Can I collect server log information from participants in Washington? What are the requirements?

Based on the provided context documents, it appears that Washington state has specific regulations regarding the collection of server log information from participants.

To collect server log information from participants in Washington, you must comply with the state’s privacy and security requirements ^[2.1]. The authority or the office of chief information officer or both may request from the lead organization any or all of the following: (1) Audit logs pertaining to accessing the data; (2) Completion of a security design review as required by Washington state IT security standards; (3) Documentation of compliance with OCIO security policy (OCIO policy 141.10 Securing information technology assets standards); (4) All data use agreements.

Additionally, if the requested records contain information that may affect rights of others and may be exempt from disclosure, the public records officer or designee may, prior to providing the records, give notice to such others whose rights may be affected by the disclosure ^[4.2].

Therefore, to collect server log information from participants in Washington, you must comply with the state’s privacy and security requirements and provide notice to affected parties if necessary.

Source(s):

• [2.1] State oversight of compliance with privacy and security requirements.
• [4.2] Processing of requests for public records.

Jurisdiction

Washington

• Privacy