mod2unit1bseg3ppt.ppt

Download Report

Transcript mod2unit1bseg3ppt.ppt

DEED WorkForce Center

Reception and Resource Area Certification Program

Module 2 Unit 1b: WorkForce Center System II Learning Objectives III

Learning Objectives 3 Data Privacy Awareness        Awareness The Data Practices Act Customer Rights Tennessen Warning Notice Informed Consent Data Protection and Security Resources This information is based on from the Information Policy Analysis Division of the Minnesota Department of Administration in 2007.

AWARENESS

Awareness Anyone working in a WFC is responsible for properly handling customer data.

 Customers have rights to privacy and security.

  Tennessen Notice Warning Sharing customer information with others is restricted.

THE DATA PRACTICES ACT

The Data Practices Act Minnesota Statutes, Chapter 13 and Minnesota Rules, Chapter 1205  Presumes government data are public     Classifies data that are not public Provides rights for the public and data subjects Requires that data on individuals are accurate, complete, current, and secure Defines government data

CUSTOMER RIGHTS

Customer’s Rights Data subjects:  Limits on the government’s collection and storage of data on individuals   Right to certain information prior to the collection of private or confidential data Right to consent to the new use of data   Right to challenge the accuracy and/or completeness of data Expectation in the security of data

The Three Laws of Data Practices   The Official Records Act  Minnesota Statutes, section 15.17

The Records Management Statute  Minnesota Statutes, section 138.17  The Minnesota Government Data Practices Act  Minnesota Statutes, Chapter 13 & Minnesota Rules, Chapter 1205

THE TENNESSEN WARNING NOTICE

Tennessen Warning Notice Tennessen Warning Notice, Minnesota 13.04, subdivision 2 covers:   Private data collected from an individual on an individual Describes individual’s rights before data can be   collected, stored, used, or disseminated Describes purpose and intended use of data Whether the individual may refuse or is legally required to provide the data   Known consequences from supplying or refusing to supply the data Identity of other persons or entities with statutorily authorized access to the data

INFORMED CONSENT

Informed consent    Permission for a new use or release of government data Informed consent is necessary for:  Entity to use data in a new or different way  A new release of data  Collection of data about an individual from another person or entity Informed consent must be in writing and cannot be coerced

DATA PROTECTION AND SECURITY

Data protection & security    Appropriate security safeguards and appropriate destruction of not public data  Minnesota Statutes, section 13.05, subdivision 5 Disclosure of breach in security of data  Minnesota Statutes, section 13.055

Protecting not public data

DEED WorkForce Center

Reception and Resource Area Certification Program

Module 2 Unit 1b: WorkForce Center System II Learning Objectives III

Learning Objectives 3 Data Privacy Awareness        Awareness The Data Practices Act Customer Rights Tennessen Warning Notice Informed Consent Data Protection and Security Resources This information is based on from the Information Policy Analysis Division of the Minnesota Department of Administration in 2007.

AWARENESS

Awareness Anyone working in a WFC is responsible for properly handling customer data.

 Customers have rights to privacy and security.

  Tennessen Notice Warning Sharing customer information with others is restricted.

THE DATA PRACTICES ACT

The Data Practices Act Minnesota Statutes, Chapter 13 and Minnesota Rules, Chapter 1205  Presumes government data are public     Classifies data that are not public Provides rights for the public and data subjects Requires that data on individuals are accurate, complete, current, and secure Defines government data

CUSTOMER RIGHTS

Customer’s Rights Data subjects:  Limits on the government’s collection and storage of data on individuals   Right to certain information prior to the collection of private or confidential data Right to consent to the new use of data   Right to challenge the accuracy and/or completeness of data Expectation in the security of data

The Three Laws of Data Practices   The Official Records Act  Minnesota Statutes, section 15.17

The Records Management Statute  Minnesota Statutes, section 138.17  The Minnesota Government Data Practices Act  Minnesota Statutes, Chapter 13 & Minnesota Rules, Chapter 1205

THE TENNESSEN WARNING NOTICE

Tennessen Warning Notice Tennessen Warning Notice, Minnesota 13.04, subdivision 2 covers:   Private data collected from an individual on an individual Describes individual’s rights before data can be   collected, stored, used, or disseminated Describes purpose and intended use of data Whether the individual may refuse or is legally required to provide the data   Known consequences from supplying or refusing to supply the data Identity of other persons or entities with statutorily authorized access to the data

Discussion Point

1. Do understand the purpose of the Tennessen Warning Notice?

INFORMED CONSENT

Informed consent    Permission for a new use or release of government data Informed consent is necessary for:  Entity to use data in a new or different way  A new release of data  Collection of data about an individual from another person or entity Informed consent must be in writing and cannot be coerced

DATA PROTECTION AND SECURITY

Data protection & security    Appropriate security safeguards and appropriate destruction of not public data  Minnesota Statutes, section 13.05, subdivision 5 Disclosure of breach in security of data  Minnesota Statutes, section 13.055

Protecting not public data

Tips to Protect Not Public Data • • • • • • • • • • Lock the screen of your computer when leaving your desk Turn copies of not public data documents over or outside of view. Use locked file cabinets for not public data Do not leave not public data on a copier, printer, or fax machine.

Do not discuss not public data with co-workers whose work does not require knowing about the data Create strong passwords for your computer, do not share it others, and change it periodically. Remove private data that you do not need to do your job from your laptop or briefcase.

If you must use not public electronic data away from the office, consult with your technology person to discuss encryption options Do not access not public data using a web browser on a public computer Hide your laptop from plain view in your car; best to take it with you. Put it in the trunk before you reach your destiny.

Specific provisions of Chapter 13 General not public data  Social Security numbers   Private (Minnesota Statutes, section 13.355) Security information   Private/nonpublic (Minnesota Statutes, section 13.37) Trade secret data  Private/nonpublic (Minnesota Statutes, section 13.37)

Civil remedies & penalties Minnesota Statutes, sections 13.08 & 13.09

 Civil suits against government entity or responsible authority allowed  Penalties for willful violation  Misdemeanor  Suspension or dismissal

Data Practices Checklist 1.

Does our government entity know what data we collect and keep?

2.

Does our government entity understand how the data are classified?

3.

Does our government entity have a “data practices compliance official” (DPCO) who can help citizens and our entity with data practices requests?

4.

Does our government entity have a policy and/or procedure that discusses which employee or employees within our entity are responsible for handling data practices issues?

5.

Does our government entity have the public document required by Minnesota Statutes, section 13.05, subdivision 1, that identifies our responsible authority and describes the private and confidential data on individuals we maintain?

Discussion Point

1. Do you have a Data Practice policy and procedure at your WFC?

RESOURCES

Resources     Responsible Authority: Dan McElroy, Commissioner Data Practices Compliance Official: Deb Serum [email protected]

or 651-259-7193 Policy and Procedures Manual: intraweb.deed.state.mn.us/ref/ppm/ppm601.htm

Find out who your Data Practice person is at your site.

Information & questions Information Policy Analysis Division (IPAD)  Commissioner of Administration’s advisory opinions   IPAD website and information materials IPAD email listserv and Newsletter   Informal advice from IPAD Information Policy Analysis Division 

www.ipad.state.mn.us

 1.800.657.3721 or 651.296.6733

[email protected]

 201 Administration Building 50 Sherburne Ave.

St. Paul, MN 55155

Resource Area (RA)

KEY POINTS

1.

2.

3.

4.

WFCs are responsible for appropriate security safeguards of public data and appropriate destruction of not public data.

One of the elements of the Data Practices Act provides for rights for the public and data subjects.

The Tennessen Notice Warning describes how and why data collected is intended to be use, collected and stored, sharing of information, rights and consequences of or not releasing information.

Any person who willfully – knowingly – violates Minnesota Statues Chapter 13 is guilty of a penalty.

This completes Learning Objective 3 of Module 2, Unit 1b and training for this unit.

Learning Objective 1: Equal Opportunity Learning Objective 2: Complaint Process

Leaning Objective 3: Data Privacy Awareness