(1) The definitions set forth in RCW 42.56.010 and WAC 192-02-020 apply to this chapter unless the context clearly indicates otherwise.

(2) An employer's "own records" as used in RCW 50A.25.040 means records and information provided to the department by the employer or the employer's predecessor in interest.

(1) The department will manage records requests as outlined in chapter 192-02 WAC.

(2) If an individual requests records or information concerning that individual held by the department under RCW 50A.25.040, those records must be released only to the requesting individual.

(3) If an individual submits a records request and asks that the requested records be sent to a third party directly, the individual must follow the provisions of RCW 50A.25.040.

(1) If misuse or an unauthorized disclosure of records or information deemed private and confidential under chapter 50A.25 RCW occurs, each party involved in the data-sharing that is aware of the misuse or unauthorized disclosure must inform the department within two business days of the discovery of the data security breach.

(2) In addition to informing the department of the misuse or unauthorized disclosure, the party responsible for the disclosure must take all reasonably available actions to rectify the disclosure to the department's standards. In most cases, these actions will include, at a minimum:

(a) Ceasing any continued release;

(b) Informing all individual whose data may have been released improperly of the situation; and

(c) Providing identity protection mechanisms at no charge to the individuals whose data may have been released.