Scope of Study
PRIVACY AND STATE AGENCIES
State agencies gather and maintain a lot of information about private citizens, businesses, and their own employees in order to carry out their functions. A variety of specific state and federal statutes cover the public disclosure treatment of some of this information. Absent specific law, the state freedom of information law (FOIA) establishes a broad foundation to promote disclosure of agency records, with certain specific exemptions.
State executive branch agencies are also subject to the requirements of the state Personal Data Act (PDA), which primarily sets out a structure for state agency record maintenance and retention. Until 1979, PDA prohibited disclosure of personal data maintained by a state agency without the consent of the data subject. That provision was removed to reconcile PDA with the open records policy of FOIA. Among other items, PDA still requires agencies to "maintain only that information about a person which is relevant and necessary to accomplish the lawful purposes of the agency."
There are many current issues about how state agency records are maintained. Included among these is the impact of data automation leading to a significant increase in accessibility of that information, and what protections will be built to prevent inadvertent release of confidential information.
Area of Focus
The study would focus on how well state executive branch agencies implement current laws related to information they maintain, and evaluate whether any changes are needed either in implementation or law. While remaining broad, the study will review more closely agencies identified as having significant data privacy issues.
Areas of Analysis
1. Types of information state agencies gather and/or maintain
2. Statutes and regulations under which state agencies operate with respect to information gathering and maintenance, and actual agency practice
3. Management and administrative structures in place to ensure compliance with existing state/federal law, including the Department of Information Technology
4. Areas in which state law may be lacking
5. State government information handling policy models and application to Connecticut
Areas Not Included in Analysis
The specific area of medical records maintained by state government will not be analyzed in depth due to the significant current activity involving disclosure rules mandated by the federal Health Insurance Portability and Accountability Act of 1996, intended to apply to state government.