Skip to main content

The Office of the Ohio Consumers' Counsel believes all information on this site to be accurate, and we strive to correct errors and keep our information up-to-date. Please notify our webmaster if you believe any information to be incorrect or out-of-date. However, we disclaim liability for any errors or omissions, and we will not be held responsible for any direct, indirect, or consequential damages resulting from anyone's reliance on or use of the information or files on the OCC site.

Links to other sites are provided as a convenience only; linking to an external site does not represent official OCC endorsement. We cannot control the content found on other sites, and we are not responsible for any consequences of visiting such linked sites. However, should you discover inappropriate, offensive, or misleading materials on a site we have linked to, we would appreciate it if you would contact our webmaster so that we may take appropriate action.

The OCC reserves the right to modify the design, structure, or content of this site at any time without prior notice.

Privacy Policy

We at the Office of the Ohio Consumers' Counsel are committed to protecting the privacy of consumers. All web servers, including the one that hosts the OCC website, will log:

  • the date and time you access our site,
  • the network address (IP number) of the computer system you use to access this site, and
  • the address of the site that you came to the OCC's site from.

We gather this information to determine how many people use our site, what pages are used most, and to help us determine how we can make our pages more useful. Our policy is that we do not attempt to identify specific individuals who use this site; however, we reserve the right to use any information at our disposal to identify any individual who attempts to "crack" or vandalize our website.

This site uses "cookies" to a very limited extent; our server will issue a cookie when you submit some of the feedback forms found on this site. This cookie does not persist, and it neither gathers nor transmits any significant information. It does not act as a tracking device. If you elect to set your browser to reject cookies, the feedback forms should still work properly (please contact the webmaster if they do not).

If you send us an e-mail or submit information through one of our online forms, we will record and retain your identity and information in an effort to contact you and follow up on your question. Your information may be shared with OCC staff members. Please be aware that although we strive to keep submitted information private, your correspondence may be subject to disclosure to third parties as required by federal and state laws.

If you have any questions about our privacy policy, or about this site in general, please contact the webmaster.

Copyright Notice

All text, images, and files on this site are the intellectual property of the Office of the Ohio Consumers' Counsel (OCC), unless otherwise noted, and are therefore protected by copyright laws. You may not copy, repost, or redistribute the information, images, or files found on this site without prior written permission from the OCC, except as noted:

  • People may download or save the material on this site for their personal noncommercial use.
  • Newspapers and other news publications and sites may reprint any individual press releases that appear in the News section of this site as long as proper attribution is made to the OCC.
  • Subscribers to the OCC-Information e-mail list may freely forward the content of our e-mails to others, provided they send them with original e-mail headers and subscription information intact.

We at the OCC want the information on our site to be as freely available to the public as possible while protecting our copyright. In general, we will allow noncommercial sites and publications to reprint materials found on this site, provided that they notify us in advance and obtain our written permission.

To obtain reprinting or reposting permission, please contact OCC, by phone at 1-877-742-5622, email at occ@occ.ohio.gov or by mail at 65 East State Street, Suite 700, Columbus, Ohio 43215-4213. If we grant permission to use content from our site, you must clearly note that the materials were obtained from the OCC and provide a link to the site (or, in the case of hard copy publications, our toll-free number and our URL).


Policy on Confidential Personal Information (CPI)

Purpose

The following document outlines the OCC policy for proper access of confidential personal information in accordance with section 1347.15 of the Revised Code for the Online Service Tracking System (OLSTS), the database used by the Public Affairs and Analytical Departments and others and Worldox Document Management Systems, and any other system created in addition to or to supersede, operated and maintained by the Ohio Consumers’ Counsel (OCC). This policy is in accordance with the Ohio Consumers’ Counsel Policy on Accessing Confidential Personal Information (CPI).

Definitions

For the purposes of administrative rules promulgated in accordance with section 1347.15 of the Revised Code, the following definitions apply:

(A)    “Access” as a noun means an instance of copying, viewing, or otherwise perceiving whereas “access” as a verb means to copy, view, or otherwise perceive.

(B)    “Acquisition of a new computer system” means the purchase of a “computer system,” as defined in this rule, that is not a computer system currently in place nor one for which the acquisition process has been initiated as of the effective date of the agency rule addressing requirements in section
1347.15 of the Revised Code.

(C)    “Computer system” means a "system," as defined by section 1347.01 of the Revised Code, that stores, maintains, or retrieves personal information using electronic data processing equipment.

(D)    “Confidential personal information” (CPI) has the meaning as defined by division (A) (1) of section 1347.15 of the Revised Code and identified by rules promulgated by the agency in accordance with division (B) (3) of section 1347.15 of the Revised Code that reference the federal or state statutes or administrative rules that make personal information maintained by the agency confidential.

(E)    “Employee of the state agency” means each employee of a state agency regardless of whether he/she holds an elected or appointed office or position within the state agency. “Employee of the state agency” is limited to the specific employing state agency.

(F)    “Incidental contact” means contact with the information that is secondary or tangential to the primary purpose of the activity that resulted in the contact.

(G)    “Individual” means a natural person or the natural person’s authorized representative, legal counsel, legal custodian, or legal guardian.

(H)    “Information owner” means the individual appointed in accordance with division (A) of section
1347.05 of the Revised Code to be directly responsible for a system.

(I)    “Person” means a natural person.

(J)    “Personal information” has the same meaning as defined in division (E) of section 1347.01 of the Revised Code.

(K)    “Personal information system” means a “system” that “maintains” “personal information” as those terms are defined in section 1347.01 of the Revised Code. “System” includes manual and computer systems.

(L)    “Research” means a methodical investigation into a subject.

(M)    “Routine” means commonplace, regular, habitual, or ordinary.

(N)    “Routine information that is maintained for the purpose of internal office administration, the use of which would not adversely affect a person” as that phrase is used in division (F) of section 1347.01 of the Revised Code means personal information relating to employees and maintained by the agency for internal administrative and human resource purposes.

(O)    “System” has the same meaning as defined by division (F) of section 1347.01 of the Revised Code.

(P)    "Upgrade" means a substantial redesign of an existing computer system for the purpose of providing a substantial amount of new application functionality, or application modifications that would involve substantial administrative or fiscal resources to implement, but would not include maintenance, minor updates and patches, or modifications that entail a limited addition of functionality due to changes in business or legal requirements.

Valid Reasons to access CPI

In accordance with ORC 1347, performing the following functions constitutes valid reasons for authorized employees of the agency to access confidential personal information:

  • Responding to a public records request;
  • Responding to a request from an individual for the list of CPI the agency maintains on that individual;
  • Administering a constitutional provision or duty;
  • Administering a statutory provision or duty;
  • Administering an administrative rule provision or duty;
  • Complying with any state or federal program requirements;
  • Processing or payment of claims or otherwise administering a program with individual participants or beneficiaries;
  • Auditing purposes;
  • Licensure [or permit, eligibility, filing, etc.] processes;
  • Investigation or law enforcement purposes;
  • Administrative hearings;
  • Litigation, complying with an order of the court, or subpoena;
  • Human resource matters (e.g., hiring, promotion, demotion, discharge, salary/compensation issues, leave requests/issues, time card approvals/issues);
  • Complying with an executive order or policy;
  • Complying with an agency policy or a state administrative policy issued by the department of administrative services, the office of budget and management or other similar state agency; or
  • Complying with a collective bargaining agreement provision.

To the extent that the general processes described above do not cover the following circumstances, for the purpose of carrying out specific duties of the Ohio Consumers’

Counsel, authorized employees would also have valid reasons for accessing CPI in these following circumstances:

  1. Operations Department employees, the Consumers’ Counsel, Deputy Consumers’ Counsel, and the Operations Director may review CPI of individuals who are subject to investigation for alleged misconduct that may result in discipline or counseling. Such persons authorized to review may also review CPI of individuals who are not the subject of an investigation, but who otherwise may be witnesses or have information related to the investigation.
  2. Authorized employees of the agency, which includes the Consumers’ Counsel, the Deputy Consumers’ Counsel, Operations Director and other authorized managers may review CPI of consumers for the purpose of developing trends (documenting certain complaints), or gathering information to be used in legal matters/testimony as that information may apply to the representation of residential utility consumers in Ohio.

Individual’s Request for Confidential Personal Information

Upon the signed written request of any individual for a list of confidential personal information about the individual maintained by the agency, the agency shall do all of the following:

  • Verify the identity of the individual by a method that provides safeguards commensurate with the risk associated with the confidential personal information;
  • Provide to the individual the list of confidential personal information that does not relate to an investigation about the individual or is otherwise not excluded from the scope of Chapter 1347. of the Revised Code; and
  • If all information relates to an investigation about that individual, inform the individual that the agency has no confidential personal information about the individual that is responsive to the individual’s request.

Invalid Access

In the event of an invalid access, the Operations Director shall be made immediately aware of the specifics of the invalid access including all information compromised, dates and method of access, and responsible person(s) accessing the information. The Operations Director will notify all affected parties of the compromise of CPI as soon as possible without compromising any investigation as detailed in the Ohio Consumers’ Counsel Policy on Accessing Confidential Personal Information (CPI).

System Requirements

All access to systems containing CPI will require the use of a password. This includes systems other than those unique to OCC, such as OAKS and any other systems maintained by DAS or OBM. The Network Administrator will issue and maintain password access. Authorization for passwords may be granted by the Consumers’ Counsel, Deputy Consumers’ Counsel, and the Operations Director and other authorized managers.  In the event of termination, these passwords and all access will be immediately revoked.

 

Logging

Access to CPI will be logged and include the following information at a minimum. The date and time of access, identification of the accessing party and identification of the CPI accessed. This information will be retained in accordance with the retention policy of the agency. This log will be electronic in nature and maintained by the Network Engineer and/or Network Administrator.