20.9.804    SECURITY OF YOUTH ELECTRONIC RECORDS IN DEPARTMENT YOUTH MANAGEMENT INFORMATION SYSTEM

(1) To control the security of the information in the youth management information system, the Youth Services Division administrator or designee will give to the Information and Business Technology Bureau security officer(s) the names of persons who need access to the youth management information system. The Information and Business Technology Bureau security officer(s) or designee will grant or deny access to the persons whose names are forwarded. Upon recommendation of the Youth Services Division administrator or designee, the Information and Business Technology Bureau security officer(s) will remove or terminate previously granted access.

(2) The department's chief information officer may periodically review access that has been granted, denied, or terminated.

(3) Youth Services Division personnel who learn of or suspect a security breach in the youth management information system must report the security breach to the department's chief information officer.

(4) Any employee with access to the youth management information system who engages in unauthorized use, disclosure, alteration, or destruction of data will be subject to appropriate disciplinary action, including possible dismissal and legal action.

(5) The Information and Business Technology Bureau of the department is responsible for physical security and access control to the hardware that hosts the youth management information system.

(6) The Information and Business Technology Bureau of the department will secure back-up tapes off-site in compliance with state enterprise technology policy.

History: 41-5-220, MCA; IMP, 41-5-220, 41-5-221, MCA; NEW, 2008 MAR p. 2053, Eff. 9/26/08.