Law: Please note this State does not have a general privacy law in effect, you can visit USA State Law Tracker to monitor the progress of US State bills.

Regulator: The Ohio Attorney General ('AG')

Summary:

Ohio does not currently have a general privacy act or provisions for a constitutional right to privacy. However, on November 29, 2023, House Bill No. 345 to enact the Ohio Personal Privacy Act was introduced to the Ohio House of Representatives. Subsequently, on December 6, 2023, the bill was referred to the Government Oversight Committee for further consideration. The proposed legislation outlines both controller and processor obligations, delineates consumer rights, including protections against the sale of their personal data, and defines exemptions from the bill's provisions. The bill has not yet been enacted.

Pending the enactment of the bill, Ohio residents are relying on privacy rights established by Ohio case law, emphasizing an individual's entitlement to be left alone, free from unwarranted publicity, and to live without undue interference by the public in matters not necessarily of public concern. Additionally, sector-specific statutory regulations offer protections concerning health, financial, and employment data.

Furthermore, Ohio has a data breach notification requirement under §1349.19 of Title 13 of the Ohio Uniform Commercial Code within the Ohio Revised Code (Ohio Revised Code). This provision requires that Ohio residents be notified if their personal information has been accessed and acquired by an unauthorized person, causing or reasonably believed to cause a material risk of identity theft or other fraud. The Ohio Attorney General (AG) is responsible for investigating breaches and initiating civil action against businesses alleged to have failed in complying with this notification requirement.

You can follow legislative developments in the US through the USA State Law Tracker.