HOME    SEARCH    ABOUT US    CONTACT US    HELP   
           
Montana Administrative Register Notice 20-9-40 No. 13   07/17/2008    
    Page No.: 1368 -- 1368
Prev Next

BEFORE THE DEPARTMENT OF CORRECTIONS

OF THE STATE OF MONTANA

In the matter of the adoption of New Rules I through V pertaining to confidentiality of youth records
)
)
)
NOTICE OF PUBLIC HEARING ON PROPOSED ADOPTION

TO: All Concerned Persons

1. On August 21, 2008, at 1:00 p.m., the Department of Corrections will hold a public hearing in Room 24 of the Department of Corrections Annex at 515 N. Sanders, at Helena, Montana, to consider the proposed adoption of the above-stated rules.

2. The Department of Corrections will make reasonable accommodations for persons with disabilities who wish to participate in this rulemaking process or need an alternative accessible format of this notice. If you require an accommodation, contact Department of Corrections no later than 5:00 p.m. on August 11, 2008, to advise us of the nature of the accommodation that you need. Please contact Myrna Omholt-Mason, Department of Corrections, P.O. Box 201301, Helena, Montana, 59620-1301; telephone (406) 444-3911; fax (406) 444-4920; or e-mail [email protected].

3. The new rules are necessary to implement the provisions of Title 41, chapter 5, part 2, MCA, which require the Department of Corrections to adopt appropriate control methods to ensure adequate integrity, security, and confidentiality of any electronic records of a youth, collected, generated, disseminated, or maintained by the department in any management information system, as authorized under Title 53, chapter 1, part 2, MCA.

4. The rules as proposed to be adopted provide as follows:

NEW RULE I DEFINITIONS As used in this subchapter, the following definitions apply:

(1) "Data" means any data related to the records maintained in any youth management information system developed by or used by the Department of Corrections Youth Services Division.

(2) "Department" means the Department of Corrections.

(3) "State enterprise technology policy" means an executive branch information technology policy published by the Department of Administration.

(4) "User ID" means a character string which identifies an individual to a computer system, enabling access and/or update capabilities.

(5) "Validation tables" means a mechanism to ensure that the data that are entered fall within specific boundaries. The table contains the only acceptable data that may be entered into the system so the person entering the data is restricted to enter only those words or numbers that are in the validation table.

(6) "Youth management information system" means the computer systems and staff who manage the systems in the Department of Corrections and which contain information and records involving the management of youth under supervision of the Department of Corrections.

(7) "Youth Services Division" means a division of the Department of Corrections consisting of juvenile corrections programs including Pine Hills Youth Correctional Facility, Riverside Youth Correctional Facility, and the Youth Community Corrections Bureau.

AUTH: 41-5-220, MCA

IMP: 41-5-220, 41-5-221, MCA

REASON: The agency proposes New Rule I, Definitions, to define terms used in the body of New Rules II through V.

NEW RULE II YOUTH ELECTRONIC RECORDS (1) The department will maintain an electronic youth management information system. The department will maintain the electronic youth management information system separate from any adult electronic management information system.

AUTH: 41-5-220, MCA

IMP: 41-5-220, 41-5-221, MCA

REASON: The agency proposes New Rule II, Youth Electronic Records, to establish that the agency will implement a youth management information system and that it will be separate from any adult system.

NEW RULE III INTEGRITY OF YOUTH ELECTRONIC RECORDS IN DEPARTMENT YOUTH MANAGEMENT INFORMATION SYSTEM (1) To control the integrity of the information in the youth management information system, only authorized persons will be given the capability to enter data into the system as granted authorization by the Youth Services Division administrator or designee to enter data.

(2) Persons who are granted authorization to enter data will be specially trained by the department to enter correct data into the youth management information system.

(3) The statistics unit of the department will periodically run reports to validate the integrity of the information in the youth management information system. The statistics unit will identify missing or incomplete information with these reports.

(4) When a person enters or changes data in the youth management information system, the system will record the name and user identification of the person who entered or changed the data, and the date and time it was entered, changed, or deleted.

(5) The system will utilize validation tables whenever possible.

AUTH: 41-5-220, MCA

IMP: 41-5-220, 41-5-221, MCA

REASON: The agency proposes New Rule III to establish procedures by which the department will assure the integrity of information in the youth management information system.

NEW RULE IV SECURITY OF YOUTH ELECTRONIC RECORDS IN DEPARTMENT YOUTH MANAGEMENT INFORMATION SYSTEM (1) To control the security of the information in the youth management information system, the Youth Services Division administrator or designee will give to the Information and Business Technology Bureau security officer(s) the names of persons who need access to the youth management information system. The Information and Business Technology Bureau security officer(s) or designee will grant or deny access to the persons whose names are forwarded. Upon recommendation of the Youth Services Division administrator or designee, the Information and Business Technology Bureau security officer(s) will remove or terminate previously granted access.

(2) The department's chief information officer may periodically review access that has been granted, denied, or terminated.

(3) Youth Services Division personnel who learn of or suspect a security breach in the youth management information system must report the security breach to the department's chief information officer.

(4) Any employee with access to the youth management information system who engages in unauthorized use, disclosure, alteration, or destruction of data will be subject to appropriate disciplinary action, including possible dismissal and legal action.

(5) The Information and Business Technology Bureau of the department is responsible for physical security and access control to the hardware that hosts the youth management information system.

(6) The Information and Business Technology Bureau of the department will secure back-up tapes off-site in compliance with state enterprise technology policy.

AUTH: 41-5-220, MCA

IMP: 41-5-220, 41-5-221, MCA

REASON: The agency proposes New Rule IV to establish procedures by which the department will assure the security of information in the youth management information system.

NEW RULE V CONFIDENTIALITY OF YOUTH ELECTRONIC RECORDS IN DEPARTMENT YOUTH MANAGEMENT INFORMATION SYSTEM (1) The information in the youth management information system is confidential and shall not be disseminated to anyone outside the department unless specifically authorized by the Youth Services Division administrator or designee.

(2) Each individual who is granted access to the youth management information system shall be responsible for maintaining the confidentiality of the information.

(3) No statistical report the department prepares will contain any identifying information of a youth or any information that would allow identification of a youth.

AUTH: 41-5-220, MCA

IMP: 41-5-220, 41-5-221, MCA

REASON: The agency proposes New Rule V to establish procedures by which the department will assure the confidentiality of information in the youth management information system.

5. Concerned persons may present their data, views, or arguments either orally or in writing at the hearing. Written data, views, or arguments may also be submitted to: Myrna Omholt-Mason at the contact information listed in paragraph 2, and must be received no later that 5:00 p.m. on August 28, 2008.

6. The department maintains a list of interested persons who wish to receive notices of rulemaking actions proposed by this agency. Persons who wish to have their name added to the list shall make a written request that includes the name, e-mail address, and mailing address of the person to receive notices and specifies for which program the person wishes to receive notices. Notices will be sent by e-mail unless a mailing preference is noted in the request. Such written request may be mailed or delivered to Myrna Omholt-Mason, at the contact information listed in paragraph 2, or may be made by completing a request form at any rules hearing held by the department.

7. An electronic copy of this Proposal Notice is available through the department's web site at www.cor.mt.gov. The department strives to make the electronic copy of the Notice conform to the official version of the Notice, as printed in the Montana Administrative Register. However, the department advises that it will decide any conflict between the official version and the electronic version in favor of the official printed version. In addition, the department advises that the web site may be inaccessible at times, due to system maintenance or technical problems.

8. The bill sponsor notice requirements of 2-4-302, MCA, apply and have been fulfilled. The primary bill sponsor was notified on June 24, 2008 by regular mail.

9. Colleen A. White, Hearings Examiner, will preside over and conduct the hearing.

/s/ Colleen A. White����������������������������������� /s/ Mike Ferriter

COLLEEN A. WHITE�������������������������������� MIKE FERRITER

Rule Reviewer�������������������������������������������� Director

��������������������������������������������������������������������� Department of Corrections

Certified to the Secretary of State July 7, 2008.

Home  |   Search  |   About Us  |   Contact Us  |   Help  |   Disclaimer  |   Privacy & Security