Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I collect third-party data from participants in Mississippi? What are the requirements?

Requirements for Collecting Third-Party Data in Mississippi

Based on the information provided in the context documents, it appears that you can collect third-party data from participants in Mississippi, but there are specific requirements that must be followed.

  1. Designate a Data Manager: All governmental entities contributing data to LifeTracks shall designate a data manager to serve as the primary point of contact for all LifeTracks activities at the beginning of each state fiscal year and communicate this in writing to the SLDS Governing Board Chair and the designated third-party contractor. [2.2]
  2. Execute Memorandums of Understanding (MOUs): Memorandums of understanding (MOUs) shall be executed between the governmental entity providing data and the third-party contractor to ensure the safety, quality, and integrity of data in accordance with state and federal law. [2.2]
  3. Transfer Data Securely: Data shall be transferred from individual governmental entities contributing data to LifeTracks via an SLDS Governing Board approved secure file transfer solution chosen by the third-party contractor. The selected managed file transfer solution shall employ industry standard file transfer encryption and include the ability to assign private destination folders to each data exchange partner that shall be locked down with and credentialed to individual source users such that only they can see their own folder. All data received by LifeTracks shall be transferred to a secure work area that is only accessible to authorized staff. [2.2]
  4. Verify Data Inventory and Validate Data: Upon receipt of data, the third-party contractor shall verify the list of data elements received from data contributors within ten (10) working days of receipt. Upon verification of the list of fields, tables, and relationships between tables by the data contributor, the data shall undergo the complete LifeTracks data inventory process. Data validation shall be the primary responsibility of the third-party contractor and undertaken in accordance with SLDS Governing Board rules and regulations and the terms of applicable MOUs. [2.4]
  5. Ensure Privacy, Confidentiality, and Security of Data: The third-party contractor shall establish processes and procedures for incident reporting objectives, goals and deliverables identified in the ITS Enterprise Security Policy and ITS Enterprise Information Security Plan. All data transferred from individual governmental entities contributing data to LifeTracks to the third-party contractor shall be held in a secure file location that is accessible only by authorized third party contractor personnel. The permissions structure shall be designed to only allow authorized users to access files. The third-party contractor shall perform appropriate background checks and screening of all employees that have any access to the clearinghouse data. The third-party contractor shall employ technical safeguards to ensure personal information transmitted over an electronic communications network is not accessed by unauthorized persons or groups. Encryption shall be used when PII are in transmit or at rest. Unencrypted PII shall not be transmitted over public networks to third parties. The third-party contractor shall employ data integrity procedures that protect PII including mechanisms to authenticate records and corroborate that they have not been altered or destroyed in an unauthorized manner. The third-party contractor shall implement a risk assessment strategy plan that is updated annually which includes access and control processes, security risks, threats and vulnerabilities assessments, and methods for managing risks and incidents. The third-party contractor shall maintain and update the incident response plan that establishes procedures to follow in case a breach occurs and processes for notifying organizations in the event of unauthorized acquisition of files or documents. [2.5]

Third-Party Information

In Mississippi, third-party information is subject to certain rules and regulations. For instance, upon request to inspect or copy any third-party document, the SLDS Governing Board shall notify the third party who filed the document. Seven (7) working days after such notice, the document will be made available for public inspection and/or copying unless the third party shall have either (i) obtained a court order protecting such records as confidential pursuant to Section 25-61-9, Miss. Code of 1972 or (ii) furnished the SLDS Governing Board a copy of the filed petition for a protective court order, providing the petition was timely filed upon the third party’s receipt of notification from the SLDS Governing Board regarding the request for information. The third party must prove to the court’s satisfaction that the record or portion of the records is exempt from disclosure and must deliver the court order preventing the release of all or part of the information to the SLDS Governing Board prior to the deadline to prevent disclosure of the information. The third party must name the requestor as a party to any action to enjoin disclosure. [2.1]

Limitation on Data Required to be Submitted by Broadband Service Providers

In accordance with Section 4(2)(d) of the BEAM Act, a broadband service provider shall in no instance be required to provide any data beyond that which it is required to provide to the Federal Communications Commission pursuant to 47 U.S.C. § 641 et seq. [5.1]

Conclusion

In summary, you can collect third-party data from participants in Mississippi, but you must follow the requirements outlined above. It is important to note that these requirements are subject to change and you should consult with legal counsel to ensure compliance with all applicable laws and regulations. Additionally, third-party information is subject to certain rules and regulations, and broadband service providers have limitations on the data they are required to submit.

Source(s):
Jurisdiction

Mississippi