The Information Privacy and Security Council (IPSC), administratively attached to the Department of Accounting and General Services, was established by Act 10, SSLH 2008, as codified into law under HRS §487N-5, to develop guidelines to be considered by government agencies in deciding whether, how, and when a government agency shall inform affected individuals of the loss, disclosure, or security breach of personal information that can contribute to identify theft. The guidelines provide a standardized, risk-based notification process in the instance of a security breach.
The IPSC also reviews the Personal Information (PI) System Annual Reports submitted by state and county government agencies, pursuant to HRS §487N-7, and submits an annual summary report to the Legislature with the IPSC’s findings, significant trends, and recommendations to protect personal information used by government agencies.
State and county agencies’ PI System Annual Reports are due to the IPSC by Sept. 30 each year.