OAR 291-035-0025
Use of Data

(1) The department prohibits unauthorized use or sharing of personal identifiers and information in any way that materially compromises the security, confidentiality, or integrity, of personal information. Subject to the Public Information disclosure requirements, the approved ERP shall treat any data received from DOC as private and privileged, and will not divulge in any form to any person, firm corporation or entity except on the direct written authorization of DOC.
(2) Approved ERPs are responsible for complying with statutory requirements regarding information security in accordance with ORS 276A.300 (Information systems security in executive department), ORS 646A.600 (Short title), and DOC Information Security policies 60.1.4, 60.1.5 and 60.1.6.
(3) Data collected may only be used for the purpose outlined in the proposal approved by the Research Committee. Additional use of the data including but not limited to other analyses, reporting, and dissemination must be preapproved by the Research Committee.
(4) While the department does not prohibit the approved ERP from distributing accurate data, the department may require the inclusion of a disclaimer if the department is not in agreement with the approved ERP’s assumptions regarding the data or conclusions drawn.
Last Updated

Jun. 8, 2021

Rule 291-035-0025’s source at or​.us