Ohio Administrative Code
Title 3353 - eTech Ohio Commission
Chapter 3353-1 - General Provisions
Section 3353-1-14.4 - Restricting and logging access to confidential personal information in computerized personal information systems
Current through all regulations passed and filed through September 16, 2024
For personal information systems that are computer systems and contain confidential personal information, the agency shall do the following:
(A) Access restrictions. Access to confidential personal information that is kept electronically shall require a password or other authentication measure.
(B) Acquisition of a new computer system. When the agency acquires a new computer system that stores, manages or contains confidential personal information, the agency shall include a mechanism for recording specific access by employees of the agency to confidential personal information in the system.
(C) Upgrading existing computer systems. When the agency modifies an existing computer system that stores, manages or contains confidential personal information, the agency shall make a determination whether the modification constitutes an upgrade. Any upgrades to a computer system shall include a mechanism for recording specific access by employees of the agency to confidential personal information in the system.
(D) Logging requirements regarding confidential personal information in existing computer systems.
(E) Log management. The agency shall issue a policy that specifies the following:
Nothing in this rule limits the agency from requiring logging in any circumstance that it deems necessary.
Five Year Review (FYR) Dates:
12/08/2016 and
12/08/2021
Promulgated
Under: 119.03
Statutory
Authority: 1347.15
Rule
Amplifies: 1347.15
Prior
Effective Dates: 03/21/2011