[§487N-7]  Personal information system;
government agencies; annual report.  (a)  Effective January 1, 2009, any
government agency that maintains one or more personal information systems shall
submit to the council an annual report on the existence and character of each
personal information system added or eliminated since the agency's previous
annual report.  The annual report shall be submitted no later than September 30
of each year.



(b)  The annual report shall include:



(1)  The name or descriptive title of the personal
information system and its location;



(2)  The nature and purpose of the personal
information system and the statutory or administrative authority for its
establishment;



(3)  The categories of individuals on whom personal
information is maintained, including:



(A)  The approximate number of all individuals
on whom personal information is maintained; and



(B)  The categories of personal information
generally maintained in the system, including identification of records that
are:



(i)  Stored in computer accessible records; or



(ii)  Maintained manually;



(4)  All confidentiality requirements relating to:



(A)  Personal information systems or parts
thereof that are confidential pursuant to statute, rule, or contractual
obligation; and



(B)  Personal information systems maintained on
an unrestricted basis;



(5)  Detailed justification of the need for statutory
or regulatory authority to maintain any personal information system or part
thereof on a confidential basis for all personal information systems or parts
thereof that are required by law or rule;



(6)  The categories of sources of personal
information;



(7)  The agency's policies and practices regarding
personal information storage, duration of retention of information, and
elimination of information from the system;



(8)  The uses made by the agency of personal
information contained in any personal information system;



(9)  The identity of agency personnel, by job
classification, and other agencies, persons, or categories to whom
disclosures of personal information are made or to whom access to the personal
information system may be granted, including the purposes of access and any
restrictions on disclosure, access, and redisclosure;



(10)  A list identifying all forms used by the agency
in the collection of personal information; and



(11)  The name, title, business address, and telephone
number of the individual immediately responsible for complying with this
section.



(c)  For purposes of this section:



"Personal information system" means
any manual or automated recordkeeping process that contains personal
information and the name, personal number, or other identifying particulars of
a data subject.



(d)  Notwithstanding any other law to the
contrary, this report shall be confidential and not disclosed publicly in any
form or forum. [L Sp 2008, c 10, pt of §4]