Located in:
- III. Operational Planning Elements
The Unified or Combined State Plan must include an Operational Planning Elements section that supports the State’s strategy and the system-wide vision described in Section II(c) above. Unless otherwise noted, all Operational Planning Elements apply to Combined State Plan partner programs included in the plan as well as to core programs. This section must include—
- b. State Operating Systems and Policies
The Unified or Combined State Plan must include a description of the State operating systems and policies that will support the implementation of the State strategy described in section II Strategic Elements. This includes—
- b. State Operating Systems and Policies
III. b. 6. D. Privacy Safeguards
Describe the privacy safeguards incorporated in the State’s workforce development system, including safeguards required by section 444 of the General Education Provisions Act (20 U.S.C. 1232g) and other applicable Federal laws.
Current Narrative:
(D) Privacy Safeguards. Describe the privacy safeguards incorporated in the state’s workforce development system, including safeguards required by section 444 of the General Education Provisions Act (20 U.S.C. 1232g) and other applicable federal laws.
Privacy Safeguards
To protect PII, Maryland adheres to USDOL guidance provided in Training and Employment Guidance Letter 39-11, “Guidance on the Handling and Protection of PII.” MD Labor’s DWDAL issued a policy in spring 2019 on privacy and data protection, outlining the Division’s privacy safeguards. All programs under DWDAL must adhere to the policy.
Whenever possible, Maryland will continue to use unique identifiers for participant tracking instead of SSNs. While SSNs may initially be required for performance tracking purposes, staff may use a unique identifier to link each individual record back to the SSN. Once the SSN is entered for performance tracking, the unique identifier may be used in place of the SSN for tracking purposes. When SSNs are used for tracking purposes, Maryland requires its WIOA programs to store or display SSNs in a way that is not attributable to any particular individual. For Maryland’s WIOA programs using the MWE, the state subsequently uses alternative identifiers, such as state IDs, after SSNs have initially been supplied. When SSNs are used, this information is truncated and encrypted within the MWE. Only WIOA staff with selective privileges can access SSNs. To secure the System Internet communications within the MWE, a Secure Sockets Layer (SSL) is used to encrypt a session between the server and the web user. SSL is a program layer for managing the security of message transmissions in a network. The programming for maintaining data confidentiality is contained in a program layer between an application such as the System and the Internet’s Transmission Control Protocol / Internet Protocol (TCP/IP) layers. The “sockets” part of the term refers to the socket method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public-and-private key encryption system from RSA. A digital certificate is an electronic "credit card" that establishes credentials when carrying out transactions on the web, and is issued by a certification authority. It contains a copy of the certificate holder’s public key, which is used for encrypting and decrypting messages and digital signatures, and the digital signature of the certificate-issuing authority. This is used so that a recipient can verify the certificate is real. The following data will always be encrypted when it is accessed by the MWE System:
- Social Security Number,
- Federal Employer Identifier Number,
- Wage Records,
- Identifying information (including LEP and disability status),
- Information relating to benefits and public assistance received, and
- User ID and Password.
The MWE system includes a set of permissions that determine the resources in the system that a specific user can access and/or modify. For example, some staff will be able to only view certain data while others will be able to view and modify this data. When MWE’s creator, Geographic Solutions, hosts the System, the data is secured behind the advanced firewall. In addition, MD Labor’s current policy on PII recommends that SSNs are obtained for performance and reporting purposes, but it also states that SSNs are not required for services to be provided. Because SSNs are important for tracking outcomes, staff should seek SSNs, and in doing so, should communicate the following to customers:
- You are not required to provide us with your SSN. Your receipt of services will not be affected by disclosure or nondisclosure of your SSN or any other information that is voluntarily requested.
- SSNs are used to facilitate efficient recordkeeping, integrated service delivery, performance measurement, research, planning, and program evaluation.
- Your SSN will be kept confidential and is intended for use only by the program administrator and the federal government for reporting and evaluation.
Due to privacy concerns among Local Areas and MD Labor, Maryland formed a workgroup in 2016 to assess policy related to privacy and to work with the federal oversight agencies, like USDOL, to determine alternative methods of tracking that do not require staff to collect PII. The desired goal is to obtain accurate eligibility documentation while reducing paper case files. Utilization of a module within the MWE allows all eligibility information and supporting documentation to be scanned and uploaded to the MWE eliminating the need for a paper file.