Reporting Requirements: 11.4 Access to Records and Maintaining ConfidentialityExcept for confidential records, all documents required to be maintained by, or reasonably considered as pertinent to, the grant agreement must be available for viewing and/or examination by any citizen, pursuant to the requirements of the New Hampshire Right to Know Law. Additionally, the grantee must provide access to records by the federal and state agencies identified at the beginning of this chapter. This section also addresses requirements that confidential records be maintained securely.
11.4.1 Right to Know Law
The New Hampshire’s Right to Know Law establishes requirements for governmental or public records. These requirements are applicable to municipalities, regional planning commissions, and other entities established through intermunicipal agreements, as well as non-profit corporations that have a government entity as their sole member or non-profit corporations that are composed of units of government and carry out the work of government with public funds.
Any information created, accepted, or obtained by, or on behalf of any public agency in furtherance of its official function is considered a governmental or public record. Those governmental records must be made available for public inspection and copying upon reasonable request. Public entities must respond to requests within five business days. Certain records are exempt from disclosure, but New Hampshire courts generally assume everything is available to the public unless the governmental agency proves otherwise. The New Hampshire Attorney General’s Office published a comprehensive memorandum regarding the Right to Know Law. That memo provides guidance on what information can be classified as confidential and exempt from disclosure. See Attachment 11–2: Attorney General’s Office Memorandum on Right to Know Law.
Electronic and digital records also are defined and covered in the Right to Know Law. Electronic governmental records must be available in the same manner as records stored in public files if access to such records would not reveal work papers, personnel data, or other confidential information. These electronic records must be kept for the same length of time as a paper counterpart.
11.4.2 Confidential Records
Grantees are also responsible for maintaining confidential records, which includes but is not limited to:
- staff personnel files
- labor and civil rights complaints
- Personally Identifiable Information (PII)
The grantee must undertake appropriate steps to demonstrate that such information is secure within both its physical records and electronic files. Physical records of such confidential information are to reside in a locked file cabinet separate from other records accessible only to the Grant Administrator. If a grantee delegates responsibility to a consultant or sub-recipent for tasks which may yield confidential records, very specific controls must be established in the contract to assure that the contractor understands the responsibility for maintaining confidential records.
Guidance for securing PII has been developed by the U.S. Department of Commerce and provided to all federal agencies. These recommended standards to assure confidentiality of this information are outlined in the Guide To Protecting Personally Identifiable Information (PII). This document provides six steps to assist grantees in working with their IT staff or provider to assure protection of PII. See Attachment 11-3: Guide to Protecting Personally Identifiable Information (PII).