Can I use third-party project management tools that collect personal information in Hawaii? What are the requirements?

Personal Information Security in Hawaii

If you are using third-party project management tools that collect personal information in Hawaii, you must ensure that the tools comply with Hawaii’s personal information security laws and regulations ^[1.1]. The Hawaii Information Privacy and Security Council has developed guidelines to be considered by government agencies in deciding whether, how, and when a government agency shall inform affected individuals of the loss, disclosure, or security breach of personal information that can contribute to identity theft ^[1.3].

Third-Party Project Management Tools

If you are using third-party project management tools that collect personal information in Hawaii, you must ensure that the tools comply with Hawaii’s personal information protection requirements ^[1.2]. The annual report shall include the name or descriptive title of the personal information system and its location, the nature and purpose of the personal information system and the statutory or administrative authority for its establishment, the categories of individuals on whom personal information is maintained, including the approximate number of all individuals on whom personal information is maintained, and the categories of personal information generally maintained in the system, including identification of records that are stored in computer accessible records or maintained manually ^[1.2].

It is recommended that you review the guidelines and ensure that the third-party project management tools you are using comply with them. If you are unsure whether the tools comply with Hawaii’s personal information security laws and regulations, you may want to consult with a legal professional.

Conclusion

To summarize, if you are using third-party project management tools that collect personal information in Hawaii, you must ensure that the tools comply with Hawaii’s personal information security laws and regulations. You must also submit an annual report on the existence and character of each personal information system added or eliminated since the agency’s previous annual report ^[1.2].

Source(s):

• [1.1] Personal information security; best practices; websites.
• [1.2] Personal information system; government agencies; annual report Personal information protection requirements. L Sp 2008, c 10, §§7 to 15. Personal information policy and oversight responsibilities for government agencies, see §487J-5.
• [1.3] Information privacy and security council; established; duties; reports.

Jurisdiction

Hawaii

• Privacy