Data Governance Toolkit: Data Security and Access

DG toolkit icon

Data security and access is making sure that data are protected from unauthorized access and defining who may access the data. To protect and safeguard Part C and Part B 619 data, programs should develop and implement policies that address how these data are secured (i.e., making sure that data are protected from unauthorized access) and who may access the data. These policies guard data from loss, corruption, breach, and other compromises such as unintended access. This section contains topical information, a packet with a considerations worksheet and a policy template, and an option to request technical assistance.

Policies supporting data security outline the purpose and requirements of data protection and the roles and responsibilities needed to maintain secure Part C and Part B 619 data. Data security encompasses the technical processes and actions associated with preserving data existence and integrity.

Policies supporting data access establish processes for managing access to Part C and Part B 619 data. These are the technical approaches to limiting data access, including differentiated access, to all those with a legitimate need for the data—in some cases other data systems—based on agency, role, established agreements, and the like. Policies should describe procedures in detail and, where applicable, refer to federal and state laws and regulations.