Connecticut General Statutes 4-193 – Agency’s duties re personal data
Each agency shall:
Terms Used In Connecticut General Statutes 4-193
- Agency: means each state or municipal board, commission, department or officer, other than the legislature, courts, Governor, Lieutenant Governor, Attorney General or town or regional boards of education, which maintains a personal data system. See Connecticut General Statutes 4-190
- Freedom of Information Act: A federal law that mandates that all the records created and kept by federal agencies in the executive branch of government must be open for public inspection and copying. The only exceptions are those records that fall into one of nine exempted categories listed in the statute. Source: OCC
- Maintain: means collect, maintain, use or disseminate. See Connecticut General Statutes 4-190
- Person: means an individual of any age concerning whom personal data is maintained in a personal data system, or a person's attorney or authorized representative. See Connecticut General Statutes 4-190
- Personal data: means any information about a person's education, finances, medical or emotional condition or history, employment or business history, family or personal relationships, reputation or character which because of name, identifying number, mark or description can be readily associated with a particular person. See Connecticut General Statutes 4-190
- Personal data system: means a collection of records containing personal data. See Connecticut General Statutes 4-190
- Record: means any collection of personal data which is collected, maintained or disseminated. See Connecticut General Statutes 4-190
- Statute: A law passed by a legislature.
(a) Inform each of its employees who operates or maintains a personal data system or who has access to personal data, of the provisions of (1) this chapter, (2) the agency’s regulations adopted pursuant to section 4-196, (3) the Freedom of Information Act, as defined in section 1-200, and (4) any other state or federal statute or regulation concerning maintenance or disclosure of personal data kept by the agency;
(b) Take reasonable precautions to protect personal data from the dangers of fire, theft, flood, natural disaster or other physical threats;
(c) Keep a complete record, concerning each person, of every individual, agency or organization who has obtained access to or to whom disclosure has been made of personal data and the reason for each such disclosure or access; and maintain such record for not less than five years from the date of obtaining such access or disclosure or maintain such record for the life of the record, whichever is longer;
(d) Make available to a person, upon written request, the record kept under subsection (c) of this section;
(e) Maintain only that information about a person which is relevant and necessary to accomplish the lawful purposes of the agency;
(f) Inform an individual in writing, upon written request, whether the agency maintains personal data concerning him;
(g) Except as otherwise provided in section 4-194, disclose to a person, upon written request, on a form understandable to such person, all personal data concerning him which is maintained by the agency. If disclosure of personal data is made under this subsection, the agency shall not disclose any personal data concerning persons other than the requesting person;
(h) Establish procedures which:
(1) Allow a person to contest the accuracy, completeness or relevancy of his personal data;
(2) Allow personal data to be corrected upon request of a person when the agency concurs in the proposed correction;
(3) Allow a person who believes that the agency maintains inaccurate or incomplete personal data concerning him to add a statement to the record setting forth what he believes to be an accurate or complete version of that personal data. Such a statement shall become a permanent part of the agency’s personal data system, and shall be disclosed to any individual, agency or organization to which the disputed personal data is disclosed.