STATE STATUTES & CODES
- Alabama
- Alaska
- Arizona
- Arkansas
- California
- Connecticut
- Delaware
- District of Columbia
- Florida
- Georgia
- Hawaii
- Idaho
- Illinois
- Indiana
- Iowa
- Kansas
- Kentucky
- Louisiana
- Maine
- Maryland
- Massachusetts
- Michigan
- Minnesota
- Mississippi
- Missouri
- Montana
- Nebraska
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- North Carolina
- North Dakota
- Ohio
- Oklahoma
- Oregon
- Pennsylvania
- Rhode Island
- South Carolina
- South Dakota
- Tennessee
- Texas
- Utah
- Vermont
- Virginia
- Washington
- West Virginia
- Wisconsin
- Wyoming
HAWAII STATUTES AND CODES
§487N-7 - Personal information system; government agencies; annual report.
[§487N-7] Personal information system; government agencies; annual report. (a) Effective January 1, 2009, any government agency that maintains one or more personal information systems shall submit to the council an annual report on the existence and character of each personal information system added or eliminated since the agency's previous annual report. The annual report shall be submitted no later than September 30 of each year.
(b) The annual report shall include:
(1) The name or descriptive title of the personal information system and its location;
(2) The nature and purpose of the personal information system and the statutory or administrative authority for its establishment;
(3) The categories of individuals on whom personal information is maintained, including:
(A) The approximate number of all individuals on whom personal information is maintained; and
(B) The categories of personal information generally maintained in the system, including identification of records that are:
(i) Stored in computer accessible records; or
(ii) Maintained manually;
(4) All confidentiality requirements relating to:
(A) Personal information systems or parts thereof that are confidential pursuant to statute, rule, or contractual obligation; and
(B) Personal information systems maintained on an unrestricted basis;
(5) Detailed justification of the need for statutory or regulatory authority to maintain any personal information system or part thereof on a confidential basis for all personal information systems or parts thereof that are required by law or rule;
(6) The categories of sources of personal information;
(7) The agency's policies and practices regarding personal information storage, duration of retention of information, and elimination of information from the system;
(8) The uses made by the agency of personal information contained in any personal information system;
(9) The identity of agency personnel, by job classification, and other agencies, persons, or categories to whom disclosures of personal information are made or to whom access to the personal information system may be granted, including the purposes of access and any restrictions on disclosure, access, and redisclosure;
(10) A list identifying all forms used by the agency in the collection of personal information; and
(11) The name, title, business address, and telephone number of the individual immediately responsible for complying with this section.
(c) For purposes of this section:
"Personal information system" means any manual or automated recordkeeping process that contains personal information and the name, personal number, or other identifying particulars of a data subject.
(d) Notwithstanding any other law to the contrary, this report shall be confidential and not disclosed publicly in any form or forum. [L Sp 2008, c 10, pt of §4]