5740.08 Certified service providers.

(A) As used in this section:

(1) "Confidential taxpayer information" means all information that is protected under Title LVII of the Revised Code or other applicable law.

(2) "Personally identifiable information" means information that identifies a person.

(3) "Anonymous data" means information that does not identify a person.

(B) A certified service provider shall preserve the privacy of consumers who buy, lease, or rent tangible personal property or services from sellers with whom the provider has contracted for the collection and remittance of sales and use taxes to this state. The certified service provider shall protect the personally identifiable information of a consumer in the same manner as required of the department of taxation for taxpayer information. The certified service provider shall use a certified automated system to perform sales and use tax calculations, remittances, and reporting that does not retain the personally identifiable information of consumers, except as follows:

(1) To determine whether a consumer's status or intended use of the goods or services purchased is exempt from the sales or use tax;

(2) To investigate fraud by a consumer or seller;

(3) To the extent necessary to ensure the reliability of the providers' technology and certified automated system in performing all of a seller's sales and use tax functions.

The certified service provider shall provide technical, physical, and administrative safeguards to protect personally identifiable information from unauthorized access and disclosure.

(C) The tax commissioner shall provide to consumers clear and conspicuous notice of the commissioner's information retention and sharing practices, including what personally identifiable information the commissioner collects, how the information collected is used, how long the information is retained, and whether the information may be disclosed to other states. When the commissioner retains a consumer's personally identifiable information that the commissioner received from a certified service provider, the commissioner shall allow the consumer to examine that information and correct any inaccurately recorded information.

(D) If any person, other than a member state or a person otherwise authorized by the laws of this state, seeks to discover a consumer's personally identifiable information, the tax commissioner shall make a reasonable and timely effort to notify the consumer of such request.

(E) Notwithstanding this section, the laws of this state regarding the collection, use, and maintenance of confidential taxpayer information remain applicable and binding. The agreement does not enlarge or limit this state's authority to do any of the following:

(1) Conduct audits or other reviews as provided under the agreement or state law;

(2) Provide records pursuant to section 149.43 of the Revised Code or to governmental agencies under disclosure laws;

(3) Prevent the disclosure of confidential taxpayer information in accordance with Title LVII of the Revised Code;

(4) Prevent, consistent with federal law, the disclosure or misuse of federal return information obtained under a disclosure agreement with the Internal Revenue Service;

(5) Collect, disclose, disseminate, or otherwise use anonymous data for governmental purposes.

(F) This section does not enlarge or limit the privacy policies of any seller that has selected a certified service provider as its agent to perform all of the seller's sales and use tax functions.

(G) A certified service provider that fails to comply with this section is subject to investigation by the tax commissioner or the commissioner's agents and the attorney general, and to prosecution by the attorney general.

Effective Date: 06-21-2002; 04-29-2005