Support Centre



Law: Please note this State does not have a general privacy law in effect, you can visit USA State Law Tracker to monitor the progress of US State bills.

Regulator: The Ohio Attorney General ('AG')

Summary: Although the State of Ohio has neither a general privacy act nor a constitutional right to privacy, such right is provided for by Ohio case law, which refers to the right of a person to be let alone, to be free from unwarranted publicity and to live without unwarranted interference by the public in matters with which the public is not necessarily concerned. In addition, various sector-specific statutory rules provide for protections regarding  health, financial, and employment data. A requirement to notify data breaches is also provided under §1349.19 of Title 13 of the Ohio Uniform Commercial Code of the Ohio Revised Code, which provides that notification must be made to Ohio residents whose personal information was, or is reasonably believed to have been, accessed and acquired by an unauthorised person, if the access and acquisition causes or is reasonably believed will cause, a material risk of identity theft or other fraud to the resident. The AG investigates breaches and initiates civil action where a business has allegedly failed to comply with such requirement.


House Bill ('HB') 376 to enact Sections 1355.01, 1355.02, 1355.03, 1355.04, 1355.05, 1355.06, 1355.07, 1355.08, and 1355.09 of the Ohio Revised Code to enact the Ohio Personal Privacy Act was introduced to the Ohio House of Representatives, on 12 July 2021, by Representatives Rick Carfagna and Thomas Hall. If enacted the Ohio Personal Privacy Act would introduce sweeping changes to the current limited Ohio privacy legislation landscape and join states including California, Virginia, and recently Colorado in passing comprehensive data privacy state legislation.