Ohio Administrative Code
Title 3745 - Ohio Environmental Protection Agency
Chapter 3745-48 - Accessing Confidential Personal Information
Section 3745-48-05 - Restricting and logging access to confidential personal information in computerized personal information systems
Current through all regulations passed and filed through March 18, 2024
For personal information systems that are computer systems and contain confidential personal information, the agency shall do the following:
(A) Access restrictions. Access to confidential personal information that is kept electronically shall require a password or other authentication measure.
(B) Acquisition of a new computer system. When the agency acquires a new computer system that stores, manages or contains confidential personal information, the agency shall include a mechanism for recording specific access by employees of the agency to confidential personal information in the system.
(C) Upgrading existing computer systems. When the agency modifies an existing computer system that stores, manages or contains confidential personal information, the agency shall make a determination whether the modification constitutes an upgrade. Any upgrades to a computer system shall include a mechanism for recording specific access by employees of the agency to confidential personal information in the system.
(D) Logging requirements regarding confidential personal information in existing computer systems.
(E) Log management. The agency shall issue a policy that specifies the following:
Nothing in this rule limits the agency from requiring logging in any circumstance that the agency deems necessary.
Five Year Review (FYR) Dates:
1/25/2022 and
01/25/2027
Promulgated
Under:
119.03
Statutory Authority:
1347.15
Rule Amplifies:
1347.15
Prior Effective Dates: 09/10/2010,
02/15/2016