(a) There is established an information privacy and security council within the department of accounting and general services for administrative purposes only. Members of the council shall be appointed no later than September 1, 2008, by the governor without regard to § 26-34 and shall be composed of the following representatives:

Terms Used In Hawaii Revised Statutes 487N-5

  • Council: means the information privacy and security council established under section 487N-5. See Hawaii Revised Statutes 487N-1
  • county: includes the city and county of Honolulu. See Hawaii Revised Statutes 1-22
  • Government agency: means any department, division, board, commission, public corporation, or other agency or instrumentality of the State or of any county. See Hawaii Revised Statutes 487N-1
  • Personal information: means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:

    (1) Social security number;

    (2) Driver's license number or Hawaii identification card number; or

    (3) Account number, credit or debit card number, access code, or password that would permit access to an individual's financial account. See Hawaii Revised Statutes 487N-1

  • Records: means any material on which written, drawn, spoken, visual, or electromagnetic information is recorded or preserved, regardless of physical form or characteristics. See Hawaii Revised Statutes 487N-1
  • Security breach: means an incident of unauthorized access to and acquisition of unencrypted or unredacted records or data containing personal information where illegal use of the personal information has occurred, or is reasonably likely to occur and that creates a risk of harm to a person. See Hawaii Revised Statutes 487N-1
(1) Executive agencies that maintain extensive personal information in the conduct of their duties, including the department of commerce and consumer affairs, the department of education, the department of health, the department of human resources development, the department of human services, and the University of Hawaii, to be selected by the governor;
(2) The legislature, to be selected by the president of the senate and the speaker of the house of representatives;
(3) The judiciary, to be selected by the chief justice of the Hawaii supreme court; and
(4) The four counties, to be selected by the mayor of each county; provided that the mayor of each county shall determine the extent to which the county may or may not participate.

Each member of the council may designate a person from that member’s agency to attend meetings and act on the member’s behalf, including for voting purposes, when the member is unable to attend a meeting. The chief information officer or the chief information officer’s designee shall serve as chair of the council.

(b) By January 1, 2009, the council shall submit to the legislature a report of the council’s assessment and recommendations on initiatives to mitigate the negative impacts of identity theft incidents on individuals. The report shall emphasize assessing the merits of identity theft passport and identity theft registry initiatives that have been implemented in other states.
(c) No later than June 30, 2009, the council shall develop guidelines to be considered by government agencies in deciding whether, how, and when a government agency shall inform affected individuals of the loss, disclosure, or security breach of personal information that can contribute to identify theft. The guidelines shall provide a standardized, risk-based notification process in the instance of a security breach.
(d) The council shall review the individual annual reports submitted by government agencies, pursuant to section 487N-7 and submit a summary report to the legislature no later than twenty days prior to the convening of the regular session of 2010 and each year thereafter. The summary report shall include the council’s findings, significant trends, and recommendations to protect personal information used by government agencies.

The initial report to the legislature also shall include proposed legislation to amend § 487N-2 or any other law that the council deems necessary to conform to the guidelines established under subsection (c).

(e) The chief information officer may establish support positions for the office of enterprise technology services, including but not limited to information technology, human resources and personnel, records management, and administrative support.

  Previous
Next  
 Chapter 487N Contents