C.R.S. Section 24-37.5-703
Interdepartmental data protocol

  • contents

(1)

The chief information officer, or the chief information officer’s designee, in coordination with the government data advisory board, must publish on or before November 1, 2022, an interoperability data framework and protocol aimed at promoting interoperability of data models across state agencies, with the goal of minimizing duplication of records, enhancing security, and increasing the state’s capability to monitor and audit data-sharing transactions. At a minimum, the interoperability data framework shall:

(a)

Include the protocol and procedures to be used by state agencies in data management; and

(b)

Be designed to ensure that data collected by different state agencies can be matched and discrepancies in the data processing are reconciled to accurately identify data pertaining to the same record without allowing any permanent sharing of personal identifying information.

(2)

The protocol and procedures included in the interdepartmental data protocol by which state agencies may share data and by which a state agency may release data to a political subdivision or to a nongovernmental organization shall prioritize and coordinate data management and protection efforts across state agencies to maximize the privacy and protection of all data and to reduce the risk of public exposure of private or protected data. This includes but is not limited to:

(a)

Defining processes for managing data throughout the data management lifecycle;

(b)

Establishing the circumstances under which and the reasons that a state agency may share information with another state agency, a political subdivision, or a nongovernmental organization;

(c)

Ensuring compliance with all state and federal laws and regulations concerning the privacy of information, including but not limited to the federal “Family Educational Rights and Privacy Act of 1974”, 20 U.S.C. sec. 1232g, and the federal “Health Insurance Portability and Accountability Act of 1996”, 42 U.S.C. sec. 1320d to 1320d-9; and

(d)

Establishing a protocol that secures all personal identifying information collected and developing standards to minimize the collection of personal identifying information.

(3)

Notwithstanding any provision of this section, the interdepartmental data protocol shall not prohibit the release or sharing of data as required by federal or state laws including, but not limited to, the “Colorado Open Records Act”, part 2 of article 72 of this title 24 or as required to comply with a court-issued subpoena, warrant, or order. In addition, the interdepartmental data protocol is not intended to prevent the sharing of data as permitted by existing contracts or agreements entered into by state agencies that comply with all applicable laws. Any sharing of data with nongovernmental organizations or individuals that is permitted, but not required, by state or federal laws, must be subject to a written agreement containing sufficient terms to protect against any unauthorized or unlawful access or release of any personal identifying information or to protect the confidentiality of nonpublic information that may be shared with such parties.

Source: Section 24-37.5-703 — Interdepartmental data protocol - contents, https://leg.­colorado.­gov/sites/default/files/images/olls/crs2023-title-24.­pdf (accessed Oct. 20, 2023).

24‑37.5‑101
Legislative declaration - findings 24‑37.5‑102
Definitions 24‑37.5‑103
Office of information technology - creation - information technology revolving fund - geographic information system coordination 24‑37.5‑105
Office - roles - responsibilities - state search interface - rules - legislative declaration - definitions 24‑37.5‑105.2
State agencies - information technology - responsibilities 24‑37.5‑105.4
Delegation of authority 24‑37.5‑106
Chief information officer - duties and responsibilities 24‑37.5‑116
Communications and stakeholder management plan 24‑37.5‑117
Use of technology to interact with citizens - working group - strategic plan 24‑37.5‑118
Change of references - director to revisor of statutes 24‑37.5‑119
Broadband service - report - broadband deployment board - broadband administrative fund - creation - rules - legislative declaration - definitions - repeal 24‑37.5‑120
Technology risk prevention and response fund - creation - definitions 24‑37.5‑121
Digital access to government services - strategic plan - reporting - legislative declaration - definitions 24‑37.5‑122
Study of personally identifiable information - authority of chief information officer - report to joint technology committee - definitions - repeal 24‑37.5‑123
Colorado operations resource engine upgrade and continuous improvement project - reporting 24‑37.5‑401
Legislative declaration 24‑37.5‑403
Chief information security officer - duties and responsibilities 24‑37.5‑404
Public agencies - information security plans 24‑37.5‑404.5
Institutions of higher education - information security plans 24‑37.5‑404.7
General assembly - information security plans 24‑37.5‑405
Security incidents - authority of chief information security officer 24‑37.5‑701
Legislative declaration - intent 24‑37.5‑702
Government data advisory board - created - duties - definition 24‑37.5‑703
Interdepartmental data protocol - contents 24‑37.5‑704
Data-sharing - authorization 24‑37.5‑801
Information technology asset inventory - refresh cycle schedule - report 24‑37.5‑802
Information technology budget requests - working group - report 24‑37.5‑901
Legislative declaration 24‑37.5‑902
Definitions 24‑37.5‑903
Colorado broadband office - creation - responsibilities - gifts, grants, or donations 24‑37.5‑904
Digital inclusion grant program - income-eligible household reimbursement program - creation - award criteria - digital inclusion grant program fund - definition - reporting - repeal
Green check means up to date. Up to date

Current through Fall 2024

§ 24-37.5-703’s source at colorado​.gov