Wash. Admin. Code § 308-10A-100 - Definitions

For the purposes of RCW 46.22.010, the following definitions apply:

(1) "Access period" is a duration of time under the term of this agreement when recipient is granted access and use of protected personal information.

(2) "Agent" means a representative, or representatives, of a requestor that is under contract with the recipient or subrecipient to request driving or vehicle records on the requestor's behalf. "Agent" includes insurance pools established under RCW 48.62.031 of which the authorized recipient is a member.

(3) "Attorney," for the purposes of RCW 46.12.630 and 46.12.635, means an attorney functioning in a legal capacity when obtaining or using vehicle or vessel owner information from a recipient or subrecipient.

(4) "Authorized legal representative" means someone legally authorized under federal or state law to make decisions for the individual. An authorized legal representative is someone who:

(a) Can provide documentation that they have power of attorney; legal guardianship or conservatorship for the individual; executor, etc.; or

(b) Is a custodial parent of an individual who is under the age of 18.

(5) "Authorized use" means a permissible use granted to a recipient in a fully executed data sharing agreement with the department.

(6) "Bona fide research organization" means an entity, such as a university, that conducts noncommercial research using established scientific methods. There must be an intention to publish the research findings for wider scientific and public benefit, without restrictions or delay. Bona fide research organizations do not use protected personal information for commercial purposes.

(7) "Course of business" or other similar term means activities that are performed within the ordinary and necessary operations of the business and that pertain to the use of protected personal information as authorized by the recipient's data sharing agreement with the department.

(8) "Customers" means those entities that the recipient is providing services to using protected personal information but is not receiving protected personal information from the recipient. "Customers" does not include those entities receiving statistical reports that do not include protected personal information.

(9) "Data" means digital information contained in the department's electronic systems that may be disclosed to a recipient under state or federal law.

(10) "Data sharing agreement" means the written agreement between the department and recipient, or the recipient and subrecipient, that defines the terms and conditions which must be followed in order for the recipient or subrecipient to receive data originating from the department.

(11) "Governmental entity" means a federal agency, a state agency, board, commission, unit of local government, or quasi-governmental entity.

(12) "Independent third party" means any entity other than a member of the recipient or any of its stockholders, or any entity controlled by or under common control with any of the stockholders or the company group.

(13) "Individual registered or legal vehicle or vessel owner" or "individual vehicle or vessel owner" means a single vehicle or vessel owner, for the purposes of RCW 46.12.630.

(14) "List" means multiple records containing protected personal information, regardless of the method recipient uses to request or obtain records.

(15) "Misuse" means the access, disclosure, or use of protected personal information without the express, written authorization from the department in a data sharing agreement. "Misuse" also includes a violation of any privacy and security requirement outlined in a data sharing agreement.

(16) "Offshoring" means the electronic or hard copy transmission, accessing, viewing, capturing images, storage, or processing of protected personal information outside the United States.

(17) "Permissible use" means authorized or required uses as outlined in federal or state law.

(18) "Private investigator," for the purposes of RCW 46.12.630 and 46.12.635, has the same meaning as RCW 18.165.010(11), or as licensed by other authority.

(19) "Protected personal information" means collectively personal information and identity information originating from the department, as defined by RCW 46.04.209, 19.255.005, 42.56.590, and 18 U.S.C. Sec. 2725(3)-(4).

(20) "Recipient" means an entity with a permissible use who is directly receiving data from the department through a data sharing agreement.

(21) "Requestor" means an entity with an authorized permissible use to receive protected personal information from the department. A requestor may be an agent, subrecipient, or a recipient.

(22) "Regulatory bodies," for the purposes of RCW 46.52.130, means a body established by federal or state law and is responsible for regulating compliance with adopted rules or laws.

(23) "Statement of compliance" means an annual statement signed by an executive of an organization.

(24) "Subrecipient" means any entity outside a recipient's immediate organization that receives or has access to protected personal information including, but not limited to, subsidiaries, subcontractors, requestors, or agents.

Notes

Wash. Admin. Code § 308-10A-100

Adopted by WSR 23-19-010, Filed 9/7/2023, effective 10/8/2023