SubTitle4-23b-1_4-23b-7. Personal Data  

(a) Category of "personal data" means the classification of personal information set forth in the Personal Data Act, Section 4-190 (9) of the Connecticut General Statutes.

(b) "Other data" means any information which because of name, identifying number, mark or description can be readily associated with a particular person.

(c) "CSEIS" is the acronym for the automated personal data system known as the Connecticut State Employees Information System.

(d) "CONCERTS" is the acronym for the computerized system known as the Connecticut Certification System.

(e) The definition of terms used in these regulations shall be the same as those definitions of terms contained in Section 4-190, Connecticut General Statutes.

The Department of Administrative Services, in the central office and in the specific Bureaus indicated, maintains the following personal data systems:

(a) Personnel Records—Department of Administrative Services

(1) All personnel records are maintained at the Department of Administrative Services, Room 504, State Office Building, Hartford, Connecticut.

(2) Personnel records are maintained in both automated and manual form.

(3) Personnel records are maintained for the purpose of retaining payroll, health, discipline and related personnel information concerning Department of Administrative Services.

(4) Personnel records are the responsibility of the Agency Personnel Administrator of the Department of Administrative Services, whose business address is: Department of Administrative Services, Room 504, State Office Building, Hartford, Connecticut. All requests for disclosure or amendment of those records should be directed to the Agency Personnel Admstrator.

(5) Routine sources for information retained in personnel records include the employee, previous employers of the employee, references provided by applicants, the employee's supervisor, the Comptroller's Office, Department of Administrative Services, Division of Personnel and Labor Relations, and State insurance carriers.

(6) Personal data in personnel records are collected, maintained and used under authority of the State Personnel Act, Conn. Gen. Statutes, Section 5-193 et seq.

(b) Collection Services Operational Records

(1) Operational records are available at 363 Russell Road, Newington, but may, at times, be located at other sites.

(2) Operational records are maintained in both automated and manual form.

(3) These records are maintained insofar as they are relevant and necessary to accomplish the lawful purpose of the Bureau.

(4) Operational records are the responsibility of the Deputy Commissioner of the Bureau of Central Collections whose business address is 363 Russell Road, Newington, CT 06111. All requests for disclosure or amendment of these records should be addressed to the Deputy Commissioner.

(5) Routine sources for information retained in the operational records include: State agencies, their patients/clients, their family members; corporations and/or agencies dispensing benefits; persons, State agencies and/or corporations with knowledge of information necessary for the Bureau to accomplish its mission.

(6) Personal data in operational files are collected, maintained and used under the authority of Sections 4-68 et seq, 4-68c, 4-68e, 4-68h, 4-68i, 17-83f, 17-83g, 17-295 et seq, 17-300, 17-303 and 49-73, Conn. General Statutes.

(c) Information Systems and Data Processing Security Files

(1) Security files are available at 340 Capitol Avenue, Hartford, CT, Bureau of Information Systems and Data Processing.

(2) Security files are maintained in manual form.

(3) These records are maintained as per agreement with the State Police. Purpose of the data is to provide background data on prospective employees who might have access to State Police data stored at the Bureau. Such security precautions are relevant and consistent with the lawful purposes of the State Police.

(4) Security files are the responsibility of the Joint DAS State Policy Committee chairperson whose business address is 340 Capitol Avenue, Hartford. All requests for disclosure or amendment of these records should be directed to the chairperson of said committee.

(5) Routine sources of information retained in security files include: Federal, State and local criminal records.

(6) Personal data in security files are collected, maintained and used under the authority of Connecticut General Statutes governing each agency maintaining personal data in this Bureau.

(d) Personnel—Connecticut State Employees Information System (CSEIS)

(1) The input and inquiry equipment is located in Room 419, State Office Building, 165 Capitol Ave., Hartford and data storage and processing equipment at 340 Capitol Ave., Hartford, CT.

(2) CSEIS is an automated personal data system.

(3) CSEIS maintains the employment history of every state employee as well as personal data. The system is dependent upon each agency submitting changes affecting employees in a timely manner. In return the system processes mass up-dates, classification changes and provides numerous administrative reports reducing the amount of manual work at the agency level and reducing the maintenance of personnel records as well as maintaining the historical data.

(4) Requests for information concerning these records should be addressed to the Director of Personnel and Labor Relations, Personnel Bureau, Department of Administrative Services, State Office Building, 165 Capitol Ave., Hartford, CT 06106, Attention: Personnel Administration Manager.

(5) Statutory authority for the collection of personal data of state employees is contained in Section 5-200 (e) and Section 5-203, Connecticut General Statutes.

(e) Personnel—Connecticut Certification System (CONCERTS)

(1) CONCERTS is located in Room 415, State Office Building, 165 Capitol Ave., Hartford, CT.

(2) CONCERTS is an automated data system.

(3) CONCERTS is a system for expediting the merit system examination program through automated application processing, test scheduling and notification, development of an eligibility roster, notification of results and preparation of certification lists. Demographic information supplied by applicants allow comprehensive analyses for meeting Federal requirements concerning Equal Employment Opportunities.

(4) Requests for information should be addressed to the Director of Personnel and Labor Relations, Personnel Bureau, Department of Administrative Services, State Office Building, 165 Capitol Ave., Hartford, CT 06106, Attention: Personnel Administration Manager.

(5) Statutory authority for the activities covered by examinations and results is contained in Section 5-200 (a) and Section 5-216 through and including Section 5-228, Connecticut General Statutes.

(f) Personnel—Affirmative Action Complaint Files

(1) The Affirmative Action Complaint files are maintained in Rooms 239 and 241, State Office Building, Hartford, CT.

(2) The file system is manually maintained.

(3) The Affirmative Action Complaint files have two sections. The informal file is maintained to monitor progress of complaint resolution and to provide an information base in the event of formal complaint action. The formal file provides information on ongoing discrimination actions before the Commission on Human Rights and Opportunities or in law suits.

(4) Information concerning these records may be obtained by writing to the Director of Personnel and Labor Relations, Personnel Bureau, Department of Administrative Services, State Office Building, 165 Capitol Ave., Hartford, CT 06106, Attention: Director of Employment Relations.

(5) Personal data contained in these files are obtained from the complainant, the supervisor of the complainant and from agency records.

(6) Authority to gather the information in these files is contained in Sec. 5-200 (a), CGS.

(g) Personnel—Workers' Compensation Files

(1) Workers' Compensation data is located at 20 Grand St., Hartford, CT.

(2) A manual procedure is used to maintain the files.

(3) The purpose of the system is to document the circumstances of physical injury to State employees while performing their assigned duties.

(4) Requests for information concerning these records should be addressed to the Director of Personnel and Labor Relations, Personnel Bureau, Department of Administrative Services, State Office Building, 165 Capitol Ave., Hartford, CT 06106, Attention: Workers' Compensation Administrator.

(5) Statutory authority for the submission of reports of injuries is Section 5-145, Connecticut General Statutes.

(h) Personnel—Central Examination File

(1) The Central Examination file is located in Room 537, State Office Building, Hartford, CT.

(2) The file system is manually maintained.

(3) The Central Examination file contains the records of the qualifications of persons used as examiners, in order to comply with federal and professional standards on the validity of merit system examinations and to maintain information on the observed quality of performance of those who have served as examiners.

(4) Information concerning these records may be obtained by writing to the Director of Personnel and Labor Relations, Personnel Bureau, Department of Administrative Services, State Office Building, 165 Capitol Ave., Hartford, CT 06106, Attention: Chief Personnel Psychologist.

(5) Personal data contained in these files are obtained from the examiners themselves. Ratings of examiner performance are made by the personnel analyst responsible for the merit examination for which these persons have served as examiners.

(6) Authority for maintaining this information is contained in Section 5-219, CGS.

(i) Personnel—Hartford Graduate Center Masters Program

(1) Records are located in Room 405, State Office Building, 165 Capitol Ave., Hartford, CT.

(2) Records are maintained by a manual system.

(3) Information in records used to evaluate and recommend candidates for the Hartford Graduate Center Masters Program.

(4) Maintenance of these records has been delegated to the Director of Personnel and Labor Relations, Room 403, State Office Building, 165 Capitol Ave., Hartford, CT 06106. All requests for disclosure or amendment of these records should be addressed to the Director of Personnel and Labor Relations, Attention: Director of Management Relations.

(5) Personal data is obtained from candidates and their Agency Heads.

(j) Personnel—Distinguished Managerial Service Award

(1) Records are located in Room 405, State Office Building, 165 Capitol Ave., Hartford, CT.

(2) Records are maintained by a manual system.

(3) Information in records used to review nominations for Distinguished Managerial Service Awards.

(4) Maintenance of these records has been delegated to the Director of Personnel and Labor Relations, Room 403, State Office Building, 165 Capitol Ave., Hartford, CT 06106. All requests for disclosure or amendment of these records should be addressed to the Director of Personnel and Labor Relations, Attention: Director of Management Relations.

(5) Personal data is obtained through nominations, agency heads and candidates' resumes.

(k) Personnel—Senior Executive Service

(1) Records are located in Room 405, State Office Building, 165 Capitol Ave., Hartford, CT.

(2) Records are maintained by a manual system. Information in records used to review applications and reference data in evaluating Senior Executive Service candidates.

(3) Maintenance of these records has been delegated to the Director of Personnel and Labor Relations, Room 403, State Office Building, 165 Capitol Ave., Hartford, CT 06106. All requests for disclosure or amendment of these records should be addressed to the Director of Personnel and Labor Relations, Attention: Director of Management Relations.

(4) Personal data is obtained from candidates and their supervisors.

(5) Authority for the collection, maintenance and use of the personal data is Section 5-236, Connecticut General Statutes.

(a) Department of Administrative Services Personnel Records

(1) The following categories of personal data may be maintained in personnel records:

(a) Educational records.

(b) Medical, emotional condition and/or a history.

(c) Employment records.

(d) Other reference records.

(2) Categories of other data:

(a) Marital status.

(3) Personnel records are maintained on employees of the Department of Administrative Services and applicants for employment with the Department of Administrative Services.

(b) Collection Services Operational Records

(1) The following categories of personal data may be maintained in operational records:

(a) personal information

(b) medical, psychiatric, psychological information

(c) employment information

(d) criminal/court related information

(e) other reference records

(2) Categories of other data may be maintained in operational records:

(a) account receivable information

(b) probate information

(c) Superior court information

(3) Operational records are maintained on the patients/clients of State client agencies, the legally responsible relatives of the patient/client and any person or corporation acting as fiduciary and/or representative payee.

Typical users of the data maintained by the Bureau of Collection Services include the Bureau staff, Health and Human Services, Attorney General's office, the Judicial Department, U-Conn Health Center, State Auditors, Office of Policy and Management and the Departments of Children & Youth Services, Human Resources, Income Maintenance, Mental Health and Mental Retardation.

(c) Information Systems and Data Processing Security Files

(1) The following categories of personal data may be maintained in the security files:

(a) records of conviction and type of crime

(2) Security files kept on people applying for positions having access to State Police Data

(d) Personnel—Connecticut State Employees Information System (CSEIS)

(1) The following categories of personal data are maintained in these records:

(a) personal information

(b) work history

(c) compensation

(2) Categories of other data are:

(a) employment status

(b) agency and classification assignment

(3) Records are maintained on all employees and officers in the State service, whether under the classified service or not.

(e) Personnel—Connecticut Certification System (CONCERTS)

(1) The following categories of personal data are maintained in these records:

(a) personal information on job application

(b) voluntary demographic information

(2) Categories of other data are:

(a) examination results

(b) prior employment experience

(3) Records are maintained on job applicants and those who successfully pass the merit system examination for the class in which they applied.

(f) Personnel—Affirmative Action Complaint Files

(1) The category of personal data involves name of the complainant and any other information submitted as identification.

(2) Categories of other data include the nature of the complaint as it affects the complainant, history of occurrences leading up to the complaint and supportive data.

(3) The categories of persons on whom records may be obtained are the complainant, the defendant and others who may be implicated by the nature of the charge.

(g) Personnel—Workers' Compensation

(1) The following categories of personal data are maintained in these records:

(a) personal information

(b) family information

(2) Categories of other data are:

(a) employment information

(b) type of injury and circumstances leading to injury

(3) A file record is maintained on all injuries reported as well as disposition of claim.

(h) Personnel—Central Examination File

(1) The category of personal data involves the name and qualifications of each person used as a merit system examiner or as a developer of examination material.

(2) Categories of other data include evaluations of performance and general information not included in the above paragraph.

(3) Records are maintained on persons used as merit system examiners and developers of examination materials.

(i) Personnel—Hartford Graduate Center Masters Program

(1) The following categories of personal data are maintained in these records:

(a) nomination information

(b) biographies of candidates

(c) supporting letters of recommendation

(2) Categories of other data are:

(a) lists of nominees to program

(3) Records are maintained on those managerial employees nominated to participate in this program.

(j) Personnel—Distinguished Managerial Service Award

(1) The following categories of personal data are maintained in these records:

(a) nomination information

(b) biographies of candidates

(c) supporting letters of recommendation

(2) Categories of other data are:

(a) lists of nominees

(b) ranking based on committee evaluation

(3) Records are maintained on those managerial employees nominated for this award.

(k) Personnel—Senior Executive Service

(1) The following categories of personal data are maintained in these records:

(a) applications

(b) supporting references from supervisors and agency heads

(2) Categories of other data are:

(a) lists of qualified candidates

(3) Records are maintained on candidates and those employees appointed to the Senior Executive Service.

(a) Personal data will not be maintained unless relevant and necessary to accomplish the lawful purposes of the Department of Administrative Services. All records will be maintained in accordance with the approved records retention schedule on file.

(b) All records will be collected and maintained with a maximum of accuracy and completeness.

(c) Insofar as it is consistent with the needs and mission of the Department, each Bureau shall collect personal data from authorized sources or directly from the person to whom a record pertains.

(d) All Department of Administrative Services employees involved in the operation of any data system requiring personal data will be informed of the provisions of the Personal Data Act, any regulations adopted pursuant to Section 4-196, CGS, the basic principles of the Freedom of Information Act and any other state or federal statutes or regulations pertaining to the maintenance or disclosure of personal data kept by the particular Bureau to which the employee is assigned.

(e) All Department employees shall take reasonable precautions to protect personal data under their custody from the danger of fire, theft, flood, natural disaster and other physical threats.

(f) The Department shall incorporate by reference the provisions of the Personal Data Act and regulations promulgated thereunder in all contracts, agreements or licenses for the operation of a personal data system or for research, evaluation and reporting of personal data for the Department or on its behalf.

(g) Each Bureau of the Department, when requesting and receiving personal data from other agencies, shall maintain an independent obligation to insure that the personal data is properly maintained.

(h) Only employees of each Bureau of the Department who have a specific need to review personal data records for lawful purposes of their Bureau will be entitled to access to such records under the Personal Data Act.

(i) Each Bureau will keep a written up-to-date list of individuals entitled to access to each of that Bureau's personal data systems.

(j) The Department will insure against unnecessary duplication of personal data records. In the event it is necessary to send personal data records through Interdepartmental mail such records will be sent in sealed envelopes or boxes marked "Confidential."

(k) Each Bureau of the Department will insure that all records in manual personal data systems are kept under lock and key and, to the greatest extent practical, are kept in controlled access areas.

(l) Where automated personal data systems are maintained each Bureau of the Department will:

(1) To the greatest extent practical, locate automated equipment and records in a limited access area.

(2) To the greatest extent practical, require visitors to such area to sign a visitor's log and to permit access to said area on a bona-fide need-to-enter basis only.

(3) To the greatest extent practical, insure that regular access to automated equipment is limited to operations personnel.

(4) Utilize appropriate access control mechanisms to prevent disclosure of personal data to unauthorized individuals.

(a) Each Bureau of the Department of Administrative Services shall, within four business days of receipt of a written request therefore, mail or deliver a response in plain language informing him/her as to whether or not the Bureau maintains personal data on that individual, the category and location of the personal data maintained on that individual and procedures available to review the records.

(b) Except where nondisclosure is required or specifically permitted by law, each Bureau shall disclose to any person upon written request all personal data concerning that individual which is maintained by the Bureau. The procedures for disclosure shall be in accordance with Sections 1-15 through 1-21k, CGS. If the personal data is maintained in coded form the Bureau shall transcribe the data into a commonly understandable form before disclosure.

(c) Each Bureau is responsible for verifying the identity of any person requesting access to his/her personal data.

(d) Each Bureau is responsible for ensuring that disclosure made pursuant to the Personal Data Act is conducted so as not to disclose any personal data concerning persons other than the person requesting the information.

(e) Each Bureau may refuse to disclose to a person medical, psychiatric or psychological data on that person if it is determined that such disclosure would be detrimental to that person.

(f) In any case where a Bureau refuses disclosure, it shall advise that person of his/her right to seek judicial relief pursuant to the Personal Data Act.

(g) If a Bureau refuses to disclose medical, psychiatric or psychological data to a person based on its determination that disclosure would be detrimental to that person and nondisclosure is not mandated by law, the Bureau shall, at the written request of such person, permit a qualified medical doctor to review the personal data contained in the person's record to determine if the personal data should be disclosed. If disclosure is recommended by the person's medical doctor, the Bureau shall disclose the personal data to such person; if nondisclosure is recommended by such person's medical doctor, the Bureau shall not disclose the personal data and shall inform such person of the judicial relief provided under the Personal Data Act.

(h) Each Bureau shall maintain a complete log of each person, agency or organization who has obtained access to or to whom disclosure has been made of personal data under the Personal Data Act, together with the reason for each such disclosure or access. This log must be maintained for not less than five years from the date of such disclosure or access or for the life of the personal data record, whichever is longer.

(a) Any person who believes that a Bureau of the Department of Administrative Services is maintaining inaccurate, incomplete or irrelevant data concerning him/her may file a written request with that Bureau for correction of said data.

(b) Within 30 days of receipt of such request the Bureau shall give written notice to that person that it will make the requested correction, or if the correction is not to be made as submitted, the Bureau shall state the reason for its denial of such request and notify the person of his/her right to add his/her own statement to his/her personal data records. This statement will set forth what the person believes to be an accurate, complete and relevant version of the personal data in question. Such statements shall become a permanent part of the Bureau's personal data system and shall be disclosed to any individual, agency or organization to which the disputed personal data has been disclosed.

(a) Employees in each Bureau of the Department of Administrative Services may be assigned duties which utilize personal data in varying degrees depending upon the requirements of the Bureau's objectives and functions.

(b) Each Bureau will maintain all records and correspondence in accordance with schedules approved by and on file with the Public Records Administrator as required by Section 11-8a, CGS.

(c) When an individual is asked to supply personal data to a Bureau, the Bureau shall disclose to that individual, upon request, the name of the agency and the division within the agency which is requesting the data, the legal authority under which the Bureau is empowered to collect and maintain the personal data, the individual's rights pertaining to such records under the Personal Data Act and the Department of Administrative Service's regulations, the known consequences arising from supplying or refusing to supply the requested personal data and the proposed use to be made of the requested personal data.