The meeting of the Colorado Task Force on Information Technology ("Task Force") was called to order by Donetta Davidson, Colorado Secretary of State, at 2:00 p.m. on July 31, 2001 at the offices of McKenna & Cuneo, L.L.P., Denver, Colorado.
Present were Chairman of the Task Force, Ms. Donetta Davidson, Colorado Secretary of State, David Baker, William Mitchell, Rick O’Donnell, Spencer Guthrie, Kathryn Krause, and Representative Matt Smith. Also present was Dana Williams, Administrative Assistant to Ms. Davidson and I. Thomas Bieging, counsel to the Privacy Task Force. The meeting was recorded by tape.
Ms. Davidson opened the meeting and requested approval of the Minutes of the Meeting of June 26, 2001. Upon motion duly seconded and carried, the Minutes of the Meeting of June 26, 2001 were approved as prepared.
Ms. Davidson opened the meeting for discussion with Task Force members regarding the drafting of the Task Force’s report to the legislature. During the course of the discussion, Task Force members made numerous points to be considered in the context of the Task Force’s drafting of its report. These points included:
A recognition that recommendations necessarily require a balancing between open records and those records which, because of their content, may be deemed to contain private information. Implicit in this balancing act is the recognition that governmental entities labor under a higher level of duty to disclose than does the private sector or individuals.
Estimates by various entities indicate that in five years approximately 70% to 80% of information stored will be in electronic format with no hard copy regularly available.
The Task Force continues to recognize the various laws and regulations which impact the protection of private information, both at the state and federal levels. At the state level, the Task Force must acknowledge the implications of the State’s Open Records Law and the state’s recognition of the tort of invasion of privacy. At the federal level, such statutes and regulations relating to HIPPA, Gramm-Leach-Bliley, and the Children’s On-line Privacy Protection Act, along with the work of the Federal Trade Commission all provide background for the Task Force’s activities.
The Task Force should consider whether the state should establish a full-time Data Practices Task Force for state offices and agencies, along with the methodology for a continuing data practices audit of state activities.
The Task Force should also give consideration to prioritizing its recommendations to the legislature. Prioritization is necessary in light of the wide range of possible activities and potentially limited resources that the state may have to address those activities.
The Task Force recommendations may also include comment regarding criminal laws which the state may consider.
The Task Force should also consider whether its recommendations will extend to legislation, regulation or policy. Discussion was had regarding whether the Task Force should get to such detail or rather, provide its input to the legislative and executive branch so that those branches of the state government could determine the appropriate vehicle to accomplish the recommendations.
The Task Force should consider whether safe harbor legislation would be of benefit to the state’s business and how that legislation may be enforceable. Anecdotal information was provided that such safe harbor legislation has been effective in the European Community in dealing with data issues.
At the conclusion of this discussion, the Task Force charged Mr. Bieging with developing a draft outline of the report capturing information that has been compiled over the several Task Force meetings. The Task Force will review that outline as a starting point in developing the final report to the legislature.
After Mr. Huffine’s presentation, Ms. Davidson called upon Natalie Hanlon-Leh of Faegre & Benson, LLP, to discuss issues relating to privacy policies and audits for state agencies. Ms. Hanlon-Leh provided to the Task Force two memoranda: Putting It All Together: Privacy Policies and Audit for State Agencies, and Summary of Colorado Open Records Act and Relevant Exceptions. Ms. Hanlon-Leh discussed privacy policies including the relevant components to such a policy and the manner in which to monitor compliance with such policies.
At the conclusion of the presentations the Task Force scheduled its next meeting for 2:00 p.m. on August 28, 2001 at the law offices of McKenna & Cuneo, L.L.P.
There being no further business to come before the Task Force, the meeting was adjourned at 5:30 p.m.