Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I collect personal information from participants in Ohio? What are the requirements?

Requirements for Collecting Personal Information from Participants in Ohio

If you are collecting personal information from participants in Ohio, you must comply with the Ohio Administrative Code (OAC) rules regarding accessing confidential personal information.

According to OAC Rule 991-9-01, personal information systems of the Ohio Expositions Commission (OEC) are managed on a “need-to-know” basis whereby the information owner determines the level of access required for an employee of OEC to fulfill his or her job duties. The determination of access to confidential personal information shall be approved by the employee’s supervisor and the information owner prior to providing the employee with access to confidential personal information within a personal information system.

Additionally, OEC shall establish procedures for determining a revision to an employee’s access to confidential personal information upon a change to that employee’s job duties including, but not limited to, transfer or termination. Whenever an employee’s job duties no longer require access to confidential personal information in a personal information system, the employee’s access to confidential personal information shall be removed.

If you are collecting personal information from participants in Ohio, you must also comply with the confidentiality statutes and regulations outlined in OAC Rule 991-9-01(D).

Furthermore, if you are collecting personal information electronically, you must comply with the access restrictions and logging requirements outlined in OAC Rule 991-9-01(E). Access to confidential personal information that is kept electronically shall require a password or other authentication measure. OEC shall require employees of the agency who access confidential personal information within computer systems to maintain a log that records that access.

Conclusion

To summarize, if you are collecting personal information from participants in Ohio, you must comply with the Ohio Administrative Code rules regarding accessing confidential personal information. You must also comply with the confidentiality statutes and regulations outlined in OAC Rule 991-9-01(D). If you are collecting personal information electronically, you must comply with the access restrictions and logging requirements outlined in OAC Rule 991-9-01(E).

Jurisdiction

Ohio