|
Are
JobNet/TAXIS converted records considered TAXIS records
and therefore unable to merge because the system recognizes
them as TAXIS/TAXIS records? (05/22/07)
Converted TAXIS records are considered TAXIS records and can
not merge. We initially received a full dump of TAXIS
created Employers when SKIES went into production. From that
point forward, records are received through the regularly
scheduled interface. That is the difference between
converted TAXIS and interface TAXIS. All still originated
from TAXIS.
What
about data conversion records (not specified as JobNet)?
Are they TAXIS records and cannot merged – or – can they
merge? (05/22/07)
As long as the originating system was not TAXIS or through
the interface with Go2Worksource.com, the system allows them
to merge.
How to
keep other counties, WDAs, people, from having access to a
particular office or area’s employer record? (05/22/07)
Currently, there is no policy or statewide practice to
prohibit WDAs from sharing an employer record. This concern
will be presented at the next SKIES Change Control Board
meeting to assist with identifying the appropriate entity
for resolution.
Data
Access
Who
is responsible for system access approval, record keeping and
monitoring in centralized WDAs?
In
Centralized WDAs, the State (ESD) has responsibility for approving
user access as well as maintaining records of MOUs, Data Sharing
Contracts, user profiles and supervisor approval. Local partner offices are
responsible for keeping the signed Notice of Non-Disclosure and
certification of training completion for each user.
Who
generates the Data Sharing Agreement (DSA)?
Since
the WDC, ESD and partner agencies are all involved, the development of
SKIES Data Sharing Contracts must be coordinated. We have asked the SKIES
Steering Committee member from each area to facilitate the coordination.
In decentralized areas, it is up to the WDA to develop a procedure for
tracking the Non-Disclosure statements.
Who
tracks Non-disclosure statements; (does the State need a copy of each
signed statement)?
They
can either be kept centrally at the WDA, or be retained at the local
partner office, as long as an auditor can retrieve them. In centralized
areas, all Non-Disclosure statements will be retained at the local office.
The State does not need a copy of the signed statement.
Is
a Data Sharing Agreement (DSA) required for each site?
Each
“SKIES Data Recipient” (WorkSource Partner, WDC or WIA Contractor who is
authorized to have access to or receives SKIES data) is required to have a
SKIES Data Sharing Contract with ESD. A regional partnership area may have a
single Data Sharing Contract with ESD that lists multiple parties (each
Requesting Entity in the partnership area), or it may have separate
contracts with ESD for each partner.
Must
a Centralized WDA maintain local user records?
No.
The only record keeping requirement for centralized WDAs is that local
offices retain signed Non-Disclosure statements and certification of
training completion for each user.
Who
grants data sharing authority?
Each
“Requesting Entity” (WorkSource Partner, WDC or WIA Contractor) must
have a Data Sharing Contract with ESD. WDAs choosing the decentralized
option must include the special provision for “Decentralized Security
Administration” in their contract with ESD. This provision grants
authority to the WDA to authorize user access to the system. Access can
only be authorized to individuals employed by an agency that has a SKIES
Data Sharing Contract with ESD. For WDAs choosing the centralized
option, ESD will authorize user access, but only to individuals employed
by an agency that has a SKIES Data Sharing Contract with ESD.
Who
certifies that signed Non Disclosure statement is on file for the user?
ESD
identified a “System Access Approver” for each local centralized
office. Only this individual will be authorized to access a secure on-line
SKIES User Access request form. On the form, the System Access Approver
will be required to certify that signed Non Disclosure statements are on
file for the user, the type of access granted (user profile) is justified
and is approved by the user’s supervisor, and that SKIES training has
been completed. Upon receipt of the request, ESD will verify that a valid
SKIES Data Sharing Contract is in place for the requesting agency and that
the agency is party to a WorkSource Memorandum of Agreement (WorkSource
Partner) or is a WDC contractor for services under the Workforce
Investment Act. ESD will have a system to track Data Sharing Contract
expiration dates so that user access will be revoked when contracts expire.
The System Access Approvers will be required to notify ESD immediately when
users are no longer employed so access can be revoked.
Where
are records maintained?
In
decentralized areas, the WDA must develop procedures to keep records of
each individual authorized to access the system. This should include
user’s office location, access profile, certification of training
completion, supervisor approval, and evidence that Non-Disclosure
statement is signed, For each agency (Requesting Entity), evidence
to document a current Data Sharing Agreement and MOU (or WIA contractor
status) will be needed. A procedure will also be needed to ensure that
user access is immediately revoked when the user is no longer employed
with the agency, or if the Data Sharing Contract expires. These records
can be maintained at the WDA or at the local office, as long as they are
retrievable for audit or monitoring. In centralized areas, most of these
records will be maintained by ESD. Only the signed Non-Disclosure
statements and certification of training completion needs to be maintained
at the local office.
Who
grants user access and maintains records of skies access in the
centralized option?
Under
the centralized option, responsibilities for granting user access and
related record keeping (except as noted in question above) are assumed by
the state. All WorkSource Partners, WDCs or WIA Contractors who need to
have access to or receives SKIES data must have a SKIES Data Sharing
Contract with ESD.
Who
guards against inappropriate access?
The
responsibility for guarding against inappropriate access is shared by all
parties including the State, WDC and local offices (Requesting Entities).
See LIMITATION ON ACCESS AND USE, PHYSICAL SAFEGUARDS and TERMINATION OF
ACCESS provisions in the SKIES Data Sharing Contract.
Who
approves access?
For
centralized WDAs, “System Access Approvers” will submit access
requests to ESD, but only ESD can actually add users in SKIES. The WDA
System Administrator in centralized WDAs can maintain table information
and perform other administrative tasks in SKIES, but cannot add users.
Data
Sharing
Who
is the "Department Agreement Manager"?
Check
with the ESD representative for your WDC
Where
can I get a Data
Sharing Notification?
See
ESD
Policy and Procedures for Data Sharing
Who
is responsible for getting the Data Sharing Agreements signed?
This
should be coordinated between the SKIES Steering Committee member, and the
ESD representative for your WDC.
What
about Volunteers? The Data Sharing Contract definitions - d. "WIA
Contractor", includes the Contractor's ”volunteers". If a
WorkSource office has Green Thumb volunteers manning the front desk, what
organization is responsible for the volunteers? Does Green
Thumb, as an organization, need to sign the Data Sharing Agreement?
A
volunteer is considered an agent of the organization they are working (or
volunteering) for. Green Thumb would not need to have a Data Sharing
Contract unless it is a WorkSource partner. In this case, the volunteer
would be an agent of the WorkSource office, so would be covered by its
Data Sharing Contract. Like all users, the volunteer must sign the Notice
of Non-Disclosure.
Who
can answer questions about SKIES Data Sharing Contracts?
You
can direct your questions to
Tina
Pendon
Confidentiality
May I mail a SKIES
report that may contain customer information to an affiliate? (03/25/03)
If you
mail the data, it should be on a CD in a file that is password protected.
You can put the data in an excel file with password protection, or
compress to a password protected zip file. The password should be
transmitted separately to the recipient - preferably by phone. This
protects the data from interception by someone who opens and processes the
mail before the intended recipient actually gets it. You should never mail
printed data.
Under the Data Sharing
Contract we must properly secure, dispose, destroy or shred documents
generated from SKIES in printed form. Is a company that picks up and
destroys confidential material that's stored in a locked container a
proper form of destruction for SKIES printed data? (03/25/03)
Normally
we would like to see shredding by the user, but the scenario you outlined
would be OK.
How
does SKIES address confidentiality?
Access to
SKIES will require the following:
 |
Must be an
employee of an agency that has signed a Memorandum of Agreement with the
local Workforce Development Council. |
|
|
Must be an
employee of an agency that has signed a data sharing agreement.
|
|
|
Must be an
employee of an agency with a resource sharing agreement (if applicable).
|
|
|
Must have
completed training in SKIES. |
|
|
Must have
signed an Oath of Confidentiality. |
SKIES is
designed from the perspective of a “shared customer” for both jobseekers and
employers. It is assumed that agencies working in the WorkSource delivery
system need to share information about customers to better serve that
customer, reduce redundancy in the collection of data and reduce the number
of service points for the customer. Implied in that concept of “shared
customer” is the notion that all agencies are working for the best interest
of the customer in a professional manner. It is assumed that all
professionals are concerned about maintaining a customer’s information in a
way that will benefit and not harm the customer. In this shared system, no
one agency owns the information. The customer owns the information; the
agencies use the information to meet the needs of the customer. We are all
learning new behaviors in the WorkSource delivery system. One of the new
behaviors is trust among partners. We are all in the process of building
that trust.
Access will
be monitored and controlled. We want to ensure that only staff that have met
the requirements have access. Audit reports will be available to
supervisors, which will allow areas to check on any changes to information
that is entered into the system. Those changes will be identified by user
and by date.
I
want to email a
report containing customer and counselor names to an affiliate. No SSN's or anything else.
Must I password protect or encrypt the report before I can email it to them?
Since the file will contain personal information, it will need to be transmitted in a secure way.
If you are sending to a user that is inside the ESD network (DIS backbone), you can go ahead and send as a regular e-mail because our network is protected.
If you need to send it outside the ESD network, you can protect it by sending as a password protected zip file (like win-zip or PK Zip). Let me know if you need help doing this. You will have to then give the recipient the password. Don’t send the password via e-mail - use the telephone for that.
Another alternative is to write the data to a CD and hand deliver it. If you do so, make sure the CD is destroyed after use.
Back to Top |
