C.R.S. Section 24-37.5-703
Interdepartmental data protocol

  • contents


The chief information officer, or the chief information officer’s designee, in coordination with the government data advisory board, must publish on or before November 1, 2022, an interoperability data framework and protocol aimed at promoting interoperability of data models across state agencies, with the goal of minimizing duplication of records, enhancing security, and increasing the state’s capability to monitor and audit data-sharing transactions. At a minimum, the interoperability data framework shall:


Include the protocol and procedures to be used by state agencies in data management; and


Be designed to ensure that data collected by different state agencies can be matched and discrepancies in the data processing are reconciled to accurately identify data pertaining to the same record without allowing any permanent sharing of personal identifying information.


The protocol and procedures included in the interdepartmental data protocol by which state agencies may share data and by which a state agency may release data to a political subdivision or to a nongovernmental organization shall prioritize and coordinate data management and protection efforts across state agencies to maximize the privacy and protection of all data and to reduce the risk of public exposure of private or protected data. This includes but is not limited to:


Defining processes for managing data throughout the data management lifecycle;


Establishing the circumstances under which and the reasons that a state agency may share information with another state agency, a political subdivision, or a nongovernmental organization;


Ensuring compliance with all state and federal laws and regulations concerning the privacy of information, including but not limited to the federal “Family Educational Rights and Privacy Act of 1974”, 20 U.S.C. sec. 1232g, and the federal “Health Insurance Portability and Accountability Act of 1996”, 42 U.S.C. sec. 1320d to 1320d-9; and


Establishing a protocol that secures all personal identifying information collected and developing standards to minimize the collection of personal identifying information.


Notwithstanding any provision of this section, the interdepartmental data protocol shall not prohibit the release or sharing of data as required by federal or state laws including, but not limited to, the “Colorado Open Records Act”, part 2 of article 72 of this title 24 or as required to comply with a court-issued subpoena, warrant, or order. In addition, the interdepartmental data protocol is not intended to prevent the sharing of data as permitted by existing contracts or agreements entered into by state agencies that comply with all applicable laws. Any sharing of data with nongovernmental organizations or individuals that is permitted, but not required, by state or federal laws, must be subject to a written agreement containing sufficient terms to protect against any unauthorized or unlawful access or release of any personal identifying information or to protect the confidentiality of nonpublic information that may be shared with such parties.

Source: Section 24-37.5-703 — Interdepartmental data protocol - contents, https://leg.­colorado.­gov/sites/default/files/images/olls/crs2023-title-24.­pdf (accessed Oct. 20, 2023).

Legislative declaration - findings
Office of information technology - creation - information technology revolving fund - geographic information system coordination
Office - roles - responsibilities - state search interface - rules - legislative declaration - definitions
State agencies - information technology - responsibilities
Delegation of authority
Chief information officer - duties and responsibilities
Communications and stakeholder management plan
Use of technology to interact with citizens - working group - strategic plan
Change of references - director to revisor of statutes
Broadband service - report - broadband deployment board - broadband administrative fund - creation - rules - legislative declaration - definitions - repeal
Technology risk prevention and response fund - creation - definitions
Digital access to government services - strategic plan - reporting - legislative declaration - definitions
Study of personally identifiable information - authority of chief information officer - report to joint technology committee - definitions - repeal
Colorado operations resource engine upgrade and continuous improvement project - reporting
Legislative declaration
Chief information security officer - duties and responsibilities
Public agencies - information security plans
Institutions of higher education - information security plans
General assembly - information security plans
Security incidents - authority of chief information security officer
Legislative declaration - intent
Government data advisory board - created - duties - definition
Interdepartmental data protocol - contents
Data-sharing - authorization
Information technology asset inventory - refresh cycle schedule - report
Information technology budget requests - working group - report
Legislative declaration
Colorado broadband office - creation - responsibilities - gifts, grants, or donations
Digital inclusion grant program - income-eligible household reimbursement program - creation - award criteria - digital inclusion grant program fund - definition - reporting - repeal
Green check means up to date. Up to date

Current through Fall 2024

§ 24-37.5-703’s source at colorado​.gov