House Bill Analysis

HB 2228

 

Title: An act relating to the collection of personally identifiable information by state agencies.

 

Brief Description: Monitoring personal information collected by state agencies.

 

Sponsors: Representatives Dunshee, McMorris, Romero and Kessler.

 

Brief Summary of Bill

 

CRequires the Department of Information Services to maintain a registry of information systems or databases containing personally identifiable information.

 

 

House State Government Committee

 

Staff: Jim Morishima (786-7191)

 

Background:

 

State agencies collect personally identifiable information from individuals in Washington under a wide variety of circumstances.  For example, agencies must collect employment information (e.g., telephone numbers, social security numbers) from state employees.  Also, some agencies collect personally identifiable information from individuals applying for professional or other licenses.  Currently, there is no state-wide registry for state agency information systems or databases containing personally identifiable information.

 

The Legislature created the Department of Information Services (DIS) in 1987.  The DIS performs duties and responsibilities delegated to it by the Information Services Board.  The DIS also performs other statutory duties including providing information services to state agencies and local governments on a cost-recovery basis.

 

Summary of Bill:

 

The DIS must create and maintain a registry of information systems or databases maintained by state agencies containing personally identifiable information.  "Personally identifiable information" is defined as information that can be associated with a particular individual through one or more identifiers or other information or circumstances.  The DIS does not need to include in the registry systems or databases containing personally identifiable information pertaining solely to public officials acting in their official capacities. 

 

The registry must contain, at a minimum, the following information about each system or database in the registry:

 

CThe purpose of the system or database;

CThe type of information included in the system or database;

CThe number of records involved in the system or database;

CThe statutory authorization for the system or database;

CThe methods used to collect or update the information in the system or database;

CThe retention schedule for the system or database; and

CA list of other databases that are merged or matched with the system or database.

 

Appropriation: None

 

Fiscal Note: Requested January 10, 2000.

 

Effective Date: Ninety days after adjournment of session in which bill is passed.