Title
Information Technologies Department recommending the Board approve and establish:
1) Board Policy A-12 - DMV Data Access Policy; and,
2) Board Policy A-14 - Incident Response Policy.
FUNDING: N/A
Body
DISCUSSION / BACKGROUND
Board Policy A-12 - DMV Data Access Policy establishes the requirements for employees and departments with State of California Department of Motor Vehicle (DMV) access and defines the responsibilities for the Information Technology (IT) Department and County departments with DMV access. Departments with DMV access are required to follow the State of California data sharing and use forms and comply with the DMV's Information Security Agreement to access DMV data. This policy sets the expectations for managing risk and protections for DMV access.
Board Policy A-14 - Incident Response Policy defines the response process for potential or actual breach of privacy and confidentiality of protected information. The Policy mandates the reporting of any suspected theft, breach, or exposure of El Dorado County Protected Data and explains the procedure for reporting and responding to incidents. Policy A-14 references the IT Department's Incident Response Plan, which is an internal procedural document used by the IT Security Team to prepare for, detect, analyze, contain, eradicate, recover, and report on security incidents.
Draft Policy A-12 and draft Policy A-14 have been previously reviewed and approved by the Information Technology Steering Committee and County Counsel.
ALTERNATIVES
The Board could disprove or request changes to either Policy A-12 or Policy A-14.
PRIOR BOARD ACTION
N/A
OTHER DEPARTMENT / AGENCY INVOLVEMENT
The policies were distributed to all departments for input and discussed at the Information Technology Steering Committee. County Counsel has reviewed and approved the policies.
CAO RECOMMENDATION / COMMENTS
Approve as recommended.
FINANCIAL IMPACT
There is no financial impact as a result of these policies.
CLERK OF THE BOARD FOLLOW UP ACTIONS
Update the Board Policy Manual to include Policy A-12 and Policy A-14.
STRATEGIC PLAN COMPONENT
Good Governance
CONTACT
Tonya Digiorno, Director of Information Technologies