Sec.1-92-40e. Maintenance of personal data  

(a) The Office of State Ethics shall strive to collect and maintain all personal data with accuracy and completeness. Any personal data not relevant and necessary to accomplish the lawful purpose of the Office of State Ethics shall be disposed of in accordance with the Office of State Ethics' record retention schedule, or upon permission from the public records administrator to dispose of said records under section 11-8a of the Connecticut General Statutes.

(b) The Office of State Ethics shall, when practical and consistent with its needs and purpose, collect personal data directly from the person to whom a record pertains.

(c) All employees who function as custodians for the Office of State Ethics' personal data system, or are involved in the operation thereof, shall be given a copy of the provisions of the Personal Data Act; these regulations; and a copy of the Freedom of Information Act.

(d) All such Office of State Ethics employees shall take reasonable precautions to protect personal data under their control or custody from the danger of fire, theft, flood, natural disaster and other physical threats.

(e) The Office of State Ethics shall incorporate by reference the provisions of the Personal Data Act and these regulations in all contracts, agreements or licenses for the operation of a personal data system or for research, evaluation and reporting of personal data for the Office of State Ethics or on its behalf.

(f) When the Office of State Ethics requests personal data from any other state agency, it shall have an independent obligation to ensure that the personal data is properly maintained, unless otherwise provided by law.

(g) Access to the Office of State Ethics' personal data system is available to Office of State Ethics employees who require such information in the performance of their official and lawful duties and to such other persons who are entitled to access under law. The Office of State Ethics shall keep an up-to-date roster of Office of State Ethics employees entitled to access to the Office of State Ethics' personal data system.

(h) The Office of State Ethics will insure against unnecessary duplication of personal data records. In the event it is necessary to send personal data records through interdepartmental mail, such records will be sent in envelopes or boxes sealed and marked "confidential," where such records are required by law to be kept confidential.

(i) The Office of State Ethics shall insure that all records in its manual personal data system are kept under lock and key, and, to the greatest extent practical, are kept in controlled access areas.

(j) The Office of State Ethics shall, to the greatest extent practical, locate automated equipment and records in a limited access area.

(k) Where required by law, to the greatest extent practical, the Office of State Ethics shall require visitors to such area to sign a visitor's log and permit access to said area on a bona-fide need-to-enter basis only.

(l) The Office of State Ethics, to the greatest extent practical, will insure that regular access to automated equipment is limited to operations personnel and other authorized persons.

(m) The Office of State Ethics shall use appropriate access control mechanisms to prevent disclosure to unauthorized individuals of personal data required to be kept confidential by law.