307.13—Security and confidentiality for computerized support enforcement systems in operation after October 1, 1997.

The State IV-D agency shall:
(a) Information integrity and security. Have safeguards on the integrity, accuracy, completeness of, access to, and use of data in the computerized support enforcement system. These safeguards shall include written policies concerning access to data by IV-D agency personnel, and the sharing of data with other persons to:
(1) Permit access to and use of data to the extent necessary to carry out the State IV-D program under this chapter; and
(2) Specify the data which may be used for particular IV-D program purposes, and the personnel permitted access to such data; and
(3) Permit access to and use of data for purposes of exchanging information with State agencies administering programs under titles IV-A and XIX of the Act to the extent necessary to carry out State agency responsibilities under such programs in accordance with section 454A(f)(3) of the Act.
(b) Monitoring of access. Monitor routine access to and use of the computerized support enforcement system through methods such as audit trails and feedback mechanisms to guard against, and promptly identify unauthorized access or use;
(c) Training and information. Have procedures to ensure that all personnel, including State and local staff and contractors, who may have access to or be required to use confidential program data in the computerized support enforcement system are:
(1) Informed of applicable requirements and penalties, including those in section 6103 of the Internal Revenue Service Code and section 453 of the Act; and
(2) Adequately trained in security procedures; and
(d) Penalties. Have administrative penalties, including dismissal from employment, for unauthorized access to, disclosure or use of confidential information.
[63 FR 44816, Aug. 21, 1998]

Code of Federal Regulations

Effective Date Note: At 73 FR 56445, Sept. 26, 2008, § 307.13 was amended by revising paragraph (a), effective Mar. 23, 2009. At 74 FR 23798, May 21, 2009, the effective date was delayed until Dec. 30, 2010. For the convenience of the user, the revised text is set forth as follows:
Code of Federal Regulations 307
§ 307.13 Security and confidentiality for computerized support enforcement systems in operation after October 1, 1997. (a) Information integrity and security. Have safeguards protecting the integrity, accuracy, completeness of, access to, and use of data in the computerized support enforcement system. These safeguards shall include written policies concerning access to data by IV-D agency personnel, and the sharing of data with other persons to: (1) Permit access to and use of data to the extent necessary to carry out the State IV-D program under this chapter; (2) Specify the data which may be used for particular IV-D program purposes, and the personnel permitted access to such data; (3) Permit exchanging information with State and Tribal agencies administering programs under titles IV, XIX, and XXI of the Act, to the extent necessary to carry out those State and Tribal agency responsibilities under such programs in accordance with section 454A(f)(3) of the Act, and to the extent that it does not interfere with IV-D program meeting its own obligations. (4) Prohibit the disclosure of NDNH, FCR, financial institution, and IRS information outside the IV-D program except that: (i) IRS information is restricted as specified in the Internal Revenue Code; (ii) Independently verified information other than financial institution information may be released to authorized persons; (iii) NDNH and FCR information may be disclosed without independent verification to IV-B and IV-E agencies for the purposes of establishing parentage or establishing parental rights with respect to a child; and (iv) NDNH and FCR information may be disclosed without independent verification to IV-A agencies for the purpose of assisting States to carry out their responsibilities of administering the Title IV-A programs.