Sec. 7. (a) Any state agency maintaining one (1) or more personal information systems shall file an annual report on the existence and character of each system added or eliminated since the last report with the governor on or before December 31.
(b) The agency shall include in such report at least the following information:
(1) The name or descriptive title of the personal information system and its location.
(2) The nature and purpose of the system and the statutory or administrative authority for its establishment.
(3) The categories of individuals on whom personal information is maintained including the approximate number of all individuals on whom information is maintained and the categories of personal information generally maintained in the system including identification of those which are stored in computer accessible records and those which are maintained manually.
(4) All confidentiality requirements, specifically:
(A) those personal information systems or parts thereof which are maintained on a confidential basis pursuant to a statute, contractual obligation, or rule; and
(B) those personal information systems maintained on an unrestricted basis.
(5) In the case of subdivision (4)(A) of this subsection, the agency shall include detailed justification of the need for statutory or regulatory authority to maintain such personal information systems or parts thereof on a confidential basis and, in making such justification, the agency shall make reference to section 8 of this chapter.
(6) The categories of sources of such personal information.
(7) The agency's policies and practices regarding the implementation of section 2 of this chapter relating to information storage, duration of retention of information, and elimination of information from the system.
(8) The uses made by the agency of personal information contained in the system.
(9) The identity of agency personnel, other agencies, and persons or categories of persons to whom disclosures of personal information are made or to whom access to the system may be granted, together with the purposes therefor and the restriction, if any, on such disclosures and access, including any restrictions on redisclosure.
(10) A listing identifying all forms used in the collection of personal information.
(11) The name, title, business address, and telephone number of the person immediately responsible for bringing and keeping the system in compliance with the provisions of this chapter.
As added by Acts 1977, P.L.21, SEC.1. Amended by Acts 1978, P.L.10, SEC.3; P.L.19-1983, SEC.2.
Structure Indiana Code
Title 4. State Offices and Administration
Article 1. Miscellaneous Provisions
Chapter 6. Fair Information Practices; Privacy of Personal Information
4-1-6-2. Personal Information System
4-1-6-4. Disclosures Limited to Business Hours; Standard Charges
4-1-6-5. Challenge of Information by Data Subject; Notice; Minimum Procedures
4-1-6-6. Securing of Confidential Information Protected
4-1-6-7. State Agencies Maintaining One or More Systems; Requirements
4-1-6-8. Policy of Access; Restricted Access as Condition for Receipt of Donated Materials
4-1-6-8.5. Consistent Handling of Information Among and Between Agencies; Principles and Procedures
4-1-6-8.6. Requests for Access to Confidential Records; Improper Disclosure; Actions