Ohio Administrative Code
Title 109 - Attorney General
Chapter 109-4 - Accessing Confidential Personal Information
Section 109-4-05 - Restricting and logging access to confidential personal information in computerized personal information systems
Current through all regulations passed and filed through September 16, 2024
For personal information systems that are computer systems and contain confidential personal information, the office shall do the following:
(A) Access restrictions. Access to confidential personal information that is kept electronically shall require a password or other authentication measure.
(B) Acquisition of a new computer system. When the office acquires a new computer system that stores, manages or contains confidential personal information, the office shall include a mechanism for recording specific access by employees of the office to confidential personal information in the system.
(C) Upgrading existing computer systems. When the office modifies an existing computer system that stores, manages or contains confidential personal information, the office shall make a determination whether the modification constitutes an upgrade. Any upgrades to a computer system shall include a mechanism for recording specific access by employees of the office to confidential personal information in the system.
(D) Logging requirements regarding confidential personal information in existing computer systems.
(E) Log management. The office shall issue a policy that specifies the following:
Nothing in this rule limits the office from requiring logging in any circumstances that it deems necessary.
Five Year Review (FYR) Dates:
02/01/2016 and
02/01/2021
Promulgated
Under: 119.03
Statutory
Authority: 1347.15(B)
Rule Amplifies:
1347.15
Prior
Effective Dates: 02/01/2011