Conn. Agencies Regs. § 6-38b-25

Current through September 27, 2024
Section 6-38b-25 - Maintenance of personal data
(a) The commission shall strive to collect and maintain all personal data with accuracy and completeness. Any personal data not relevant and necessary to accomplish the lawful purpose of the commission shall be disposed of in accordance with the commission's record retention schedule, or upon permission from the public records administrator to dispose of said records under section 11-8a of the Connecticut General Statutes.
(b) Insofar as it is consistent with the needs and mission of the commission, the commission, wherever practical, shall collect personal data directly from the persons to whom a record pertains.
(c) All employees who function as custodians for the commission's personal data system, or are involved in the operation of such system, shall be given a copy of the provisions of the Personal Data Act, sections 6-38b-22 to 6-38b-28, inclusive, of the Regulations of Connecticut State Agencies, a copy of the Freedom of Information Act and any other state or federal statute or regulations concerning maintenance or disclosure of personal data kept by the agency.
(d) All such commission employees shall take reasonable precautions to protect personal data under their control or custody from the danger of fire, theft, flood, natural disaster and other physical threats.
(e) The commission shall incorporate by reference the provisions of the Personal Data Act and sections 6-38b-22 to 6-38b-28, inclusive, of the Regulations of Connect-icut State Agencies in all contracts, agreements or licenses for the operation of a personal data system or for research, evaluation and reporting of personal data for the commission or on its behalf.
(f) An agency requesting personal data from the commission shall have an independent obligation to insure that the personal data is properly maintained.
(g) Access to the commission's personal data system is available to commission members and employees who require such information in the performance of their official and lawful duties and to such other persons who are entitled to access under law. The commission shall keep an up-to-date roster of commission employees entitled to access to the commission's personal data system.
(h) The commission shall ensure against unnecessary duplication of personal data records. In the event it is necessary to send personal data records through interdepartmental mail, such records shall be sent in envelopes or boxes sealed and marked "confidential," where such records are required by law to be kept confidential.
(i) The commission shall ensure that all records in its manual personal data system are kept under lock and key, and, to the greatest extent practical, are kept in controlled access areas.
(j) The commission shall, to the greatest extent practical, locate automated equipment and records in a limited access area.
(k) To the greatest extent practical, the commission shall require visitors to such area to sign a visitor's log and permit access to such area on a bona-fide need-to-enter basis only.
(l) The commission, to the greatest extent practical, shall ensure that regular access to automated equipment is limited to operations personnel and other authorized persons.
(m) The commission shall use appropriate access control mechanisms to prevent disclosure to unauthorized individuals of personal data required to be kept confidential by law.

Conn. Agencies Regs. § 6-38b-25

Adopted effective November 4, 2002