Law: Please note this State does not have a general privacy law in effect, you can visit USA State Law Tracker to monitor the progress of US State bills.
Regulator: The Ohio Attorney General ('AG')
Summary: Although the State of Ohio has neither a general privacy act nor a constitutional right to privacy, such right is provided for by Ohio case law, which refers to the right of a person to be let alone, to be free from unwarranted publicity and to live without unwarranted interference by the public in matters with which the public is not necessarily concerned. In addition, various sector-specific statutory rules provide for protections regarding health, financial, and employment data. A requirement to notify data breaches is also provided under §1349.19 of Title 13 of the Ohio Uniform Commercial Code of the Ohio Revised Code, which provides that notification must be made to Ohio residents whose personal information was, or is reasonably believed to have been, accessed and acquired by an unauthorised person, if the access and acquisition causes or is reasonably believed will cause, a material risk of identity theft or other fraud to the resident. The AG investigates breaches and initiates civil action where a business has allegedly failed to comply with such requirement.