(A) Introduction: This chapter regulates ODA employee access to the confidential personal information that ODA maintains.
(B) Definitions for this chapter:
"Access" as a noun means an instance of copying, viewing, or otherwise perceiving, whereas "access" as a verb means to copy, view, or otherwise perceive.
"Acquisition of a new computer system" means the purchase of a "computer system," as defined in this rule, that is not a computer system that is currently in place nor one for which the acquisition process was initiated on or before August 30, 2010.
"Computer system" means a "system," as defined in section 1347.01 of the Revised Code, that stores, maintains, or retrieves personal information using electronic data processing equipment.
"Confidential personal information" (CPI) has the meaning as in section 1347.15 of the Revised Code.
"Employee" means any ODA employee regardless of whether the employee holds an elected or appointed office or position within ODA.
"Incidental contact" means contact with the information that is secondary or tangential to the primary purpose of the activity that resulted in the contact.
"Individual" means a natural person or the natural person's authorized representative, legal counsel, legal custodian, or legal guardian.
"Information owner" means the employee section 1347.05 of the Revised Code requires ODA to make directly responsible for a system.
"ODA" means "the Ohio department of aging."
"Person" means a natural person.
"Personal information" has the same meaning as in section 1347.01 of the Revised Code.
"Personal information system" means a "system" that "maintains" "personal information," as those terms are defined in section 1347.01 of the Revised Code. "System" includes manual and computer systems.
"Research" means a methodical investigation into a subject.
"Routine" means commonplace, regular, habitual, or ordinary.
"System" has the same meaning as in section 1347.01 of the Revised Code.
"Upgrade" means a substantial redesign of an existing computer system for the purpose of providing a substantial amount of new application functionality, or application modifications that would involve substantial administrative or fiscal resources to implement, but would not include maintenance, minor updates and patches, or modifications that entail a limited addition of functionality due to changes in business or legal requirements.