Ask Reggi Your Question Now
Can you summarize OHRC Section 1349.19?
Consumer Protection > Private disclosure of security breach of computerized personal information data.
Short Summary
This legal document governs the private disclosure of security breaches involving computerized personal information data. It applies to any person who owns or licenses computerized data containing personal information, as well as any person who is the custodian or stores such data. The document exempts financial institutions, trust companies, credit unions, and their affiliates that are required by federal law to notify customers of information security breaches, as well as covered entities as defined in 45 C.F.R. 160.103. The document does not specify penalties for non-compliance. Its purpose is to ensure that individuals whose personal information has been accessed and acquired by unauthorized persons are promptly notified, thereby mitigating the risk of identity theft or other fraud.
Whom does it apply to?
Any person that owns or licenses computerized data that includes personal information, and any person that is the custodian of or stores computerized data that includes personal information
What does it govern?
Private disclosure of security breach of computerized personal information data
What are exemptions?
Financial institutions, trust companies, credit unions, and their affiliates that are required by federal law to notify customers of an information security breach, and covered entities as defined in 45 C.F.R. 160.103
What are the Penalties?
Not specified
Jurisdiction
Ohio