Compliance - HB 648
Summary:
House Bill 648 is currently being fast tracked through the Ohio State Congress. The Bill will require State Agencies, including the University of Cincinnati, to adopt new rules for governing access to confidential personal information. House Bill 648 refers to confidential personal information as being any personal information that is not a public record. The new rules will create a civil action for harm resulting from an intentional violation of rules, impose a criminal penalty for such an intentional violation, and require agencies to track all access to databases holding confidential personal information.
House Bill 648 will force the University to monitor closely who has access to confidential personal information. Each employee and department that currently has access to confidential personal information will have to present a valid business reason for their access and go through mandatory training on new policies and procedures.
The university will be required to password protect and to log all access to systems containing confidential personal information. Each time an authorized employee accesses personal information they will be required to present a valid business reason. Invalid access will result in immediate termination, and an automatic misdemeanor conviction.
For compliance with House Bill 648 the University will be required to designate an employee to serve as the data privacy point of contact. This employee will work with the chief privacy officer within the office of information technology to ensure systems containing confidential personal information are properly protected. The data privacy point of contact will also be required to complete a privacy impact assessment form, developed by the Office of Information Technology, and post it on the University website by December 1st of each year.
The university's procedures and policies in accordance to the proposed bill will be open to review by the state auditor. The state auditor will ensure compliance, and may include citations or recommendations relating to the proposed bill.
Essentially, House bill 648 places more responsibility on the employees of state agencies, and provides citizens with greater assurance that their personal information is safe. House Bill 648 presents several big challenges to the University and other state agencies alike, but it seems to be a step in the right direction by the State of Ohio.
For more information
|
