Home Table of Contents

§ 31-107. Queries

West's Annotated Code of MarylandLocal GovernmentEffective: June 1, 2022

West's Annotated Code of Maryland
Local Government (Refs & Annos)
Division V. Other Local Entities [Titles 24-32] (Refs & Annos)
Title 31. Baltimore City Youth Data Hub (Refs & Annos)
Effective: June 1, 2022
MD Code, Local Government, § 31-107
§ 31-107. Queries
Currentness
Review of queries by providers; queries for non-providers
(a)(1) The manager shall promptly review any query requested by a provider.
(2) The manager may run queries for individuals or entities that are not providers.
In-depth review
(b) Before approving a query, the manager, with assistance from technical experts identified by the executive committee, shall conduct an in-depth review of the proposed query for consistency with authorized purposes, alignment with evidence-based standards for equitable, ethical, and methodologically appropriate inquiries, and assessment of the benefits for and impact on the greater Baltimore City community.
Confirmation that de-identified data could not be used to identify an individual
(c) Before providing any data in response to a query, the manager shall obtain written approval from any provider of data to confirm that there is no reasonable basis to believe that de-identified data provided in response to a query could be used by a data recipient to successfully link de-identified data to a particular individual, based on the size or uniqueness of the population under consideration in the query, or otherwise.
Security of data
(d) The manager shall ensure that the data management system and provided data are secure using security standards and protocols that address, at a minimum, data security and access, security incident and disaster recovery procedures, and recording and monitoring of system activity.
Safeguards
(e) The manager shall maintain appropriate administrative, physical, and technical safeguards that protect privacy, confidentiality, integrity, and availability of any data in compliance with the federal Family Educational Rights and Privacy Act and other relevant privacy laws and policies, including:
(1) the required use of de-identified data in data research and reporting;
(2) the required disposition of data that is no longer needed;
(3) providing data security, including the capacity for audit trails;
(4) providing for the performance of regular audits for compliance with data privacy and security standards; and
(5) implementing guidelines and policies that prevent the reporting of other potentially personally identifiable information.
Duties related to queries
(f) The manager shall ensure that a query of the data management system:
(1) results in disclosure of only aggregated de-identified data or aggregated de-identified data reports to a data recipient; and
(2) does not reveal personally identifiable information to a data recipient.
Technical assistance
(g) On request, the manager may provide technical assistance to data recipients regarding data received from the Baltimore City Youth Data Hub.
Prohibitions
(h)(1) The manager and any data recipients may not:
(i) attempt to re-identify de-identified data; or
(ii) disclose, release, or report data in any form that may result in the re-identification of de-identified data.
(2) This subsection may not be construed to interfere with a data recipient's continued use of or reliance on personally identifiable information provided to the Baltimore City Youth Data Hub.

Credits

Added by Acts 2022, c. 169, § 1, eff. June 1, 2022; Acts 2022, c. 170, § 1, eff. June 1, 2022.
MD Code, Local Government, § 31-107, MD LOCAL GOVT § 31-107
Current through legislation effective through April 25, 2024, from the 2024 Regular Session of the General Assembly. Some statute sections may be more current, see credits for details.
End of Document