Can I use third-party marketing automation tools that collect personal information in Ohio? What are the requirements?

Using Third-Party Marketing Automation Tools that Collect Personal Information in Ohio

Yes, you can use third-party marketing automation tools that collect personal information in Ohio, but you must ensure that you comply with the relevant Ohio laws and regulations.

According to OHAC Rule 3706-3-05 ^[1.1], personal information systems that are computer systems and contain confidential personal information must restrict access to confidential personal information that is kept electronically and require a password or other authentication measure. Additionally, any upgrades to a computer system must include a mechanism for recording specific access by employees of the Ohio air quality development authority to confidential personal information in the system.

OHAC Rule 123-2-05 ^[2.1] requires that personal information systems collect, maintain, and use only personal information that is necessary and relevant to the functions it is required or authorized to perform by statute, ordinance, code, or rule and eliminate such information when it is no longer necessary to those functions.

Furthermore, OHAC Rule 991-9-01 ^[2.3] regulates employee access to confidential personal information that OEC retains. Personal information systems of OEC are managed on a “need-to-know” basis whereby the information owner determines the level of access required for an employee of OEC to fulfill his or her job duties. The determination of access to confidential personal information shall be approved by the employee’s supervisor and the information owner prior to providing the employee with access to confidential personal information within a personal information system.

Based on the above rules, if you are using third-party marketing automation tools that collect personal information in Ohio, you must ensure that the personal information collected is necessary and relevant to the functions you are required or authorized to perform. You must also ensure that access to confidential personal information is restricted and recorded, and that the personal information is eliminated when it is no longer necessary to those functions. Additionally, you must manage access to confidential personal information on a “need-to-know” basis and obtain approval from the employee’s supervisor and the information owner prior to providing access to confidential personal information within a personal information system.

Requirements for Using Third-Party Marketing Automation Tools that Collect Personal Information in Ohio

To use third-party marketing automation tools that collect personal information in Ohio, you must comply with the following requirements:

1. Ensure that the personal information collected is necessary and relevant to the functions you are required or authorized to perform.
2. Restrict access to confidential personal information that is kept electronically and require a password or other authentication measure.
3. Record specific access by employees to confidential personal information in the system.
4. Eliminate personal information when it is no longer necessary to those functions.
5. Manage access to confidential personal information on a “need-to-know” basis and obtain approval from the employee’s supervisor and the information owner prior to providing access to confidential personal information within a personal information system.

Please note that this response is based on the context documents provided and may not be exhaustive. If you have any further questions or concerns, it is recommended that you consult with a legal professional.

^{[1.1][2.1][2.3]}

Source(s):

• [1.1] Restricting and logging access to confidential personal information in computerized personal information systems.
• [2.1] Personal information systems.
• [2.3] Collection, maintenance and use of only personal information which is necessary and relevant.

Jurisdiction

Ohio

• Privacy