Laserfiche WebLink
36 Section IV: Duties Relating to Right of Subjects <br />• Does a Tennessen warning notice have to be given in writing? <br />The law does not require that the notice be given in writing. For practical and legal purposes, it <br />is best to give the notice in writing (or in another recorded format). Although there is no law that <br />requires an individual to sign an acknowledgment that s/he has received the notice, many entities <br />ask the data subject to sign and date a written notice, in which case a copy of a written notice <br />should be given to the data subject. <br />When information is collected over the phone, the notice should be provided orally. The entity <br />should record such details as whether the notice was given, the date given, and the identity of the <br />person giving the notice. If given orally, the subject also should be given the notice in writing, <br />as described above, as soon as practicable. <br />What authority does the entity have when it has given the notice? <br />Once the proper notice has been given, the entity may lawfully collect, store, use and disseminate <br />the data, as described in the notice. <br />What are the consequences of not giving the notice? <br />Data on individuals cannot legally be collected or stored if a proper Tennessen warning notice <br />was not given. The Commissioner of Administration has issued numerous advisory opinions on <br />this point. See, in particular, Opinions 95-028, 95-035, and 98-001. <br />Does this mean that the data never can be stored if a Tennessen warning notice was not <br />• given? <br />Not necessarily. Private or confidential data collected before August 1, 1975 (the effective date <br />of the Tennessen warning notice requirement), may be stored for the reasons the data were <br />collected. These data also may be stored for reasons of public health, safety or welfare, if the <br />entity obtains the approval of the Commissioner of Administration. <br />Actions when data are used or re/eased by the entity <br />What controls are placed on the use and dissemination of data on individuals? <br />Government entities may use and disseminate private or confidential data on individuals only if <br />necessary to administer or manage a program that is authorized by state law or local ordinance, <br />or mandated by the federal government. An entity may not use or disseminate any private or <br />confidential data on individuals without proper legal authority, either express or implied. <br />This limitation on use and dissemination does not apply to public data on individuals because <br />public data may be used or disseminated to anyone for any purpose. <br />What actions must an entity take before using or releasing private or confidential data on <br />individuals? <br />Each entity must identify its specific legal authority(ies) for using and disseminating private <br />and confidential data on individuals. The entity must use this information to comply with the <br />Tennessen warning notice requirements discussed above. <br />• <br />July, 2000 Model Policy: Access to Government Data & Rights of Subjects Data <br />