Any state agency maintaining a personal
information system shall:
(1)collect, maintain, and use only that personal information as is
relevant and necessary to accomplish a statutory purpose of the
agency;
(2)collect information to the greatest extent practicable from the
data subject directly when the information may result in adverse
determinations about an individual's rights, benefits and
privileges under federal or state programs;
(3)collect no personal information concerning in any way the
political or religious beliefs, affiliations and activities of an
individual unless expressly authorized by law or by a rule
promulgated by the oversight committee on public records
pursuant to IC 4-22-2;
(4)assure that personal information maintained or disseminated
from the system is, to the m
Free access — add to your briefcase to read the full text and ask questions with AI
Any state agency maintaining a personal
information system shall:
(1) collect, maintain, and use only that personal information as is
relevant and necessary to accomplish a statutory purpose of the
agency;
(2) collect information to the greatest extent practicable from the
data subject directly when the information may result in adverse
determinations about an individual's rights, benefits and
privileges under federal or state programs;
(3) collect no personal information concerning in any way the
political or religious beliefs, affiliations and activities of an
individual unless expressly authorized by law or by a rule
promulgated by the oversight committee on public records
pursuant to IC 4-22-2;
(4) assure that personal information maintained or disseminated
from the system is, to the maximum extent possible, accurate,
complete, timely, and relevant to the needs of the state agency;
(5) inform any individual requested to disclose personal
information whether that disclosure is mandatory or voluntary, by
what statutory authority it is solicited, what uses the agency will
make of it, what penalties and specific consequences for the
individual, which are known to the agency, are likely to result
from nondisclosure, whether the information will be treated as a
matter of public record or as confidential information, and what
rules of confidentiality will govern the information;
(6) insofar as possible segregate information of a confidential
nature from that which is a matter of public record; and, pursuant
to statutory authority, establish confidentiality requirements and
appropriate access controls for all categories of personal
information contained in the system;
(7) maintain a list of all persons or organizations having regular
access to personal information which is not a matter of public
record in the information system;
(8) maintain a complete and accurate record of every access to
personal information in a system which is not a matter of public
record by any person or organization not having regular access
authority;
(9) refrain from preparing lists of the names and addresses of
individuals for commercial or charitable solicitation purposes
except as expressly authorized by law or by a rule promulgated by
the oversight committee on public records pursuant to IC 4-22-2;
(10) make reasonable efforts to furnish prior notice to an
individual before any personal information on such individual is
made available to any person under compulsory legal process;
(11) establish rules and procedures to assure compliance with this
chapter and instruct each of its employees having any
responsibility or function in the design, development, operation
or maintenance of such system or use of any personal information
contained in the system of each requirement of this chapter and
of each rule and procedure adopted by the agency to assure
compliance with this chapter;
(12) establish appropriate administrative, technical and physical
safeguards to insure the security of the information system and to
protect against any anticipated threats or hazards to their security
or integrity; and
(13) exchange with other agencies official personal information
that it has collected in the pursuit of statutory functions when:
(A) the information is requested for purposes authorized by law
including a rule promulgated pursuant to IC 4-22-2;
(B) the data subject would reasonably be expected to benefit
from the action for which information is requested;
(C) the exchange would eliminate an unnecessary and
expensive duplication in data collection and would not tangibly,
adversely affect the data subject; or
(D) the exchange of information would facilitate the submission
of documentation required for various state agencies and
departments to receive federal funding reimbursement for
programs which are being administered by the agencies and
departments.
As added by Acts 1977, P.L.21, SEC.1. Amended by Acts 1978,
P.L.10, SEC.2; Acts 1979, P.L.40, SEC.3; P.L.136-2018,
SEC.4.