Utah Admin. Code R356-12-5 - Safeguarding Data
(1) The commission
shall provide a secure transfer method for an agency to send data to the
commission.
(2) The Commission
shall implement and maintain administrative, technical, and physical safeguards
necessary to protect the confidentiality of data and to prevent the
unauthorized use or access of data.
(3) The commission shall ensure that data is
only accessible to individuals who have an actual and legitimate need to access
or use data.
(4) The commission
shall require any agent or subcontractor who may need to access data to agree
in writing to be subject to the same restrictions and conditions regarding data
as the commission.
(5)
(a) The commission shall promptly report to
an agency any:
(i) unauthorized access,
acquisition, disclosure, loss of access, or destruction of data; or
(ii) interference with or compromise of the
security, confidentiality, availability, or integrity of any computer systems
involving data.
(b) The
commission shall take reasonable steps to mitigate the effects of an incident
described in Subsection (5)(a).
(c)
The commission shall consult and cooperate with the agency regarding
appropriate steps for remediation and any applicable reporting
requirements.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.