Current through October 31, 2024
Section 310.15 - What are the safeguards and processes that comprehensive Tribal IV-D agencies must have in place to ensure the security and privacy of Computerized Tribal IV-D Systems and Office Automation?(a)Information integrity and security. The comprehensive Tribal IV-D agency must have safeguards on the integrity, accuracy, completeness, access to, and use of data in the Computerized Tribal IV-D System and Office Automation. Computerized Tribal IV-D Systems and Office Automation should be compliant with the Federal Information Security Management Act, and the Privacy Act. The required safeguards must include written policies and procedures concerning the following:(1) Periodic evaluations of the system for risk of security and privacy breaches;(2) Procedures to allow Tribal IV-D personnel controlled access and use of IV-D data, including: (i) Specifying the data which may be used for particular IV-D program purposes, and the personnel permitted access to such data;(ii) Permitting access to and use of data for the purpose of exchanging information with State and Tribal agencies administering programs under titles IV-A, IV-E and XIX of the Act to the extent necessary to carry out the comprehensive Tribal IV-D agency's responsibilities with respect to such programs;(3) Maintenance and control of application software program data;(4) Mechanisms to back-up and otherwise protect hardware, software, documents, and other communications; and,(5) Mechanisms to report breaches or suspected breaches of personally identifiable information to the Department of Homeland Security, and to respond to those breaches.(b)Monitoring of access. The comprehensive Tribal IV-D agency must monitor routine access to and use of the Computerized Tribal IV-D System and Office Automation through methods such as audit trails and feedback mechanisms to guard against, and promptly identify, unauthorized access or use;(c)Training and information. The comprehensive Tribal IV-D agency must have procedures to ensure that all personnel, including Tribal IV-D staff and contractors, who may have access to or be required to use confidential program data in the Computerized Tribal IV-D System and Office Automation are adequately trained in security procedures.(d)Penalties. The comprehensive Tribal IV-D agency must have administrative penalties, including dismissal from employment, for unauthorized access to, disclosure or use of confidential information.