Connecticut Administrative Code
Title 54 - Criminal Procedure
124a - Board of Pardons and Paroles Concerning
Section 54-124a-15 - Maintenance of personal data

(1) Personal data shall not be maintained unless relevant and necessary to accomplish the lawful purposes of the Board. Where the Board finds irrelevant or unnecessary public records in its possession, the Board shall dispose of the records in accordance with its records retention schedule and with the approval of the Public Records Administrator in accordance with the provisions of section 11-8a of the Connecticut General Statutes, or if the records are not disposable under the records retentions schedule, request permission from the Public Records Administrator to dispose of the records under section 11-8a of the Connecticut General Statutes.

(2) The Board shall collect and maintain all records with accurateness and completeness.

(3) Insofar as it is consistent with the needs and mission of the Board, wherever practical, the Board shall collect personal data directly from the individual to whom a record pertains.

(4) Employees of the Board involved in the operations of the Board's personal data systems shall be informed of the provisions of (A) the Personal Data Act, (B) sections 54-124a-12 to 54-124a-18, inclusive, of the Regulations of Connecticut State Agencies, (C) the Freedom of Information Act, and (D) any other state or federal statute or regulations concerning maintenance or disclosure of personal data kept by the Board.

(5) All employees of the Board shall take reasonable precautions to protect personal data under their custody from the danger of fire, theft, flood, natural disaster and other physical threats.

(6) The Board shall incorporate by reference the provisions of the Personal Data Act and regulations adopted thereunder in all contract, agreements or licenses for the operation of a personal data system for research, evaluation and reporting of personal data for the Board or on its behalf.

(7) The Board shall have an independent obligation to ensure that personal data requested from any other state agency is properly maintained.

(8) Only employees of the Board who have a specific need or legal authority to review personal data records for lawful purposes of the Board shall be entitled to access to such records under the Personal Data Act.

(9) The Board shall keep a written up-to-date list of individuals entitled to access to each of the Board's personal data systems.

(10) The Board shall ensure against unnecessary duplication of personal data records.

(11) The Board shall ensure that all records in manual personal data systems are kept under lock and key, and, to the greatest extent practical, are kept in controlled access areas.

(1) To the greatest extent practical, automated equipment and records pertaining to personal data shall be located in a limited access area.

(2) To the greatest extent practical, the Board shall require visitors to such limited access area to sign a visitor's log and permit access to such area on a good faith need-to-enter basis only.

(3) To the greatest extent practical, the Board shall ensure that regular access to automated equipment pertaining to personal data is limited to operations personnel.

(4) The Board shall utilize appropriate access control mechanisms to prevent disclosure of personal data to unauthorized individuals.