DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III
Learning Objectives 3 Data Privacy Awareness Awareness The Data Practices Act Customer Rights Tennessen Warning Notice Informed Consent Data Protection and Security Resources This information is based on from the Information Policy Analysis Division of the Minnesota Department of Administration in 2007.
AWARENESS
Awareness Anyone working in a WFC is responsible for properly handling customer data. Customers have rights to privacy and security. Tennessen Notice Warning Sharing customer information with others is restricted.
THE DATA PRACTICES ACT
The Data Practices Act Minnesota Statutes, Chapter 13 and Minnesota Rules, Chapter 1205 Presumes government data are public Classifies data that are not public Provides rights for the public and data subjects Requires that data on individuals are accurate, complete, current, and secure Defines government data
CUSTOMER RIGHTS
Customer’s Rights Data subjects: Limits on the government’s collection and storage of data on individuals Right to certain information prior to the collection of private or confidential data Right to consent to the new use of data Right to challenge the accuracy and/or completeness of data Expectation in the security of data
The Three Laws of Data Practices The Official Records Act Minnesota Statutes, section The Records Management Statute Minnesota Statutes, section The Minnesota Government Data Practices Act Minnesota Statutes, Chapter 13 & Minnesota Rules, Chapter 1205
THE TENNESSEN WARNING NOTICE
Tennessen Warning Notice Tennessen Warning Notice, Minnesota 13.04, subdivision 2 covers: Private data collected from an individual on an individual Describes individual’s rights before data can be collected, stored, used, or disseminated Describes purpose and intended use of data Whether the individual may refuse or is legally required to provide the data Known consequences from supplying or refusing to supply the data Identity of other persons or entities with statutorily authorized access to the data
INFORMED CONSENT
Informed consent Permission for a new use or release of government data Informed consent is necessary for: Entity to use data in a new or different way A new release of data Collection of data about an individual from another person or entity Informed consent must be in writing and cannot be coerced
DATA PROTECTION AND SECURITY
Data protection & security Appropriate security safeguards and appropriate destruction of not public data Minnesota Statutes, section 13.05, subdivision 5 Disclosure of breach in security of data Minnesota Statutes, section Protecting not public data
DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III
Learning Objectives 3 Data Privacy Awareness Awareness The Data Practices Act Customer Rights Tennessen Warning Notice Informed Consent Data Protection and Security Resources This information is based on from the Information Policy Analysis Division of the Minnesota Department of Administration in 2007.
AWARENESS
Awareness Anyone working in a WFC is responsible for properly handling customer data. Customers have rights to privacy and security. Tennessen Notice Warning Sharing customer information with others is restricted.
THE DATA PRACTICES ACT
The Data Practices Act Minnesota Statutes, Chapter 13 and Minnesota Rules, Chapter 1205 Presumes government data are public Classifies data that are not public Provides rights for the public and data subjects Requires that data on individuals are accurate, complete, current, and secure Defines government data
CUSTOMER RIGHTS
Customer’s Rights Data subjects: Limits on the government’s collection and storage of data on individuals Right to certain information prior to the collection of private or confidential data Right to consent to the new use of data Right to challenge the accuracy and/or completeness of data Expectation in the security of data
The Three Laws of Data Practices The Official Records Act Minnesota Statutes, section The Records Management Statute Minnesota Statutes, section The Minnesota Government Data Practices Act Minnesota Statutes, Chapter 13 & Minnesota Rules, Chapter 1205
THE TENNESSEN WARNING NOTICE
Tennessen Warning Notice Tennessen Warning Notice, Minnesota 13.04, subdivision 2 covers: Private data collected from an individual on an individual Describes individual’s rights before data can be collected, stored, used, or disseminated Describes purpose and intended use of data Whether the individual may refuse or is legally required to provide the data Known consequences from supplying or refusing to supply the data Identity of other persons or entities with statutorily authorized access to the data
Discussion Point 1.Do understand the purpose of the Tennessen Warning Notice?
INFORMED CONSENT
Informed consent Permission for a new use or release of government data Informed consent is necessary for: Entity to use data in a new or different way A new release of data Collection of data about an individual from another person or entity Informed consent must be in writing and cannot be coerced
DATA PROTECTION AND SECURITY
Data protection & security Appropriate security safeguards and appropriate destruction of not public data Minnesota Statutes, section 13.05, subdivision 5 Disclosure of breach in security of data Minnesota Statutes, section Protecting not public data
Tips to Protect Not Public Data Lock the screen of your computer when leaving your desk Turn copies of not public data documents over or outside of view. Use locked file cabinets for not public data Do not leave not public data on a copier, printer, or fax machine. Do not discuss not public data with co-workers whose work does not require knowing about the data Create strong passwords for your computer, do not share it others, and change it periodically. Remove private data that you do not need to do your job from your laptop or briefcase. If you must use not public electronic data away from the office, consult with your technology person to discuss encryption options Do not access not public data using a web browser on a public computer Hide your laptop from plain view in your car; best to take it with you. Put it in the trunk before you reach your destiny.
Specific provisions of Chapter 13 General not public data Social Security numbers Private (Minnesota Statutes, section ) Security information Private/nonpublic (Minnesota Statutes, section 13.37) Trade secret data Private/nonpublic (Minnesota Statutes, section 13.37)
Civil remedies & penalties Minnesota Statutes, sections & Civil suits against government entity or responsible authority allowed Penalties for willful violation Misdemeanor Suspension or dismissal
Data Practices Checklist 1. Does our government entity know what data we collect and keep? 2. Does our government entity understand how the data are classified? 3. Does our government entity have a “data practices compliance official” (DPCO) who can help citizens and our entity with data practices requests? 4. Does our government entity have a policy and/or procedure that discusses which employee or employees within our entity are responsible for handling data practices issues? 5. Does our government entity have the public document required by Minnesota Statutes, section 13.05, subdivision 1, that identifies our responsible authority and describes the private and confidential data on individuals we maintain?
Discussion Point 1.Do you have a Data Practice policy and procedure at your WFC?
RESOURCES
Resources Responsible Authority: Dan McElroy, Commissioner Data Practices Compliance Official: Deb Serum or Policy and Procedures Manual: intraweb.deed.state.mn.us/ref/ppm/ppm601.htm Find out who your Data Practice person is at your site.
Information & questions Information Policy Analysis Division (IPAD) Commissioner of Administration’s advisory opinions IPAD website and information materials IPAD listserv and Newsletter Informal advice from IPAD Information Policy Analysis Division or 201 Administration Building 50 Sherburne Ave. St. Paul, MN 55155
Resource Area (RA) KEY POINTS 1. WFCs are responsible for appropriate security safeguards of public data and appropriate destruction of not public data. 2. One of the elements of the Data Practices Act provides for rights for the public and data subjects. 3. The Tennessen Notice Warning describes how and why data collected is intended to be use, collected and stored, sharing of information, rights and consequences of or not releasing information. 4. Any person who willfully – knowingly – violates Minnesota Statues Chapter 13 is guilty of a penalty.
This completes Learning Objective 3 of Module 2, Unit 1b and training for this unit. Learning Objective 1: Equal Opportunity Learning Objective 2: Complaint Process Leaning Objective 3: Data Privacy Awareness