Indiana Code 4-1-6-2. Personal information system
(1) collect, maintain, and use only that personal information as is relevant and necessary to accomplish a statutory purpose of the agency;
Terms Used In Indiana Code 4-1-6-2
- Confidential: means information which has been so designated by statute or by promulgated rule or regulation based on statutory authority. See Indiana Code 4-1-6-1
- Data subject: means an individual about whom personal information is indexed or may be located under the individual's name, personal number, or other identifiable particulars, in a personal information system. See Indiana Code 4-1-6-1
- Oversight: Committee review of the activities of a Federal agency or program.
- Personal information: means any information that describes, locates, or indexes anything about an individual or that affords a basis for inferring personal characteristics about an individual including, but not limited to, the individual's education, financial transactions, medical history, criminal or employment records, finger and voice prints, photographs, or the individual's presence, registration, or membership in an organization or activity or admission to an institution. See Indiana Code 4-1-6-1
- Personal information system: means any recordkeeping process, whether automated or manual, containing personal information and the name, personal number, or other identifying particulars of a data subject. See Indiana Code 4-1-6-1
- State agency: means every agency, board, commission, department, bureau, or other entity of the administrative branch of Indiana state government, except those which are the responsibility of the state comptroller, treasurer of state, secretary of state, attorney general, and excepting the department of state police and state educational institutions. See Indiana Code 4-1-6-1
(3) collect no personal information concerning in any way the political or religious beliefs, affiliations and activities of an individual unless expressly authorized by law or by a rule promulgated by the oversight committee on public records pursuant to IC 4-22-2;
(4) assure that personal information maintained or disseminated from the system is, to the maximum extent possible, accurate, complete, timely, and relevant to the needs of the state agency;
(5) inform any individual requested to disclose personal information whether that disclosure is mandatory or voluntary, by what statutory authority it is solicited, what uses the agency will make of it, what penalties and specific consequences for the individual, which are known to the agency, are likely to result from nondisclosure, whether the information will be treated as a matter of public record or as confidential information, and what rules of confidentiality will govern the information;
(6) insofar as possible segregate information of a confidential nature from that which is a matter of public record; and, pursuant to statutory authority, establish confidentiality requirements and appropriate access controls for all categories of personal information contained in the system;
(7) maintain a list of all persons or organizations having regular access to personal information which is not a matter of public record in the information system;
(8) maintain a complete and accurate record of every access to personal information in a system which is not a matter of public record by any person or organization not having regular access authority;
(9) refrain from preparing lists of the names and addresses of individuals for commercial or charitable solicitation purposes except as expressly authorized by law or by a rule promulgated by the oversight committee on public records pursuant to IC 4-22-2;
(10) make reasonable efforts to furnish prior notice to an individual before any personal information on such individual is made available to any person under compulsory legal process;
(11) establish rules and procedures to assure compliance with this chapter and instruct each of its employees having any responsibility or function in the design, development, operation or maintenance of such system or use of any personal information contained in the system of each requirement of this chapter and of each rule and procedure adopted by the agency to assure compliance with this chapter;
(12) establish appropriate administrative, technical and physical safeguards to insure the security of the information system and to protect against any anticipated threats or hazards to their security or integrity; and
(13) exchange with other agencies official personal information that it has collected in the pursuit of statutory functions when:
(A) the information is requested for purposes authorized by law including a rule promulgated pursuant to IC 4-22-2;
(B) the data subject would reasonably be expected to benefit from the action for which information is requested;
(C) the exchange would eliminate an unnecessary and expensive duplication in data collection and would not tangibly, adversely affect the data subject; or
(D) the exchange of information would facilitate the submission of documentation required for various state agencies and departments to receive federal funding reimbursement for programs which are being administered by the agencies and departments.
As added by Acts 1977, P.L.21, SEC.1. Amended by Acts 1978, P.L.10, SEC.2; Acts 1979, P.L.40, SEC.3; P.L.136-2018, SEC.4.