Section 1347.05 - Duties of state and local agencies maintaining personal information systems.

Ohio Rev Code § 1347.05 (2019) (N/A)
Copy with citation
Copy as parenthetical citation

Every state or local agency that maintains a personal information system shall:

(A) Appoint one individual to be directly responsible for the system;

(B) Adopt and implement rules that provide for the operation of the system in accordance with the provisions of this chapter that, in the case of state agencies, apply to state agencies or, in the case of local agencies, apply to local agencies;

(C) Inform each of its employees who has any responsibility for the operation or maintenance of the system, or for the use of personal information maintained in the system, of the applicable provisions of this chapter and of all rules adopted in accordance with this section;

(D) Specify disciplinary measures to be applied to any employee who initiates or otherwise contributes to any disciplinary or other punitive action against any individual who brings to the attention of appropriate authorities, the press, or any member of the public, evidence of unauthorized use of information contained in the system;

(E) Inform a person who is asked to supply personal information for a system whether the person is legally required to, or may refuse to, supply the information;

(F) Develop procedures for purposes of monitoring the accuracy, relevance, timeliness, and completeness of the personal information in this system, and, in accordance with the procedures, maintain the personal information in the system with the accuracy, relevance, timeliness, and completeness that is necessary to assure fairness in any determination made with respect to a person on the basis of the information;

(G) Take reasonable precautions to protect personal information in the system from unauthorized modification, destruction, use, or disclosure;

(H) Collect, maintain, and use only personal information that is necessary and relevant to the functions that the agency is required or authorized to perform by statute, ordinance, code, or rule, and eliminate personal information from the system when it is no longer necessary and relevant to those functions.

Effective Date: 01-23-1981 .