Each agency shall:
(a) Inform each of its employees who operates or maintains a personal data system or who has access to personal data, of the provisions of (1) this chapter, (2) the agency's regulations adopted pursuant to section 4-196, (3) the Freedom of Information Act, as defined in section 1-200, and (4) any other state or federal statute or regulation concerning maintenance or disclosure of personal data kept by the agency;
(b) Take reasonable precautions to protect personal data from the dangers of fire, theft, flood, natural disaster or other physical threats;
(c) Keep a complete record, concerning each person, of every individual, agency or organization who has obtained access to or to whom disclosure has been made of personal data and the reason for each such disclosure or access; and maintain such record for not less than five years from the date of obtaining such access or disclosure or maintain such record for the life of the record, whichever is longer;
(d) Make available to a person, upon written request, the record kept under subsection (c) of this section;
(e) Maintain only that information about a person which is relevant and necessary to accomplish the lawful purposes of the agency;
(f) Inform an individual in writing, upon written request, whether the agency maintains personal data concerning him;
(g) Except as otherwise provided in section 4-194, disclose to a person, upon written request, on a form understandable to such person, all personal data concerning him which is maintained by the agency. If disclosure of personal data is made under this subsection, the agency shall not disclose any personal data concerning persons other than the requesting person;
(h) Establish procedures which:
(1) Allow a person to contest the accuracy, completeness or relevancy of his personal data;
(2) Allow personal data to be corrected upon request of a person when the agency concurs in the proposed correction;
(3) Allow a person who believes that the agency maintains inaccurate or incomplete personal data concerning him to add a statement to the record setting forth what he believes to be an accurate or complete version of that personal data. Such a statement shall become a permanent part of the agency's personal data system, and shall be disclosed to any individual, agency or organization to which the disputed personal data is disclosed.
(P.A. 76-421, S. 4, 9; P.A. 77-431, S. 3, 5, 6; 77-604, S. 3, 4, 84; P.A. 79-538, S. 1; P.A. 84-546, S. 11, 173; P.A. 97-47, S. 28.)
History: P.A. 77-431 substituted “adopted” for “promulgated” in Subdiv. (a), required maintenance of records of persons, organizations and agencies given access to personal data for five years or the life of the record and required written requests for information, effective January 1, 1978; P.A. 77-604 made technical changes; P.A. 79-538 required agencies to inform employees of provisions of chapter 3; P.A. 84-546 amended Subdiv. (c) by deleting internal reference to “subsections (b) and (c) of section 4-192”; P.A. 97-47 amended Subdiv. (a) by substituting “the Freedom of Information Act, as defined in Sec. 1-18a” for “chapter 3”.
Cited. 186 C. 153; 216 C. 253.
Structure Connecticut General Statutes
Title 4 - Management of State Agencies
Section 4-193. - Agency's duties re personal data.
Section 4-194. - Refusal to disclose. Medical doctor to review data. Judicial relief.
Section 4-195. - Petition to court for failure to disclose.
Section 4-196. - Agencies to adopt regulations conforming to Attorney General's standards.
Section 4-197. - Action against agency for violation of chapter.