Current through Register Vol. 63, No. 12, December 1, 2024
Section 291-035-0025 - Use of Data(1) The department prohibits unauthorized use or sharing of personal identifiers and information in any way that materially compromises the security, confidentiality, or integrity, of personal information. Subject to the Public Information disclosure requirements, the approved ERP shall treat any data received from DOC as private and privileged, and will not divulge in any form to any person, firm corporation or entity except on the direct written authorization of DOC.(2) Approved ERPs are responsible for complying with statutory requirements regarding information security in accordance with ORS 276A.300, ORS 646A.600, and DOC Information Security policies 60.1.4, 60.1.5 and 60.1.6.(3) Data collected may only be used for the purpose outlined in the proposal approved by the Research Committee. Additional use of the data including but not limited to other analyses, reporting, and dissemination must be preapproved by the Research Committee.(4) While the department does not prohibit the approved ERP from distributing accurate data, the department may require the inclusion of a disclaimer if the department is not in agreement with the approved ERP's assumptions regarding the data or conclusions drawn.Or. Admin. Code § 291-035-0025
DOC 4-2019, adopt filed 01/22/2019, effective 1/22/2019Statutory/Other Authority: ORS 179.040, 423.020, 423.030 & 423.075
Statutes/Other Implemented: ORS 179.040, 423.020, 423.030 & 423.075