Section 16-2-8d - Maintenance of personal data(a) Any personal data not relevant and necessary to accomplish the lawful purpose of the agency shall be disposed of in accordance with the department's record retention schedule, or upon permission from the Public Records Administrator to dispose of said records under Connecticut General Statutes, Section 11-8a.(b) The department shall when practical and consistent with its needs and purpose, collect personal data directly from the person to whom a record pertains.(c) All employees who function as custodians for the department's employee personal data file system, or are involved in the operation thereof, shall be given a copy of the provisions of the Personal Data Act; these regulations; and a copy of the Freedom of Information Act.(d) All such departmental employees shall take reasonable precautions to protect personal data under their control or custody from the danger of fire, theft, flood, natural disaster and other physical threats.(e) The department shall incorporate by reference the provisions of the Personal Data Act and these regulations in all contracts, agreements or licenses for the operation of a personal data system or for research, evaluation and reporting of personal data for the department or on its behalf.(f) Another state agency requesting personal data from the department must insure that the personal data is maintained in accordance with the provisions of the Personal Data Act.(g) Access to the employee personal data system is restricted to agency employees who the director of personnel has determined requires such information as necessary to discharge their supervisory, administrative, or management responsibility. In each instance the employee shall have a specific need to review the personal data records for a lawful purpose.(h) The personnel office will maintain a complete up-to-date record of individuals entitled to review the department's employee personal data file system.(i) Information contained in the department employee personal data file system shall not be duplicated, except when necessary, and for good cause. All information contained in the employee personal data file system will be considered confidential, will be transmitted in a manner to protect confidentiality, and will be maintained in a locked file system where access is controlled. In the event it is necessary to send personal data records through interdepartmental mail such records will be sent in envelopes or boxes sealed and marked "confidential."(j) The automated data system equipment and records shall be located in a limited access area.(k) The personnel office will require visitors to the limited access area to sign a visitors' log before permitting access to said area. Access shall be permitted only on a bona fide need-to-enter basis.(l) Regular access to the limited access area shall be limited to its operations personnel.Conn. Agencies Regs. § 16-2-8d
Effective August 22, 1986