|Jane Swift, Acting Governor
|Executive Order 504
Table of Contents
WHEREAS, state government agencies in the course of discharging their duties may be required to collect, review, store and disseminate personal information that identifies and relates to individuals; and
WHEREAS, the people of Massachusetts have a right to expect that personal information relating to them is used only for the purposes necessary and intended by the agency, is securely stored, and is disseminated no more widely than necessary; and
WHEREAS, the capability to transmit and access personal information has greatly increased with the development of information technology and therefore the potential for improper dissemination of such information has also greatly increased; and
WHEREAS, it is prudent to ensure that procedures within state government agencies to protect the security of personal information and to limit the collection and dissemination of personal information have kept pace with these technological advances; and
NOW THEREFORE, I, Jane Swift, Acting Governor of the Commonwealth of Massachusetts, by virtue of the authority vested in me as Supreme Executive Magistrate, do hereby order as follows:
- Each secretariat, office, agency, department, board, commission, or other body within the Executive Department (hereinafter "agency") shall promptly undertake a review of its practices for the collection, storage and dissemination of information that relates to and identifies individuals.
- As part of said review, each agency shall determine the minimum quantity of personal information necessary to perform its functions.
- Each agency shall, as necessary, amend its practices for the collection of personal information to ensure that only the minimum quantity of personal information necessary for the agency to perform its functions is collected. Each agency shall also review the security of personal information it has in its possession and develop procedures to ensure that personal information is not improperly disseminated or accessed. Finally, each agency. shall, as necessary, amend its practices for the dissemination of personal information to ensure that only those data necessary to the function of the agency, or to the function of the receiving entity, are disseminated.
- Each agency shall certify to the Executive Office for Administration and Finance by November 1, 1999, that it has examined and, as necessary, amended its data collection practices so as to limit the collection and dissemination of personal information to minimum levels necessary for the functions of the agency and that it has taken necessary steps to ensure the security and confidentiality of personal information in its possession.
- Each agency shall develop and post a policy regarding employee expectations of privacy, especially as those expectations relate to use of agency equipment such as telephones and computers.
- Independent authorities are encouraged to comply with this Executive Order.
Given at the Executive Chamber in Boston this 23rd day of June, one thousand nine hundred and ninety-nine.
William Francis Galvin
Secretary of the Commonwealth