House Bill: 104
Ohio Revenue Code Annotated: § 1349.19
Effective Date: February 17, 2006
Definition of Personal Information: An individual’s name, consisting of the individual’s first name or first initial and last name, in combination with and linked to any one or more of the following data elements, when the data elements are not encrypted, redacted, or altered by any method or technology technology in such a manner that the data elements are unreadable:
(a) Social security number;
(b) Driver’s license number or state identification card number; or
(c) Account number or credit or debit card number, in combination with and linked to any required security code, access code, or password that would permit access to an individual’s financial account.
Summary: Any person that conducts business in this state, and that owns or licenses computerized data that includes personal information, shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of the state whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement or any measures necessary to determine the scope of the breach and to restore the integrity of the data system.
Visit the state Web site