Efforts are underway with COT’s Chief Information Security Officer and the Identity Access Management Task Force to review/update existing Data Security policies and standards. These standards follow guidelines established by the National Institute of Standards and Technology. Where necessary, data security will be maintained at the individual field level to assure maximum protection. Data encryption (at rest and/or in transport) will be utilized where necessary based on the security classification of the data.
Upon establishment of a federated or actual Enterprise Data Warehouse, agencies providing or requesting access to other agency information will be required to give authorization for the utilization of the data. These authorizations will be reviewed on a regularly scheduled timeframe to assure accuracy and reaffirm approval. Criteria will be established for all shared data to confirm the level of accessibility by appropriate agency job function.
Data that cannot be released as individual records due to privacy regulations may instead be made available as compiled data, as allowed, to show established regional trends across the Commonwealth.