PA 09-33—sHB 6190

Labor and Public Employees Committee

Government Administration and Elections Committee

AN ACT CONCERNING CONFIDENTIALITY OF CERTAIN EMPLOYER DATA

SUMMARY: The unemployment compensation act requires employers to provide the Labor Department with employee information that must be kept confidential from everyone but department employees. There are exceptions to this under specific confidentiality agreements with regional workforce development boards as a part of their duties under the federal Workforce Investment Act.

This act permits the department to make such information available to a private entity under contract with the U. S. Department of Labor (U. S. DOL) to administer grants that benefit the state Labor Department. It requires the private entities to enter into the same confidentiality agreements that the law requires of the regional workforce development boards.

EFFECTIVE DATE: October 1, 2009

RELEASE OF CERTAIN EMPLOYMENT RECORDS

By law, employers must keep accurate employment records which contain information that the unemployment compensation administrator prescribes and must be available for his inspection. The department must keep confidential any information that would reveal the employee's or employer's identity.

The act allows the department to disclose the information to a private entity under contract with U. S. DOL if the private entity first enters into the same type of confidentiality agreement that state law requires of the workforce boards.

SAFEGUARDS TO PROTECT CONFIDENTIALITY

Under the act, each agreement must contain safeguards to protect the information's confidentiality. The safeguards must include:

1. a statement from the private entity of the purposes and specific use of the information along with a statement that it will only be used for these purposes;

2. a requirement that the entity store the information in a location that is physically secure from unauthorized access and, when the information is maintained electronically, in a way that prevents this access;

3. a requirement that the entity establish procedures to ensure that only authorized individuals have access to information stored in computers;

4. a requirement that the entity also enter into written agreements, which the department must approve, with its authorized agents extending the requisite safeguards contained in its agreement with the department;

5. a requirement that the entity instruct all people with access to the information about the legal sanctions and require each employee and agent authorized to review the disclosed information to acknowledge in writing that they have been advised of the sanctions;

6. a statement that re-disclosure of the information is prohibited unless the department approves it in writing;

7. a requirement that the entity dispose of the information, including copies the entity makes, after it has served its purpose either by returning it to the department or verifying that the information has been destroyed;

8. a statement that the entity must permit the department's representatives to conduct periodic audits, including on-site inspections, to review the entity's adherence to these provisions; and

9. a statement that the entity will reimburse the department for costs it incurs in making the information available and conducting the audits.

Under the act, an entity's employees or agents violating these provisions may be fined up to $200, imprisoned for up to six months, or both. And they are banned from any further access to confidential information.

The law, which is unchanged by the act, allows the department to make disclosures to public employees in the performance of their duties and subjects violators to identical penalties.

OLR Tracking: JM: KM: PF: TS