(1) All written agreements with entities other than the Internal Revenue Service and "Hosted Workers" that have access to Employment Department information shall stipulate that, no less than once a year, the entity shall conduct an audit of the processes by which the entity implements the agreement(s). The audits shall include, but are not limited to:
- (a) How access to Employment Department information is granted;
- (b) How access to Employment Department information is controlled;
- (c) Why access to Employment Department information is granted, based on OAR 471-010-0105 & ORS 657.665;
- (d) Who is authorized to grant & revoke access to Employment Department information;
- (e) What specific programs within the entity need access to Employment Department information;
- (f) Which specific positions within the programs referenced in OAR 471-010-0125(1)(e) need access to Employment Department information;
- (g) What specific information within the Employment Department information is needed;
- (h) Whether access to Employment Department information is granted to contractors, who the contractor is, and why the contractor is being given access; and
- (i) What "informed consent" if any, the entity uses when gathering information from its customers.
- (2) These audits shall subsequently be submitted to the Employment Department, who shall have final authority to decide compliance with the procedures in OAR 471-010-0125(1).
Statutory/Other Authority
ORS 657.610
Statutes/Other Implemented
ORS 657.665
History
ED 1-2019, amend filed 05/03/2019, effective 05/03/2019
ED 7-2008, f. 5-20-08, cert. ef. 7-1-08
ED 4-2008(Temp), f. & cert. ef. 2-26-08 thru 8-23-08