Minutes of Meeting on June 26, 2001
(As approved by Board)
The meeting of the Colorado Task Force on Information Technology ("Task Force") was called to order by Donetta Davidson, Colorado Secretary of State, at 2:20 p.m. on June 26, 2001 at the law offices of McKenna & Cuneo, L.L.P., Denver, Colorado.
Present were Chairman of the Task Force, Ms. Donetta Davidson, Colorado Secretary of State, Bill Mitchell, Joe Dickerson, Jim Ginsburg, David Baker, Senator Ken Gordon, and Representative Matt Smith. Also present was Dana Jaclyn Williams, Administrative Assistant to Ms. Davidson. The meeting was recorded by tape.
Ms. Davidson opened the meeting and requested approval of the Minutes of the Meeting of May 21, 2001. Upon motion duly seconded and carried, the Minutes of the Meeting of May 21, 2001 were approved as prepared.
Ms. Davidson then opened the meeting for discussion to have the Task Force members make recommendations regarding information that should be included in the draft of the report.
Senator Ken Gordon started the discussion. Gordon stated that he does not think it is possible to regulate the Internet with Colorado Legislation and suggested that the Task Force look at the information that has been gathered from State Agencies to make sure that we are doing everything possible to protect the privacy of Colorado citizens. Specifically he mentioned information that can be obtained through DMV, Voter Registration, and Workman’s Compensation records.
Joe Dickerson represents the Investigation Industry. Mr. Dickerson stated that he is working to get investigators in Colorado licensed. Currently, Colorado is one of eight states that do not license investigators. The trend that Mr. Dickerson is seeing through National Associations and Regulatory Agencies for his industry is that many states that are concerned with privacy issues are limiting access to information. His concern is that the laws that are currently being passed seem to be allowing information to be released to law enforcement and licensed private investigators. He wants to try to ensure that whatever information is controlled does not fall into the wrong hands. Primarily he would like investigators to be able to access private information, however, individuals that have access to such information must be held accountable for how private information from state agencies is used. Mr. Dickerson also believes the Internet cannot be regulated.
Bill Mitchell agreed with Senator Ken Gordon that the Internet was too large of an issue to regulate with the scope of the current Task Force. In addition, he added that other commercial interests might be too big of an issue to make beneficial recommendations in the next 3 to 4 months. His preference is to look at the private information made available to state governmental agencies and make suggestions and recommendations regarding private information.
Jim Ginsburg agreed with the other Task Force regarding regulation of the Internet. He found the exercise from the March 30, 2001 meeting beneficial as a way to look examine information collected and disseminated by state agencies. He wanted to make sure that any recommendations regarding information would be consistent among all Colorado agencies. He said regulating commerce on the Internet and protecting people’s privacy was too delicate of a balance, and therefore regulating state agencies was where the Task Force can have an impact in protecting the citizens of Colorado.
Dave Baker reported back to the Task Force Members regarding the privacy notices that his financial institution sent out in their last mailing. Over one half million (approximately 600,000) notices were sent out in mid April, 2000 and only 2,900 responses were received. The response rate was less than half of one percent. He concurred with the other members regarding regulation of the Internet. He said that the regulation of state agencies should require them to be consistent with their explanations to the public regarding how and why information is collected, stored, transferred, and disseminated. Baker added that after the public is informed they are certainly welcome to take their disagreements regarding the use of their information through proper legislative channels to make suggestions and recommendations about how private information should be used. Then legislation could be done at the state level if there was abuse in the general public’s mind.
Ms. Davidson added that when government agencies move ahead to provide better government to its citizens sometimes you have to think about what the ramifications are. She specifically mentioned services provided via the Internet.
Ms. Davidson and Senator Gordon discussed the lack of a statewide policy for the different state agencies. Ms. Davidson suggested that the Task Force should look into finding a consensus about a way to tell the public openly and honestly what information is collected and how and why it is used. In addition, they would like the Task Force to set a minimum standard regarding privacy statements and how they protect the privacy of their customers. Other considerations from this discussion included:
- Following up on the state agency assessments to find similarities and practices in order to create a standard regarding private information that is favorable to all agencies.
- There is currently no standard on how much an agency can charge to receive or provide information. The availability of information for most government agencies is a revenue issue. (Information can only be available from the fees of the users.)
- Resistance to state agencies for selling information to the public for revenue and funding purposes.
- The state’s authority to make a recommendation in the law regarding who can or cannot sell private records as well as who has access to certain types of information.
Senator Gordon suggested that the Task Force develop some principals about obtaining only information required for the purpose of certain business practices as well as only distributing information to groups or individuals that are directly involved with that information.
Mr. Baker addressed Senator Gordon on the use of Social Security Numbers for banks. Mr. Baker explained that the use of the Social Security Numbers is critical to banks because they are unique identifying numbers.
In response to Senator Gordon’s question about how to proceed Ms. Davidson suggested finding a middle ground for all industries. It was her recommendation that groups have a privacy statement that explains to the public how information is used and how it is regulated. She emphasized that it was important that the public understand how government agencies are using information. In addition, statements should not only include what information is collected but also why information is being used for a specific reason to conduct business.
Ms. Davidson recommended after the report has been submitted to the Legislature that the Task Force continues their efforts to educate the public with regional meetings about privacy issues and policies. Mr. Bieging will begin writing the report to include HIPA and GLB while the Task Force continues to make more detailed decisions. The report may include information on what beneficial privacy statements, policies and practices should include.
It was requested that all state agencies submit privacy policies and statements. This data should be accumulated before the next meeting. The next session will include discussion of a model of principals to be included in privacy statements for state government agencies. Upon motion duly seconded and carried, the request for privacy policies and statements from all Colorado State Departments and Agencies was passed.
Ms. Davidson also wanted to ask the state agencies their policies regarding credit card procedures.
Ms. Davidson then indicated that the program for the July 31, 2001, meeting will include discussion of the examples of Internet privacy statements from state agencies. Summaries regarding private information disclosure, collection, storage, and transfer from state agencies will also be made available to the Task Force members at the next meeting.
The Task Force next scheduled meeting will be at 2:00 p.m. on July 31, 2001 at the law offices of McKenna and Cuneo located at 370 17th Street, Denver, CO, 80202. Natalie Hanlon Leh from Faegre & Benson is scheduled to do a 20 to 30 minute presentation on model Privacy Statement and Policies.
There being no further business to come before the Task Force, the meeting was adjourned at 4:00 p.m.