Privacy and State Agencies 2001
In March 2001, the program review committee voted to study the issue of privacy and state agencies. State government collects enormous amounts of personal information about individuals, which is handled in a number of different ways. The study focused on information privacy-- what policy and implementation structure existed to balance individual privacy concerns with the interest of open government, and how effective was that structure. The committee study identified a collection of state statutes, regulations, and court decisions that make up Connecticut's current information privacy policy. The committee found Connecticut has most of the statutory pieces in place that those in the field of information privacy believe are important. However, the committee believed there were deficiencies that diminish the importance of the privacy value in the balance with open government. These included: 1) lack of actual affirmative agency notice to individuals who supply personal data about how their data will be used; 2) a substantive conflict between the FOIA and the PDA; and 3) lack of guidelines for agencies and the public on the application of the invasion of personal privacy exemption.
To address these deficiencies, the committee made several recommendations, all but one requiring legislation. The committee raised a bill during the 2002 legislative session, which did not pass.
Summary of Compliance with Committee Recommendations | ||
Recommendation |
Status |
Comment |
Amend the Personal Data Act to require each agency to develop and provide to every person providing personal information to the agency a written statement about how the agency would handle the information and the individual's rights. |
None |
Recommendation contained in SB 356 (Section 2). Not passed |
Amend the Personal Data Act to resolve the conflict between the Act and the Freedom of Information Act related to public access to personal information and agency recordkeeping requirements |
None |
Recommendation contained in SB 356 (Section 1). Not passed |
The Freedom of Information Commission shall compile a summary of FOIC and court decisions on the invasion of privacy exemption for agencies and the public, and keep the summary updated. |
None |
Agency noted in its January 2003 compliance response that it was faced with numerous resource issues that prevented it from undertaking what it believes is an enormous task |
Establish an independent Office of Information Privacy Advocate (OIPA) to proactively review and evaluate agency activities related to information privacy, develop and promote educational materials for Connecticut citizens, and form and coordinate a working group of privacy compliance officers to develop guidelines for publication of agency records on the Internet |
None |
Recommendation contained in SB 356 (Section 3). Not passed |
Each agency shall appoint a privacy compliance officer, who shall report directly to the commissioner and be responsible for the agency's compliance with the Personal Data Act and other information privacy requirements. Each agency shall report to the OIPA on specific items to demonstrate agency compliance with state information privacy laws |
None |
Recommendation contained in SB 356 (Section 2). Not passed |