TO RESEARCH NYPPL POSTINGS type in your key word in the box at the upper left and tap enter.

Thursday, April 24, 2014

Security of government computer records


Security of government computer records
State Technology Law and other provisions of law

A town recently reported that its accounting program was the victim of hacking and a number of “payroll checks” were processed and presented for payment. Although the town’s bank “caught” the fraudulent checks, the town expressed concern that personal information in its system may have been compromised and asked its attorney to advise it as to its possible liability to individuals who may suffer as a result of the theft of personal data.

To assist public agencies to cope with the increasing number of attempts to breach computer security efforts, the New York State Office of Cyber Security has issued its Cyber Security Policy P03-002, Information Security Policy, posted on the Internet at http://www.dhses.ny.gov/ocs/resources/documents/cyber-security-policy-p03-002-v3.4.pdf , while the State Comptroller’s Division of Local Government and School Accountability has issued a “Local Government Information Security” statement that is posted on the Internet at http://www.osc.state.ny.us/localgov/pubs/research/snapshot/cybersecurity0811.pdf

A “Cyber Security Citizen’s Notification Policy” has been adopted by municipalities to deal with a breach of its computer security protocols. For example, the Village of North Hills has such a policy it has posted on the Internet [ http://ecode360.com/6309491 ] as has the Town of Massena [see http://ecode360.com/11058454 ]. 

In addition, General Business Law §899-aa, the Security Breach and Notification Act, addresses situations resulting from persons without valid authorization having acquired private information stored on an business  entity's computer..

Also relevant is §208(8) of the State Technology Law captioned “Notification; person without valid authorization has acquired private information,” requiring counties, cities, towns, villages and other governmental entities to adopt a computer security “breach notification policy.”

In addition, §308.1 of the act provides as follows with respect to personal privacy protection:

"Any information reported to the electronic facilitator by a government entity in connection with the authorization of an electronic signature shall continue to be withheld from public disclosure if such information was withheld from public disclosure by such government entity. Electronic records shall be considered and treated as any other records for the purposes of the freedom of information law as set forth in article six of the public officers law and the personal privacy protection law as set forth in article six-A of the public officers law.

“2. A person or an entity that acts as an authenticator of electronic signatures shall not disclose to a third party any personal information reported to it by the electronic signatory other than the information necessary to authenticate the signature unless the disclosure is made pursuant to a court order or statute, or if the information or data is used solely for statistical purposes in aggregate form. For purposes of this section, "personal information" shall mean data that identifies a specific person, including but not limited to home and work addresses, telephone number, e-mail address, social security number, birthdate, gender, marital status, mother's maiden name, and health data.”
.

No comments:

Post a Comment

Handbooks focusing on New York State and Municipal Public Personnel Law:

The Discipline Book, - a concise guide to disciplinary actions involving public employees in New York State. A 1900+ page e-book. For more information click on http://booklocker.com/books/5215.html

The Layoff, Preferred List and Reinstatement Manual - a 435 page handbook reviewing the relevant laws, rules and regulations, and selected court and administrative decisions. For more information click on http://booklocker.com/books/5216.html

A Reasonable Disciplinary Penalty Under the Circumstances - A 600+ page guide to penalties imposed on public employees in New York State found guilty of selected acts of misconduct. For more information, click on http://booklocker.com/books/7401.html

General Municipal Law§§ 207-a and 207-c - Disability Leave for fire, police and other public sector personnel - a 1098 page e-book focusing on administering General Municipal Law Sections 207-a/207-c and providing benefits thereunder. For more information click on http://booklocker.com/books/3916.html

Caution:

Subsequent court and administrative rulings, or changes to laws, rules and regulations may have modified or clarified or vacated or reversed the decisions summarized here. Accordingly, these summaries should be Shepardized® or otherwise checked to make certain that the most recent information is being considered by the reader.

THE MATERIAL ON THIS WEBSITE IS FOR INFORMATION ONLY. CHANGES IN LAWS, RULES, REGULATIONS AND NEW COURT AND ADMINISTRATIVE DECISIONS MAY AFFECT THE ACCURACY OF THE INFORMATION PROVIDED IN THIS LAWBLOG. THE MATERIAL PRESENTED IS NOT LEGAL ADVICE AND THE USE OF ANY MATERIAL POSTED ON THIS WEBSITE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP.

Consistent with the Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations, the material in this blog is presented with the understanding that the publisher is not providing legal advice to the reader and in the event legal or other expert assistance is needed, the reader should seek such advice from a competent professional.

Items published in NYPPL may not be used for commercial purposes without prior written permission to copy and distribute such material. Send your request via e-mail to publications@nycap.rr.com

Readers may share material posted in NYPPL with others provided attribution to NYPPL is given.

Copyright© 1987 - 2014 by the Public Employment Law Press.



___________________



N.B. From time to time a political ad or endorsement may appear in the sidebar of this Blog. NYPPL does not have any control over such posting.

_____________________

.