STATE OF WASHINGTON
EMPLOYMENT SECURITY DEPARTMENT
WORKFORCE INVESTMENT ACT
POLICIES AND PROCEDURES
NUMBER:  4014
DATE:  03/27/02 Revised

This document has been formatted for use on this web site. It contains hyperlinks that enable the user to jump directly to specific areas within the document or to related documents. The information and guidance it contains is new definitions for terms that may be unfamiliar. This communication applies only to ESD staff, however, Workforce Development Councils (WDCs) and partner agencies are welcome and encouraged to use the information when developing local policies and procedures.

BACKGROUND | POLICY | PROCEDURES | DEFINITIONS | WEB SITE
REFERENCES | SUPERSEDES | DIRECT INQUIRIES TO

SUBJECT:  Public Records Privacy Protections

ORIGINATOR:  WIA Title III (Wagner-Peyser) (Labor Exchange Unit)

BACKGROUND

On April 25, 2000, the Governor signed Executive Order 00-03. The intent of this executive order was to ensure that state agencies comply fully with state public disclosure and open government laws, while protecting personal information to the maximum extent possible. This includes electronic databases that contain highly sensitive personal information about individuals. It is state government’s responsibility to protect the personal privacy rights of Washington’s citizens and lead the private sector by example and by law.

The WorkSource Operations and Employment and Training (E&T) Divisions are working together to identify all agency forms used in the field for appropriateness regarding public records privacy protections. These forms also need to be updated for compliance with WorkSource (logo, etc.) as well as Social Security Account (SSA) number usage. This is a major undertaking complicated by the need to convert to WorkSource and SKIES compatibility.

POLICY

It is the policy of the Employment Security Department (ESD) to fully comply with the letter and intent of the Governor's Executive Order 00-03. This policy is consistent with Policies and Procedures communication number 4013, Data Sharing.

PROCEDURES

The Employment Security Department (ESD) is required to collect sensitive and personal information about individuals in order to provide services under federal and state laws, rules, and regulations. Over the years, ESD has been very selective and sensitive regarding the disclosure of personal information to anyone outside of the RCW 50.13 requirements. In recent years, however, technology has made some personal information less secure requiring the adoption of some new procedures.

The Executive Order | ESD Administrative Responsibilities | Service Delivery Site Responsibilities

The Executive Order

With Executive Order 00-03, it was the Governor's intent to demonstrate his commitment to strengthen privacy protections for personal information held by state agencies, and to the principles of open government and the people's right to know. The purpose of the executive order was to direct state agencies, as responsible information custodians, to institute additional privacy protections for personal information and to ensure that people who supply personal information to state agencies know how it will be handled and protected under state law.

This is being accomplished by placing the government of Washington state at the forefront in protecting the personal information of its citizens; minimizing, as much as possible, the collection, retention, and release of personal information by the state; prohibiting the unauthorized sale of citizens’ personal information by state government; providing citizens with broad opportunities to know what personal information about them the state holds, and to review and correct that information; and making certain that businesses that contract with the state use personal information only for the contract purposes and cannot keep or sell the information for other purposes – and that those who violate this trust are held accountable.

In order to comply with the executive order, ESD adopted a number of procedures to strengthen administrative practices concerning confidential and personal information about individuals. Some examples are:

• Website - go2worksource.com displays the Agency Privacy Notice developed by the Information Technology Services Division (ITSD) on all pages that collect personal information.
     

• Sensitive Information - The go2worksource.com website implemented Secure Socket Layer (SSL) security on the web server in September 2000 to provide maximum protection of personal information submitted on web forms. The web site database is located behind the Department of Information Services (DIS) firewall to maximize security of the database. Other E&T systems have adequate security measures in place.

Service Delivery Site Responsibilities

In order to comply with the executive order, local Service Delivery Sites are responsible for:

• Reviewing all office practices regarding the visibility and use of customer SSA numbers. Areas of focus are sign in procedures in resource rooms and lobbies, desk-level personal computer screens, and disposal of forms and computer printouts. This initial activity is to be completed no later than April 30, 2001. However, continuous vigilance and an ongoing review of local procedures is necessary to prevent any future unauthorized release of confidential and personal information.

NOTE:  Documents containing confidential and personal information are to be stored in locked containers (e.g., file cabinets ,etc.). When the documents are no longer required for current usage or records storage, the documents are to be shredded to preclude unauthorized individuals (whether government employees or not) from obtaining the information. Documents in trash or recycle bins are accessible to anyone who may have access to the trash or recycling (e.g., other employees, janitorial staff, etc.). Such disposal methods could be considered an unauthorized release of confidential and personal information. Questions should be addressed to Office Services.

• Reviewing local use of customer SSA numbers on forms. The use of SSA numbers on job order referral cards and other forms where ESD identifiers can be used instead is inappropriate.

NOTE:  ESD identifiers could be job order numbers, JAS numbers, other program identifiers, or just the customer name in some instances.

Local management is responsible for:

• Reviewing this Policies and Procedures communication and preparing for full implementation.
     

• Reviewing all locally developed forms to ensure that SSA numbers are used only when absolutely necessary.

NOTE:  The timeline for completion of these last two items is dependent on the needs of each local area.

DEFINITIONS

Personal Information - For purposes of this communication, personal information means information collected about a natural person that is readily identifiable to that specific individual.

NOTE:  A natural person is an individual human as opposed to an organization or group of humans.

WEB SITE

http://www.wa.gov/esd/policies/

REFERENCES

Governor's Executive Order 00-03.

SUPERSEDES

None. This communication is new.