RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: PII and OUO Records Protection on Electronic Records Systems
From:
"Jones, Virginia" <[log in to unmask]>
Reply To:
Records Management Program <[log in to unmask]>
Date:
Fri, 3 Jan 2014 09:34:52 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (118 lines) 
Deb:

In addition to assigning rights based on job function, we require ALL employees to attend a briefing on the state privacy law and our PPI policies and to sign a "User's Agreement" that states they understand the requirements of the law and our policies.  I conduct the briefings and we update as new employees come on board.  All employees are trained because trying to keep up with training for promotions or temporary assignments (for instance acting crew chief, who has access to personnel files for the crew) would be a fulltime task.  We also require  contractors and third parties who have access to our records (for instance, the web bill pay provider) to attend a web version of the briefing and to sign the Agreement.  The wording of the Internal User Agreement is below.



Ginny Jones

(Virginia A. Jones, CRM, FAI)

Records Manager

Information Technology Division

Newport News Dept. of Public Utilities

Newport News, VA

[log in to unmask]<mailto:[log in to unmask]>


Internal User Acceptable Use Policy and Agreement

for access to Waterworks Information Systems containing information subject to the Government Data Collection and Dissemination Practices Act  (FORM PPA01)



1.         General

                        1.1. Use of Waterworks Information Systems containing personal information is subject to the laws, regulations, and ordinances of the United States of America, the Commonwealth of Virginia, and the City of Newport News.

                        1.2. Access to Waterworks Information Systems containing personal information, and access to personal information that is contained in these systems, imposes certain responsibilities, limitations, and obligations upon the recipient of that access. Acceptable use of this access is always ethical, honest and within the requirements of the Commonwealth of Virginia Government Data Collection and Dissemination Practices Act.

                        1.3. As defined by the Act (Code of Virginia §2.2-3801),

1.3.1.   "information system" means the total components and operations of a record-keeping process, including information collected or managed by means of computer networks and the Internet, whether automated or manual, containing personal information and the name, personal number, or other identifying particulars of a data subject.

1.3.2.   "personal information" means all information that (i) describes, locates or indexes anything about an individual including, but not limited to, his social security number, driver's license number, agency-issued identification number, student identification number, real or personal property holdings derived from tax returns, and his education, financial transactions, medical history, ancestry, religion, political ideology, criminal or employment record, or (ii) affords a basis for inferring personal characteristics, such as finger and voice prints, photographs, or things done by or to such individual; and the record of his presence, registration, or membership in an organization or activity, or admission to an institution. "Personal information" shall not include routine information maintained for the purpose of internal office administration whose use could not be such as to affect adversely any data subject nor does the term include real estate assessment information.

1.3.3.   "data subject" means an individual about whom personal information is indexed or may be located under name, personal number, or other identifiable particulars in an information system.

2                    Requirements - recipients of access to Waterworks Information Systems containing customer and employee personal information shall:

2.1. Use the information for City business only.

2.2. Store and maintain electronic information only on authorized computers or media.

2.3 Store and maintain paper media containing personal information only in authorized secure filing containers or records storage areas.

2.4. Access only information to which the user has been given specific access.

2.5. Protect their access from unauthorized use.



Internal Acceptable Use Policy and Agreement                       1 of 2                                     Form  PPA01 Rev May, 2012

2.6. Use the information only for the purpose stated.        Information collected for one purpose shall not be used for another purpose.

2.7. Protect the confidentiality of the information at all times.

2.8. Understand that some of the information they access is exempt from disclosure under the Virginia Freedom of Information Act and will need Waterworks Director approval to further distribute or disclose the information.

2.9. Dispose of any printed copies of the information in the appropriate manner.

2.10. Notify Waterworks Information Technologies Division when the user no longer requires access for their job function or upon the user's termination from employment with Waterworks.

2.11 Comply with all Waterworks policies and procedures regarding access to and us of personal information.

3                    Penalties - Recipients of access to data on Waterworks Information Systems and/or access to customer and employee personal information that is contained in these systems shall understand that misuse of data on Waterworks Information Systems containing customer and employee personal information is a serious violation of the City of Newport News Standards of Conduct, addressable through the disciplinary process.



4.                  Nothing in this policy shall limit the City in prosecution of individuals or the attempt to recover damages including, but not limited to, specific remedies contained in:

·         The Virginia Government Data Collection and Dissemination Practices Act

·         The Virginia Computer Crimes Act

·         The Virginia Freedom of Information Act

·         The United States Fair Debt Collections Practices Act



I fully understand the Acceptable Use Policy and Agreement for access to Waterworks Information Systems containing information subject to the Government Data Collection and Dissemination Practices Act and agree to abide by its terms and conditions.



User Name



User Signature



Department/Division



Date



Internal Acceptable Use Policy and Agreement                       2 of 2                                       Form  PPA01 rev May, 2012







List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2