HOUSE BILL REPORT
HB 2228
As Reported By House Committee On:
State Government
Title: An act relating to the collection of personally identifiable information by state agencies.
Brief Description: Monitoring personal information collected by state agencies.
Sponsors: Representatives Dunshee, McMorris, Romero and Kessler.
Brief History:
Committee Activity:
State Government: 1/11/00, 2/4/00 [DP].
Brief Summary of Bill
$Requires the Department of Information Services to maintain a registry of information systems or databases containing personally identifiable information.
|
HOUSE COMMITTEE ON STATE GOVERNMENT
Majority Report: Do pass. Signed by 8 members: Representatives McMorris, Republican Co-Chair; Romero, Democratic Co-Chair; Campbell, Republican Vice Chair; Miloscia, Democratic Vice Chair; Dunshee; Haigh; Lambert and D. Schmidt.
Staff: Jim Morishima (786-7191).
Background:
State agencies collect personally identifiable information from individuals in Washington under a wide variety of circumstances. For example, agencies must collect employment information (e.g., telephone numbers, Social Security numbers) from state employees. Also, some agencies collect personally identifiable information from individuals applying for professional or other licenses. Currently, there is no statewide registry for state agency information systems or databases containing personally identifiable information.
The Legislature created the Department of Information Services (DIS) in 1987. The DIS performs duties and responsibilities delegated to it by the Information Services Board. The DIS also performs other statutory duties including providing information services to state agencies and local governments on a cost-recovery basis.
Summary of Bill:
The DIS must create and maintain a registry of information systems or databases maintained by state agencies containing personally identifiable information. "Personally identifiable information" is defined as information that can be associated with a particular individual through one or more identifiers or other information or circumstances. The DIS does not need to include in the registry systems or databases containing personally identifiable information pertaining solely to public officials acting in their official capacities.
The registry must contain, at a minimum, the following information about each system or database in the registry:
Cthe purpose of the system or database;
Cthe type of information included in the system or database;
Cthe number of records involved in the system or database;
Cthe statutory authorization for the system or database;
Cthe methods used to collect or update the information in the system or database;
Cthe retention schedule for the system or database; and
Ca list of other databases that are merged or matched with the system or database.
Appropriation: None.
Fiscal Note: Requested on January 10, 2000.
Effective Date: Ninety days after adjournment of session in which bill is passed.
Testimony For: This bill is about privacy, a subject about which the public is greatly concerned. In order to protect information from public disclosure, citizens need to know what information is out there. This is a simple idea that has been adopted in other states. This bill does not prohibit access or require agencies to change their databases.
(Concerns) There must be a balance between access and privacy with regard to information. Agencies already dispose of personal information when it is no longer needed. Most citizens can already guess what databases contain personal information. This bill weakens privacy by creating a master list of databases and would cost a great deal of money.
Testimony Against: None.
Testified: (In support) Representative Hans Dunshee, prime sponsor; Ralph Munro, Secretary of State; and Jerry Sheehan, American Civil Liberties Union.
(Concerns) Nancy Zussy, State Librarian; Sam Hunt, Department of Information Services; and Sharon Foster, Commercial Information Systems.