45 CFR § 307.13 - Security and confidentiality for computerized support enforcement systems in operation after October 1, 1997.

§ 307.13 Security and confidentiality for computerized support enforcement systems in operation after October 1, 1997.

The State IV-D agency shall:

(a) Information integrity and security. Have safeguards protecting the integrity, accuracy, completeness of, access to, and use of data in the computerized support enforcement system. These safeguards shall include written policies concerning access to data by IV–D agency personnel, and the sharing of data with other persons to:

(1) Permit access to and use of data to the extent necessary to carry out the State IV–D program under this chapter;

(2) Specify the data which may be used for particular IV–D program purposes, and the personnel permitted access to such data;

(3) Permit disclosure of information to State agencies administering programs under titles IV (including Tribal programs under title IV), XIX, and XXI of the Act, and SNAP, to the extent necessary to assist them to carry out their responsibilities under such programs in accordance with section 454A(f)(3) of the Act, to the extent that it does not interfere with the IV–D program meeting its own obligations and subject to such requirements as prescribed by the Office.

(4) Prohibit the disclosure of NDNH, FCR, financial institution, and IRS information outside the IV–D program except that:

(i) IRS information is restricted as specified in the Internal Revenue Code;

(ii) Independently verified information other than financial institution information may be released to authorized persons;

(iii) NDNH and FCR information may be disclosed without independent verification to IV–B and IV–E agencies to locate parents and putative fathers for the purpose of establishing parentage or establishing parental rights with respect to a child; and

(iv) NDNH and FCR information may be disclosed without independent verification to title IV–D, IV–A, IV–B and IV–E agencies for the purpose of assisting States to carry out their responsibilities to administer title IV–D, IV–A, IV–B and IV–E programs.

(b) Monitoring of access. Monitor routine access to and use of the computerized support enforcement system through methods such as audit trails and feedback mechanisms to guard against, and promptly identify unauthorized access or use;

(c) Training and information. Have procedures to ensure that all personnel, including State and local staff and contractors, who may have access to or be required to use confidential program data in the computerized support enforcement system are:

(1) Informed of applicable requirements and penalties, including those in section 6103 of the Internal Revenue Service Code and section 453 of the Act; and

(2) Adequately trained in security procedures; and

(d) Penalties. Have administrative penalties, including dismissal from employment, for unauthorized access to, disclosure or use of confidential information.

[63 FR 44816, Aug. 21, 1998, as amended at 73 FR 56445, Sept. 26, 2008; 75 FR 81908, Dec. 29, 2010]