- III. Operational Planning Elements
The Unified or Combined State Plan must include an Operational Planning Elements section that supports the State’s strategy and the system-wide vision described in Section II(c) above. Unless otherwise noted, all Operational Planning Elements apply to Combined State Plan partner programs included in the plan as well as to core programs. This section must include—
III. b. 6. D. Privacy Safeguards
Describe the privacy safeguards incorporated in the State’s workforce development system, including safeguards required by section 444 of the General Education Provisions Act (20 U.S.C. 1232g) and other applicable Federal laws.
Data collection and data analysis for decision-making and planning for Alabama’s workforce development and education programs shall conform to privacy safeguards established in state and federal law. Each workforce development agency has policies and procedures for safeguarding data and participants’ privacy.
The Title I administrator for Adult, Youth, and Dislocated Worker programs, the Alabama Department of Commerce, issued Governor’s Workforce Innovation Directive No. PY2018-01 on July 20, 2018, which outlined the policy for protecting Personally Identifiable Information (PII) for state, local area, and subgrantee level WIOA programs. This policy is in line with Training and Employment Guidance Letter (TEGL) No. 39-11. Some of the actions taken to safeguard privacy include storing data in a locked and physically safe place, managing secure data systems, and disposing of information in a safe manner such as shredding. Data is compiled for reporting and analysis using methods that remove information that may identify the person.
Title I, Title III, Trade Act and JVSG programs also share a common case management and data information system, Alabama Works, which has imbedded privacy safeguards. This includes protections built into system by the vendor, Geographic Solutions, such as encryption and providing appropriate permissions for viewing data by staff and the public.
Alabama’s Community College System, as the State’s Title II Adult Education and Family Literacy Act program has it's own database and student management system which is housed and operated by the Alabama Supercomputer Authority. The system has updated all major security requirements and follows all state and federal guidelines, as required by the U.S. Department of Education, for retaining all student data/records in the utmost confidential manner. Examples of safeguards and protocols include authorized user agreements and adherence to password requirements as defined in NIST Special Publication 800-63B, section 5.1.1 on memorized secrets, storage of data in a Tier 4 Data Center with 24/7/365 monitoring and limited access control, limiting system access to HTTPS encrypted traffic, and use of a role and permission based access control system that gives granular control over the users allowed to view and modify data, including limiting who can view PII.
Alabama’s Department of Rehabilitation Services, as the State’s Title IV program, maintains its own Case Management System housed internally on ADRS owned IT infrastructure. ADRS IT staff secure all data in compliance with ADRS policy/procedures, Alabama’s Office of Information Technology policy/procedures, and federal guidelines prescribed by the Rehabilitation Services Administration.
In the TANF Program confidentiality of program participant information (including information entered into a computer system) is assured by both federal (45CFR 205.50) and state law (Code of Alabama Title 38, Section 38-2-6 and Title 13, Section 13A-8-103) and serves the purpose of protecting the program participant from economic and/or political exploitations. Regulations, state and federal laws do allow for the release of information to those agencies having a legitimate interest in the welfare of the program participant and the integrity of the program.
Other partner agencies have developed their own policies in line with federal laws and regulations such as section 444 of the General Education Provisions Act (20 U.S.C. 1232g). Each agency follows their established policies to ensure privacy.