscape?
I anticipate that Maryland will move toward an even more transparent and user-centric model where the “culture shift” we are seeing today becomes the standard operating procedure. We will likely see a deeper integration of privacy-first technologies that allow for personalization without the intrusive tracking methods of the past. As we refine how we handle social media and targeting cookies, the focus will stay on providing relevant content while respecting the opt-out choices of every citizen. Ultimately, the future looks like a more streamlined, secure, and respectful digital ecosystem for all Marylanders.
