Conn. Agencies Regs. § 19a-401-30 - Maintenance of personal data
(a) Personal data
shall not be maintained unless relevant and necessary to accomplish the lawful
purposes of the Office. Where the Office finds irrelevant or unnecessary public
records in its possession, the Office shall dispose of the records in
accordance with its record retention schedule and with the approval of the
Public Records Administrator as per section
11-8a
of the Connecticut General Statutes, or, if the records are not disposable
under the records retention schedule, request permission from the Public
Records Administrator to dispose of the records under section
11-8a
of the Connecticut General Statutes.
(b) The Office shall collect and maintain all
records with accurateness and completeness.
(c) Office employees involved in the
operations of the Office's personal data systems shall be informed of the
provisions of:
(1) the Personal Data Act;
(2) the commission's regulations
adopted pursuant to section
4-196
of the Connecticut General Statutes;
(3) the Freedom of Information Act and
(4) any other state or federal
statute or regulations concerning maintenance or disclosure of personal data
kept by the Office.
(d)
All Office employees shall take reasonable precautions to protect personal data
under their custody from the danger of fire, theft, flood, natural disasters
and other physical threats.
(e) The
Office shall incorporate by reference the provisions of the Personal Data Act
and regulations promulgated thereunder in all contracts, agreements or licenses
for operation of a personal data system or for research, evaluation and
reporting of personal data for the Office or on its behalf.
(f) The Office shall insure that personal
data requested and received from any other agency is maintained in conformance
with the Personal Data Act.
(g)
Only Office employees who have a specific need to review personal data records
for lawful purposes of the Office shall be entitled to access to such records
under the Personal Data Act.
(h)
The Office shall insure that all records in manual personal data systems are
kept under lock and key and, to the greatest extent practical, are kept in
controlled access areas.
(i) With
respect to automated personal data systems, the Office shall:
(1) to the greatest extent practical, locate
automated equipment and records in a limited access area;
(2) to the greatest extent practical, require
visitors to such area to sign a visitor's log and permit access to said area on
a bona-fide need-to-enter basis only;
(3) to the greatest extent practical, insure
that regular access to automated equipment is limited to operations
personnel;
(4) utilize appropriate
access control mechanisms to prevent disclosure of personal data to
unauthorized individuals.
(j) Records for each personal data system are
maintained in accordance with schedules prepared by the Connecticut State
Library, Department of Public Records Administration and records retention
schedule as approved by the Public Records Administrator as authorized by
section
11-8a
of the Connecticut General Statutes. Retention schedules shall be maintained on
file at the Office and may be examined during normal business hours.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.