Unless otherwise explicitly authorized in statute, or with prior written authorization from the department, recipients must:
(1) Only allow protected personal information to be transmitted, accessed, viewed, stored, or processed within the United States.
(2) Maintain the primary, backup, disaster recovery, and other sites for storage of protected personal information within the United States.
[Statutory Authority: RCW
46.01.110. WSR 23-19-010, § 308-10A-802, filed 9/7/23, effective 10/8/23.]