Montana Administrative Register Notice 20-7-37 No. 16   08/23/2007    
    Page No.: 1144 -- 1148
Prev Next




In the matter of the adoption of new rules                ) NOTICE OF PUBLIC

I through VI pertaining to security and                      ) HEARING ON PROPOSED

confidentiality of youth records                                 ) ADOPTION


TO: All Concerned Persons


1. On September 13, 2007, at 10:00 a.m. a public hearing will be held in Room 24 of the Department of Corrections Annex at 515 N. Sanders, Helena, Montana, to consider the proposed adoption of the above-stated rules.


2. The Department of Corrections will make reasonable accommodations for persons with disabilities who wish to participate in this public hearing or need an alternative accessible format of this notice. If you require an accommodation, contact the department no later than 5:00 p.m. on September 6, 2007, to advise us of the nature of the accommodation that you need. Please contact Myrna Omholt-Mason, 1539 11th Ave., P.O. Box 201301, Helena, Montana 59620-1301, telephone: (406) 444-3930, FAX: (406) 444-4920, e-mail: momholt-mason@mt.gov.


3. The new rules are necessary to implement the provisions of Title 41, chapter 5, part 2, MCA, which requires the Department of Corrections to adopt appropriate control methods to ensure adequate integrity, security, and confidentiality of any electronic records of a youth, collected, generated, disseminated, or maintained by the department in any management information system, as authorized under Title 53, chapter 1, part 2, MCA.


4. The proposed new rules provide as follows:


NEW RULE I DEFINITIONS As used in this subchapter, the following definitions apply:

(1) "Access capability" means authority granted to an individual which allows viewing of data residing in a computer system file. Access capability is generally managed through assignments of a user ID and password.

(2) "Administrative systems and applications" means any computer system/application programming which supports administrative activities of the Department of Corrections. This includes systems or applications supporting both the central administration and the administrative units of the various bureaus of the department.

(3) "Central office file" means an electronic record that is maintained in the central office of the Department of Corrections on each youth offender under the jurisdiction or responsibility of the Youth Services Division.

(4) "Data" means any data related to the records maintained in any youth data system developed by or used by the Department of Corrections Youth Services Division.

(5) "Data owner" means the Department of Corrections employee responsible for the data in the youth data system (e.g., a division or department head). The division head of the Youth Services Division in the Department of Corrections, as well as the department director, are the data owners. Responsibilities include evaluation/approving requests for access to specific data or groups of data.

(6) "Data security officer" means an employee from the Information Technology Bureau responsible for evaluating and monitoring system access. The data security officer will evaluate requests for access to application databases.

(7) "Electronic records" means records created or stored by electronic means, including but not limited to, computer files, scanned images, files on tape, disks, or internal memory.

(8) "Management information system" means the computer systems in an organization that provide information about its business operations, as well as the personnel in the Department of Corrections who manage these systems.

(9) "Offender field file" means the electronic record that is created and maintained in the field offices of juvenile parole officers or youth correctional facilities that consists of legal documents, reports, submissions, statements, and support materials used to make decisions about the offender in regard to custody, treatment programs, supervision, parole, and general case management. These records contain the complete adjudication referral documents that authorize the Youth Services Division to maintain legal custody and/or supervision of offenders. These files are used on a daily basis for routine case management and for making decisions about offenders in regard to placements, custody, treatment, and supervision.

(10) "Public information" means information that is available or distributed to the general public either regularly or upon request.

(11) "Restricted information, moderately sensitive/highly sensitive" means information intended for use only by individuals who require that information in the course of performing their agency responsibilities, or information protected by federal and state regulations. Requests for access to this information must be authorized by the applicable division administrator or department director.

(12) "Systems and applications" means any computer system/application programming which supports activities of the Department of Corrections.

(13) "Update capability" means access capability which allows an individual to alter, add, or delete data in a computer system file.

(14) "User ID" means a character string which identifies an individual to a computer system, enabling access and/or update capabilities.

(15) "Youth Community Corrections Bureau" means the bureau within the Youth Services Division that is responsible for the statewide supervision and habilitation of youth offenders including community transition centers, parole, financial and program services, interstate compact of juveniles, juvenile detention licensing, and numerous contracts providing placement and services for youth.

(16) "Youth Services Division" means a division of the Department of Corrections consisting of juvenile corrections programs including Pine Hills Youth Correctional Facility, Riverside Youth Correctional Facility, and the Youth Community Corrections Bureau.


AUTH: 41-5-220, MCA

IMP: 41-5-220, MCA


REASON: The agency proposes New Rule I, Definitions, to define terms used in the body of New Rules II through VI.


NEW RULE II DEPARTMENT OF CORRECTIONS RULES FOR MANAGEMENT OF ELECTRONIC YOUTH DATA SYSTEMS (1) The Department of Corrections Youth Services Division is responsible for the protection of its information assets, including all electronically created and stored data regarding the youth under its care and custody. The department will allow the use, access, and disclosure of such information only in accordance with its interest and applicable laws and regulations. All department employees providing services or working with the department's information are responsible for protecting it from unauthorized access, modification, destruction, or disclosure.

(2) The Department of Corrections shall follow all current state of Montana Enterprise policies governing user responsibility, security of electronic information, workstation care, and virus detection and prevention. Where the Department of Corrections' policies and written procedures are more restrictive than Enterprise policies, the department's policies and procedures must be followed.

(3) The records maintained in any youth data system developed by or used by the department shall be maintained totally separate and apart from electronic records developed or used for the adult population supervised by the department. The youth data system may be a separate entity of a system used for the adult population.


AUTH: 41-5-220, MCA

IMP: 41-5-215, 41-5-216, 41-5-220, 52-2-203, 52-2-211, MCA


NEW RULE III DEPARTMENT OF CORRECTIONS RULES FOR DESTRUCTION OF YOUTH RECORDS (1) The Department of Corrections shall ensure that any entity receiving youth information as allowed by law is informed of its obligation to destroy the information when its purpose is fulfilled and no later than the date that the record is sealed.

(2) If the department provides copies of any electronic youth record to another agency, the other agency must destroy the record when the records have fulfilled their purpose or have been sealed, whichever occurs first.

(3) The department shall institute procedures to identify electronic records to be sealed and destroyed and to seal or destroy such records in a timely manner.


AUTH: 41-5-220, MCA

IMP: 41-5-215, 41-5-216, 41-5-220, 52-2-203, 52-2-211, MCA


NEW RULE IV APPLICATION OF RULES REGARDING ACCESS AND UPDATE CAPABILITIES/RESTRICTIONS (1) Access and update capabilities and restrictions shall apply to all Department of Corrections Youth Services Division data stored on computers used for Department of Corrections Youth Services Division purposes.

(2) The data owner, as the supervisor, is responsible for the data residing in the youth data system. These responsibilities include:

(a) ensuring proper operating controls over the application in order to maintain a secure processing environment;

(b) ensuring accuracy and quality of data residing in the application; and

(c) approving all requests for access to and update capability for the specific application.

(3) On an annual basis, the data owner and the data security officer will review the current set of access and update capabilities granted to each individual on the system in order to ensure that no changes are necessary.


AUTH: 41-5-215, 41-5-216, 41-5-220, MCA

IMP: 41-5-215, 41-5-216, 41-5-220, 52-2-203, 52-2-211, MCA



(1) It will be the responsibility of the data owner to ensure that all individuals with access to restricted data are aware of the confidential nature of the information and the limitations, in terms of disclosure, that apply. Each individual who is granted a user ID and password shall be responsible for maintaining confidentiality over appropriate information without exception. The release of restricted data without the express approval of the data owner will result in appropriate disciplinary action, including possible dismissal.


AUTH: 41-5-216, 41-5-220, MCA

IMP: 41-5-215, 41-5-216, 41-5-220, MCA 


NEW RULE VI REPORTING DATA SECURITY BREACHES (1) Data owners and data security officers are responsible for reporting security breaches identified during the course of their responsibilities.

(2) All individuals with responsibility over or access to youth data system are expected to follow the policies and procedures of the Department of Corrections and to exercise discretion with regard to such information. Any individual with access to the youth data system who engages in unauthorized use, disclosure, alteration, or destruction of data in violation of the policy will be subject to appropriate disciplinary action, including possible dismissal and/or legal action.


AUTH: 41-5-216, 41-5-220, MCA

IMP: 41-5-216, 41-5-220, MCA


5. Concerned persons may present their data, views, or arguments, either orally or in writing, at the hearing. Written data, views, or arguments may also be submitted to Myrna Omholt-Mason at the contact information listed in paragraph 2, and must be received no later than 5 p.m. on September 20, 2007.


6. The Department of Corrections maintains a list of interested persons who wish to receive notices of rulemaking actions proposed by this agency. Persons who wish to have their name added to the list shall make a written request which includes the name and mailing address of the person to receive notices and specifies that the person wishes to receive notices regarding adult community corrections, youth services, board of pardons and parole, private correctional facilities, or general departmental rulemakings. Such written request may be mailed or delivered to Myrna Omholt-Mason, at the contact information listed in paragraph 2, or may be made by completing a request form at any rules hearing held by the Department of Corrections.


7. An electronic copy of this Notice of Public Hearing is available through the department's web site at www.cor.mt.gov. The department strives to make the electronic copy of this Notice of Public Hearing conform to the official version of the Notice, as printed in the Montana Administrative Register. However, the department advises that it will decide any conflict between the official version and the electronic version in favor of the official printed version. In addition, the department advises that the web site may be inaccessible at times, due to system maintenance or technical problems.


8. The bill sponsor notice requirements of 2-4-302, MCA, apply and have been fulfilled. The primary bill sponsor was notified on July 30, 2007, by regular mail.


9. Colleen A. White, Hearings Examiner, will preside over and conduct the hearing.


/s/ Mike Ferriter                                              /s/ Colleen A. White

MIKE FERRITER                                           COLLEEN A. WHITE

Director of Corrections                                 Rule Reviewer


Certified to the Secretary of State July 31, 2007.

Home  |   Search  |   About Us  |   Contact Us  |   Help  |   Disclaimer  |   Privacy & Security