Judy Mortrude DEED Program Administrator Workforce Innovation and Opportunities Act.
DEED WorkForce Center Reception and Resource Area Certification Program
description
Transcript of DEED WorkForce Center Reception and Resource Area Certification Program
DEEDWorkForce CenterReception and Resource Area Certification Program
Module 2Unit 1b: WorkForce Center System IILearning Objectives III
Learning Objectives 3Data Privacy Awareness
Awareness The Data Practices Act Customer Rights Tennessen Warning Notice Informed Consent Data Protection and Security Resources
This information is based on from the Information Policy Analysis Division of the Minnesota
Department of Administration in 2007.
AWARENESS
Awareness
Anyone working in a WFC is responsible for properly handling customer data.
Customers have rights to privacy and security. Tennessen Notice Warning Sharing customer information with others is restricted.
THE DATA PRACTICES ACT
The Data Practices Act
Minnesota Statutes, Chapter 13 and Minnesota Rules, Chapter 1205
Presumes government data are public Classifies data that are not public Provides rights for the public and data subjects Requires that data on individuals are accurate, complete,
current, and secure Defines government data
CUSTOMER RIGHTS
Customer’s Rights
Data subjects: Limits on the government’s collection and storage of
data on individuals Right to certain information prior to the collection of
private or confidential data Right to consent to the new use of data Right to challenge the accuracy and/or completeness of
data Expectation in the security of data
The Three Laws of Data Practices
The Official Records Act Minnesota Statutes, section 15.17
The Records Management Statute Minnesota Statutes, section 138.17
The Minnesota Government Data Practices Act Minnesota Statutes, Chapter 13 & Minnesota Rules,
Chapter 1205
THE TENNESSEN WARNING NOTICE
Tennessen Warning NoticeTennessen Warning Notice, Minnesota 13.04, subdivision 2
covers: Private data collected from an individual on an
individual Describes individual’s rights before data can be
collected, stored, used, or disseminated Describes purpose and intended use of data Whether the individual may refuse or is legally required
to provide the data Known consequences from supplying or refusing to
supply the data Identity of other persons or entities with statutorily
authorized access to the data
INFORMED CONSENT
Informed consent
Permission for a new use or release of government data
Informed consent is necessary for: Entity to use data in a new or different way A new release of data Collection of data about an individual from another
person or entity Informed consent must be in writing and cannot be
coerced
DATA PROTECTION AND SECURITY
Data protection & security
Appropriate security safeguards and appropriate destruction of not public data Minnesota Statutes, section 13.05, subdivision 5
Disclosure of breach in security of data Minnesota Statutes, section 13.055
Protecting not public data
DEEDWorkForce CenterReception and Resource Area Certification Program
Module 2Unit 1b: WorkForce Center System IILearning Objectives III
Learning Objectives 3Data Privacy Awareness
Awareness The Data Practices Act Customer Rights Tennessen Warning Notice Informed Consent Data Protection and Security Resources
This information is based on from the Information Policy Analysis Division of the Minnesota
Department of Administration in 2007.
AWARENESS
Awareness
Anyone working in a WFC is responsible for properly handling customer data.
Customers have rights to privacy and security. Tennessen Notice Warning Sharing customer information with others is restricted.
THE DATA PRACTICES ACT
The Data Practices Act
Minnesota Statutes, Chapter 13 and Minnesota Rules, Chapter 1205
Presumes government data are public Classifies data that are not public Provides rights for the public and data subjects Requires that data on individuals are accurate, complete,
current, and secure Defines government data
CUSTOMER RIGHTS
Customer’s Rights
Data subjects: Limits on the government’s collection and storage of
data on individuals Right to certain information prior to the collection of
private or confidential data Right to consent to the new use of data Right to challenge the accuracy and/or completeness of
data Expectation in the security of data
The Three Laws of Data Practices
The Official Records Act Minnesota Statutes, section 15.17
The Records Management Statute Minnesota Statutes, section 138.17
The Minnesota Government Data Practices Act Minnesota Statutes, Chapter 13 & Minnesota Rules,
Chapter 1205
THE TENNESSEN WARNING NOTICE
Tennessen Warning NoticeTennessen Warning Notice, Minnesota 13.04, subdivision 2
covers: Private data collected from an individual on an
individual Describes individual’s rights before data can be
collected, stored, used, or disseminated Describes purpose and intended use of data Whether the individual may refuse or is legally required
to provide the data Known consequences from supplying or refusing to
supply the data Identity of other persons or entities with statutorily
authorized access to the data
Discussion Point
1. Do understand the purpose of the Tennessen Warning Notice?
INFORMED CONSENT
Informed consent
Permission for a new use or release of government data
Informed consent is necessary for: Entity to use data in a new or different way A new release of data Collection of data about an individual from another
person or entity Informed consent must be in writing and cannot be
coerced
DATA PROTECTION AND SECURITY
Data protection & security
Appropriate security safeguards and appropriate destruction of not public data Minnesota Statutes, section 13.05, subdivision 5
Disclosure of breach in security of data Minnesota Statutes, section 13.055
Protecting not public data
Tips to Protect Not Public Data• Lock the screen of your computer when leaving your desk• Turn copies of not public data documents over or outside of view. • Use locked file cabinets for not public data• Do not leave not public data on a copier, printer, or fax machine.• Do not discuss not public data with co-workers whose work does not
require knowing about the data• Create strong passwords for your computer, do not share it others,
and change it periodically. • Remove private data that you do not need to do your job from your
laptop or briefcase.• If you must use not public electronic data away from the office, consult
with your technology person to discuss encryption options• Do not access not public data using a web browser on a public
computer• Hide your laptop from plain view in your car; best to take it with you.
Put it in the trunk before you reach your destiny.
Specific provisions of Chapter 13
General not public data Social Security numbers
Private (Minnesota Statutes, section 13.355) Security information
Private/nonpublic (Minnesota Statutes, section 13.37)
Trade secret data Private/nonpublic (Minnesota Statutes, section
13.37)
Civil remedies & penalties
Minnesota Statutes, sections 13.08 & 13.09 Civil suits against government entity or responsible
authority allowed Penalties for willful violation
Misdemeanor Suspension or dismissal
Data Practices Checklist1. Does our government entity know what data we collect and keep?
2. Does our government entity understand how the data are classified?
3. Does our government entity have a “data practices compliance official” (DPCO) who can help citizens and our entity with data practices requests?
4. Does our government entity have a policy and/or procedure that discusses which employee or employees within our entity are responsible for handling data practices issues?
5. Does our government entity have the public document required by Minnesota Statutes, section 13.05, subdivision 1, that identifies our responsible authority and describes the private and confidential data on individuals we maintain?
Discussion Point
1. Do you have a Data Practice policy and procedure at your WFC?
RESOURCES
Resources
Responsible Authority:
Dan McElroy, Commissioner Data Practices Compliance Official:
Deb Serum [email protected] or 651-259-7193 Policy and Procedures Manual:
intraweb.deed.state.mn.us/ref/ppm/ppm601.htm Find out who your Data Practice person is at your
site.
Information & questionsInformation Policy Analysis Division (IPAD) Commissioner of Administration’s advisory opinions IPAD website and information materials IPAD email listserv and Newsletter Informal advice from IPAD Information Policy Analysis Division
www.ipad.state.mn.us 1.800.657.3721 or 651.296.6733 [email protected] 201 Administration Building
50 Sherburne Ave.St. Paul, MN 55155
Resource Area (RA) KEY POINTS1. WFCs are responsible for appropriate security
safeguards of public data and appropriate destruction of not public data.
2. One of the elements of the Data Practices Act provides for rights for the public and data subjects.
3. The Tennessen Notice Warning describes how and why data collected is intended to be use, collected and stored, sharing of information, rights and consequences of or not releasing information.
4. Any person who willfully – knowingly – violates Minnesota Statues Chapter 13 is guilty of a penalty.
This completes Learning Objective 3
of Module 2, Unit 1b and training for this unit.
Learning Objective 1: Equal Opportunity
Learning Objective 2: Complaint Process
Leaning Objective 3: Data Privacy Awareness