Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I use third-party project management tools that collect personal information in Idaho? What are the requirements?

Using Third-Party Project Management Tools that Collect Personal Information in Idaho

If you are using third-party project management tools that collect personal information of Idaho residents, you must comply with the requirements of IDST 28-51-105 [1.1]. According to IDST 28-51-105, a city, county, state agency, individual, or commercial entity that conducts business in Idaho and owns or licenses computerized data that includes personal information about a resident of Idaho shall, when it becomes aware of a breach of the security of the system, conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused. If the investigation determines that the misuse of information about an Idaho resident has occurred or is reasonably likely to occur, the agency, individual, or commercial entity shall give notice as soon as possible to the affected Idaho resident. Notice must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and consistent with any measures necessary to determine the scope of the breach, to identify the individuals affected, and to restore the reasonable integrity of the computerized data system.

Additionally, IDAPA 16.05.01.75 [2.1] provides guidelines for the use and disclosure of confidential information in Idaho. Without consent or authorization, no one may use or disclose health or other confidential information except as provided in Section 100 of this chapter. With consent or authorization, confidential information will be used or disclosed only on a need-to-know basis and to the extent minimally necessary for the conduct of the Department’s business and the provision of benefits or services, subject to law and the exceptions listed in these rules. Recipients of information must protect against unauthorized disclosure or use of the information for purposes that are not specified in a consent or an authorization.

Therefore, if you are using third-party project management tools that collect personal information of Idaho residents, you must ensure that the tool has adequate security measures in place to prevent a breach of the system. If a breach occurs, you must conduct a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused. If the investigation determines that the misuse of information about an Idaho resident has occurred or is reasonably likely to occur, you must give notice as soon as possible to the affected Idaho resident. Additionally, you must comply with the guidelines for the use and disclosure of confidential information provided in IDAPA 16.05.01.75.

Conclusion

To summarize, if you are using third-party project management tools that collect personal information of Idaho residents, you must comply with the requirements of IDST 28-51-105 and the guidelines for the use and disclosure of confidential information provided in IDAPA 16.05.01.75. You must ensure that the tool has adequate security measures in place to prevent a breach of the system. If a breach occurs, you must conduct a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused. If the investigation determines that the misuse of information about an Idaho resident has occurred or is reasonably likely to occur, you must give notice as soon as possible to the affected Idaho resident.

Source(s):
Jurisdiction

Idaho