Located in:
- III. Operational Planning Elements
The Unified or Combined State Plan must include an Operational Planning Elements section that supports the State’s strategy and the system-wide vision described in Section II(c) above. Unless otherwise noted, all Operational Planning Elements apply to Combined State Plan partner programs included in the plan as well as to core programs. This section must include—
- b. State Operating Systems and Policies
The Unified or Combined State Plan must include a description of the State operating systems and policies that will support the implementation of the State strategy described in section II Strategic Elements. This includes—
- b. State Operating Systems and Policies
III. b. 6. D. Privacy Safeguards
Describe the privacy safeguards incorporated in the State’s workforce development system, including safeguards required by section 444 of the General Education Provisions Act (20 U.S.C. 1232g) and other applicable Federal laws.
Current Narrative:
California maintains strict adherence to all federal confidentiality requirements, including those related to sharing student data under the Family Educational Rights and Privacy Act (FERPA) and sharing wage data under the Federal Unemployment Tax Act (FUTA).
FERPA
The FERPA protects the privacy of student education records and applies to all schools that receive funds under an applicable program of the U.S. Department of Education. Generally, schools must have written permission from the parent in order to release any information from a student's education record. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.
When conducting data driven evaluations of the workforce and education systems, California utilizes the legal exemption that allows for disclosure of personally identifiable information when it’s to an authorized representative of a state educational authority for the purpose of audit or evaluation of federal or state education programs.
FUTA
Under FUTA, information obtained in the administration of a state’s UI law, such as employer, claim, and wage information, is not subject to public disclosure, with some exceptions. These exceptions include, but are not limited to, information in the public domain, appeals records, appeals decisions, and precedential determinations on the coverage of employers, employment, and wages.
California law states information obtained in the administration of the CUIC must remain confidential and is not open to public disclosure, unless there is a statutory exception in state law. Most of the exceptions are listed under CUIC Section 1095 and have been narrowly crafted to ensure confidential information is made available only when a strong justification has been demonstrated. Local Boards and WIOA core program partner agencies are listed as a formal exception under CUIC Section 1095 and therefore have ongoing access to base wage file data for their participants in order to monitor the performance outcomes required under WIOA Section 116.
CAAL-Skills
Since the CAAL-Skills project involves data from multiple government partners, along with crafting data sharing agreements that adhere to all federal and state confidentially law, additional privacy measures were put in place to protect participant data. This includes, but is not limited to, the following:
- Data is personally transferred between partner locations on a password protected USB drive with a 256 bit encryption.
- While at the CWDB, physical security is provided via a controlled access to the server that is locked in place through the use of a security cable.
- CAAL-Skills is located within its own environment, where the data is encrypted and not connected to an outside network.
- Those with access to the sections of CAAL-Skills that contain personally identifiable information do so through the use of privacy screens on their computers and have gone through a series of background checks, have signed confidentiality agreements and are required to complete annual information security and privacy training.