Current through Register 1536, December 6, 2024
Section 2.08 - Disclosure of Personal Data to the Attorney General(1) Where a suit (or legal proceeding) has been threatened or instituted by a data subject against the Department of the State Auditor or against any official or employee of the Department, arising from his or her official duties or scope of employment, any personal data concerning the data subject, held by the Department that is or employs a party to such suit (or legal proceeding), which is relevant to a determination of the issues in dispute, may be furnished to the Attorney General, or authorized assistant attorney general, who may further disclose such personal data to the extent he or she deems necessary for purposes of representing the defendant(s), subject to the following conditions: (a) Disclosure shall be furnished in response to a written or oral request from the Office of the Attorney General, which shall indicate the purpose for which the personal data is requested and describe, with particularity, the data requested; and(b) Personal data of persons not party to the litigation (or legal proceeding) will be redacted in order to protect the privacy interests of such persons.(2) In the event that a personal data system maintained by the Department of the State Auditor, to carry out its functions, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising under a statute or a regulation, rule, or order issued pursuant thereto, the relevant data may be referred to the Attorney General in order to enforce or implement the statute or a regulation, rule, or order issued pursuant thereto, or to investigate or prosecute such violation.(3) Nothing in 965 CMR 2.08 shall be construed to authorize the Department of the State Auditor to release information the disclosure of which is prohibited by any statute other than the Fair Information Practices Act, M.G.L. c. 66A.