(a) Effective January 1, 2009, any government agency that maintains one or more personal information systems shall submit to the council an annual report on the existence and character of each personal information system added or eliminated since the agency’s previous annual report. The annual report shall be submitted no later than September 30 of each year.

Terms Used In Hawaii Revised Statutes 487N-7

  • Business: means a sole proprietorship, partnership, corporation, association, or other group, however organized, and whether or not organized to operate at a profit. See Hawaii Revised Statutes 487N-1
  • Council: means the information privacy and security council established under section 487N-5. See Hawaii Revised Statutes 487N-1
  • Government agency: means any department, division, board, commission, public corporation, or other agency or instrumentality of the State or of any county. See Hawaii Revised Statutes 487N-1
  • Obligation: An order placed, contract awarded, service received, or similar transaction during a given period that will require payments during the same or a future period.
  • Personal information: means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:

    (1) Social security number;

    (2) Driver's license number or Hawaii identification card number; or

    (3) Account number, credit or debit card number, access code, or password that would permit access to an individual's financial account. See Hawaii Revised Statutes 487N-1

  • Records: means any material on which written, drawn, spoken, visual, or electromagnetic information is recorded or preserved, regardless of physical form or characteristics. See Hawaii Revised Statutes 487N-1
  • Statute: A law passed by a legislature.
(b) The annual report shall include:

(1) The name or descriptive title of the personal information system and its location;
(2) The nature and purpose of the personal information system and the statutory or administrative authority for its establishment;
(3) The categories of individuals on whom personal information is maintained, including:

(A) The approximate number of all individuals on whom personal information is maintained; and
(B) The categories of personal information generally maintained in the system, including identification of records that are:

(i) Stored in computer accessible records; or
(ii) Maintained manually;
(4) All confidentiality requirements relating to:

(A) Personal information systems or parts thereof that are confidential pursuant to statute, rule, or contractual obligation; and
(B) Personal information systems maintained on an unrestricted basis;
(5) Detailed justification of the need for statutory or regulatory authority to maintain any personal information system or part thereof on a confidential basis for all personal information systems or parts thereof that are required by law or rule;
(6) The categories of sources of personal information;
(7) The agency’s policies and practices regarding personal information storage, duration of retention of information, and elimination of information from the system;
(8) The uses made by the agency of personal information contained in any personal information system;
(9) The identity of agency personnel, by job classification,and other agencies, persons, or categories to whom disclosures of personal information are made or to whom access to the personal information system may be granted, including the purposes of access and any restrictions on disclosure, access, and redisclosure;
(10) A list identifying all forms used by the agency in the collection of personal information; and
(11) The name, title, business address, and telephone number of the individual immediately responsible for complying with this section.
(c) For purposes of this section:

“Personal information system” means any manual or automated recordkeeping process that contains personal information and the name, personal number, or other identifying particulars of a data subject.

(d) Notwithstanding any other law to the contrary, this report shall be confidential and not disclosed publicly in any form or forum.

  Previous
Next  
 Chapter 487N Contents