Most states have enacted legislation that provides specific notification requirements related to security breaches involving personal information. However, it is important to note that not every incident triggers notification requirements. If you determine that information has been compromised, you need to be prepared with an action plan to minimize damages and your exposure to legal actions.

The United States does not have a comprehensive federal breach notification system or set of requirements. In general, legal requirements flow from certain federal regulations and several varying state regulations. Due to this structure and the dynamic nature of information and the internet, your notification systems and processes need to be able to meet the requirements of state regulations that may be stricter than the state in which you are located, and should account for the requirements of certain states that conflict with other regulatory obligations. Whether you operate locally, regionally, nationally, or globally, your data breach plan and notification mechanisms need to be designed to enable you to comply with your varying legal and contractual obligations.

Understanding your organization’s legal and contractual obligations is the first step toward preparing actionable checklists and other tools that will provide your team meaningful guidance, in the event an incident occurs.

In Ohio, the law regulating the disclosure of a security breach of personal information is codified in Ohio Revised Code 1349.19. 

General Data Protection Regulation (GDPR)

The EU has new laws regarding data protection. 

Learn About the GDPR

How Safe Is Your Data?

David Wilson presented to Columbus’s Capital Crossroads SID’s Information Security + Big Data Forum on the obligations companies have concerning data.

Learn More About David's Presentation

Privacy, Security + Risk Panel Discussion

David Wilson joined a panel of privacy industry experts to talk about a company’s legal and contractual obligations concerning data privacy and security.

View the Presentation