Sub. H.B. 648

127th General Assembly

(S. Judiciary – Criminal Justice)

 

 

The Senate Committee modified the House-passed version of the bill as follows:

(1)  In the provision that specifies that each state agency must have a procedure that requires that, until an upgrade to an existing computer system or an acquisition of a new computer system of the agency occurs, the agency must keep a log that records specific access by employees of the state agency to confidential personal information, added exceptions that specify that a procedure adopted under the provision is not to require a state agency to record in the log any specific access by any employee of the agency to confidential personal information in any of the following circumstances: (a) the access occurs as a result of research performed for official agency purposes, routine office procedures, or incidental contact with the information, unless the conduct resulting in the access is specifically directed toward a specifically named individual or a group of specifically named individuals, or (b) the access is to confidential personal information about an individual, and the access occurs as a result of a request by that individual for confidential personal information about that individual.

(2)  Revised the provision that specifies the duties of the Auditor of State under the bill to provide that the Auditor of State must obtain evidence that state agencies adopted the procedures and policies in a rule under the bill, must obtain evidence supporting whether the agency is complying with those policies and procedures, and may include citations or recommendations relating to those provisions in any audit report the Auditor of State issues.

(3)  Revised the provision that pertains to the bringing of a civil action by a person who is harmed by a violation of a rule of a state agency adopted under the bill to specify that the person may bring the action in the Court of Claims, as described in R.C. 2743.02(F), against any person who directly and proximately caused the harm. 

(4)  In the provision that requires the Tax Commissioner to adopt rules that require that any search of any of the databases of the Department of Taxation be tracked so that administrators of the database or investigators can identify each account holder who conducted a search of the database, added exceptions to specify that the rules are not to require the tracking of any search of any of the databases of the Department conducted by an account holder in any of the following circumstances: (a) the search occurs as a result of research performed for official agency purposes, routine office procedures, or incidental contact with the information, unless the search is specifically directed toward a specifically named individual or a group of specifically named individuals, or (b) the search is for information about an individual, and it is performed as a result of a request by that individual for information about that individual.

 

 

H0648-127.doc/ar                                                                                                    12/17/2008