7 CFR § 272.1(c)(1) and (2) and (d)


SNAP case information is confidential under Federal and State law.  Use or release of information from SNAP case records is limited to approved individuals, who must adequately protect the information against unauthorized disclosure.


Confidentiality policy is provided through the form W-0016RR, Rights and Responsibilities, and the W-1E, Application.  Ensure the EDG understands the policy for confidentiality, release of information, and penalties, before signing the application. 


Give the W-0016RR to applicants, recipients, other agencies, and whenever releasing information, to provide information about the rights, requirements and penalties when receiving confidential information.  


Administrative Disclosure

7 CFR § 272.1(c)(1)(i)-(viii) & & 7 CFR § 272.8(a)(1) & 7 CFR § 272.11(b)(2)(v) and (e) 


Information may be released to individuals directly connected with the administration of:

  • Child Support
  • Federal assistance programs,
  • Federally assisted State means-tested programs,
  • General assistance programs,
  • The National School Lunch Program for the purpose of approving eligibility of children for free meals based on their receipt of SNAP
  • Programs which are required to participate in the Income and Eligibility Verification System (IEVS)
  • Verification of immigration status through SAVE.
  • Any Local, State, or Federal law enforcement official, upon a written request, for the purpose of investigating an alleged violation of the SNAP program. The request must include:
    • the individual’s name;
    • violation being investigated; and
    • identity and authority of individual making the request.
  • Any Local, State, or Federal law enforcement official, upon a written request, for purpose of investigation of a felony crime or a probation or parole violation. Allowable information to provide is limited to the address, social security number and any available photograph of:
    • a SNAP recipient who is fleeing to avoid prosecution, custody, or confinement for a felony crime or a violation of parole or probation; or
    • an EDG member who has information about another EDG member who is under investigation for a felony crime or probation or parole violation.
  • Employees of the United States Comptroller General’s Office, upon written request, for audit purposes. 
  • Individuals directly connected with the administration or enforcement of the provisions or regulations of the Food and Nutrition Act of 2008, as amended.

EDG Access

7 CFR § 272.1(c)(3) 


SNAP EDG members may review materials contained in the case file during normal business hours, if a written request is received from:

  • a responsible member of the EDG,
  • a current A-Rep, or
  • any individual authorized to act on the EDG’s behalf. 


The EDG must provide written permission if the A-Rep or other individual making the request for information is not a member of the EDG. 

Exception:  Written permission is not required if the individual has legal authority to act on behalf of the EDG, and the case record contains verification of that authority.  Legal authority includes, but is not limited to,  conservators or power of attorney (POA).


Verify the individual’s identity before releasing the information.


Information from case records may be copied and provided to members.  The member may be charged for the cost of producing the information unless the information is for a fair hearing.


The agency may withhold confidential information such as: 

  • the names of individuals who disclosed information about the EDG without the EDG's knowledge, 
  • the nature or status of pending criminal prosecutions, or
  • medical information the agency determines could harm the EDG if released.

       Exception:  The agency will provide the information if: 

  • the EDG makes a written request for a qualified medical doctor’s review of the information, and 
  • the doctor determines the information should be released to the EDG.


The EDG can appeal to the Superior Court the agency’s decision not to release the information.  The appeal request must be made no later than 30 days from the agency’s decision. 

Public Access

7 CFR § 272.1(d)(1)-(2)


The public may access the following records:

  • Federal regulations and procedures (during office hours at FNS offices and DSS State office),
  • Connecticut SNAP manual (Hard copy - during office hours at FNS offices, DSS State and field offices. Online - at any time), 
  • State Corrective Action Plan (during office hours at FNS Offices and DSS State Office), and 
  • State Plan of Operation (during office hours at FNS Offices and DSS State Office).


Copies of the following items are available from FNS:

  • Federal procedures 
  • Plans of operation
  • Regulations 
  • State corrective action plans 
  • State manuals

Subpoena of Case Records

 7 CFR § 272.1(c)(1)-(2)


A court may subpoena the agency for a case record, or for a DSS employee to testify about an EDG.  If you receive a subpoena for SNAP case records, forward the subpoena to the DSS Privacy Officer.  The Privacy Officer determines whether DSS must comply, or if a legal objection will be filed.  During the hearing, advise the court of Federal and State laws and DSS policy that restricts providing information.  Provide the information if so ordered by the court.

Breaches of PHI or PII 

P.L. 104-191


Protected Health Information (PHI) and Personally Identifiable Information (PII) must be kept confidential. A breach is unauthorized use, obtaining, disclosing, accessing, or compromising of PHI or PII. 

Worker Process

CT Process


Immediately report a suspected or confirmed breach of PHI or PII to your manager.

Manager Process

CT Process


Within one day of a reported breach, the manager will complete form W-1701, Report of Breach of Unsecure PHI or PII, and fax or email the form to the DSS Privacy Officer or legal counsel.

Business Associate Process

CT Process


Business Associates (BA) will immediately report a suspected or confirmed breach by completing the W-1701, and emailing the form to the Privacy Officer at PrivacyOfficer.dss@ct.gov.  Additionally, the BA must complete form W-1702, Risk Assessment of Breach of PHI, and provide to the Privacy Officer no later than 30 days after the breach was discovered.

Privacy Officer Process

CT Process


Within one day of receipt of the W-1701, the Privacy Officer will determine whether a breach occurred.  If the Privacy Officer determines a breach has occurred, a risk assessment is completed to determine if notification is required.  If there is a high probability the information was compromised, the Privacy Officer or legal counsel will notify all affected individuals no later than 60 days after the breach was discovered.


Based on the risk assessment, the Privacy Officer makes recommendations to the Commissioner on whether notification is required.  The affected individual may be notified, at the Commissioner’s discretion, even if not required by HIPAA.


The Privacy Officer will send the manager or BA a W-1703, Breach Resolution form, notifying them of the disposition of the breach report. 


Last Update

Source #

Effective Date