(1) The lead organization must adopt clear policies and procedures for data requests and data release. At a minimum, the lead organization, in coordination with the data vendor, must develop procedures for making a request for data, how data requests will be reviewed, how decisions will be made on whether to grant or disapprove release of the requested data, and data release processes. The policies and procedures must be approved by the authority.
(2) The lead organization should help data requestors identify the best ways to describe and tailor the data request, understand the privacy and security requirements, and understand the limitations on use and data products derived from the data released.
(3) The lead organization must maintain a log of all requests and action taken on each request. The log must include at a minimum the following information: Name of requestor, data requested, purpose of the request, whether the request was approved or denied, if approved the date and data released, and if denied the date and reason for the denial. The lead organization shall post the log on the WA-APCD website that the lead organization is required to maintain.
[Statutory Authority: RCW
41.05.021,
41.05.160 and
43.371.020. WSR 20-08-059, § 182-70-200, filed 3/25/20, effective 4/25/20. WSR 19-24-090, recodified as § 182-70-200, filed 12/3/19, effective 1/1/20. Statutory Authority: Chapter
43.371 RCW. WSR 16-22-062, § 82-75-200, filed 11/1/16, effective 12/2/16.]