Protecting consumer data is important—but the United States federal government does not have a nationwide federal data privacy protection law in place. States are free to create their own privacy protection laws. Ohio is one of the latest states to attempt passage of its own law. The Ohio Personal Privacy Act (OPPA) was introduced into the state legislature in July 2021. If passed, entities doing business in Ohio could be subject to the new rules—and will benefit from an Ohio privacy policy generator that ensures their documents are created in compliance with state law.
Keeping up with myriad state and federal data privacy laws can be overwhelming and expensive. Fortunately, an Ohio privacy policy generator helps cut down on the cost and effort it takes to stay in compliance.
SixFifty has created state-specific privacy tools to generate a privacy policy for Ohio. Read on to learn more about the Ohio Personal Privacy Act and how our tools will make it easy to stay compliant.
Who will be affected by Ohio data privacy laws?
If the OPPA is signed into law, it will apply to businesses that conduct business in Ohio or produce products and services targeted to Ohio residents, and that:
- Have an annual gross revenue in Ohio exceeding $25 million;
- Control or process the personal data of 100,000 or more residents during a calendar year; or
- Derive over 50 percent of their gross revenue from the sale of personal data, and process or control the personal data of 25,000 or more Ohio residents during a calendar year.
OPPA would not apply to government agencies, business-to-business (B2B) transactions, higher education institutions, financial institutions governed by the federal Graham-Leach-Bliley Act, or a covered entity or business associate governed by HIPAA.
What’s the difference between privacy policies and privacy notices?
You might wonder why you need two separate documents. They both serve different purposes. A privacy notice is a public document that you post for consumers to see. It outlines your personal information gathering practices, and tells consumers what you do with their data. A privacy policy is an internal document that your employees follow. It tells them how they should handle consumers’ personal information.
Ohio privacy laws
OPPA offers the following consumer protections:
- Right to know: Consumers have the right to know what kind of personal data a business is collecting about them, as well as their data security and privacy practices.
- Right to access: Consumers have the right to access their personal data, including where the business is selling data to third parties.
- Right to deletion: A consumer may also request that a business delete the personal data collected for commercial purposes. There are certain exemptions if the data is necessary to retain.
- Right to opt out: Consumers can opt out of the sale of their personal data.
- Right to non-discrimination: Consumers cannot be targeted for exercising their rights under the OPPA.
The OPPA does not offer a private right of action, including class actions. The Ohio attorney general retains the exclusive right to investigation and enforces the act’s provisions. Businesses have a 30-day opportunity to cure any violations before they can be held liable. However, affected residents may be awarded between $100 and $750 per violation—and the award can be tripled if the violation was willfully or knowingly committed.
There’s also a safe harbor provision. Businesses who adopt a privacy policy which reasonably follows the National Institute of Standards and Technology Privacy Framework has an affirmative defense against liability.
Is there an Ohio privacy policy template?
A one-size-fits-all Ohio privacy policy template might sound convenient, but they rarely address every applicable state law and scenario. SixFifty has developed an OH website privacy policy generator, so you can stay on top of data privacy compliance. Rather than have your legal team draft the documents and monitor changes to the law, or rack up billable hours with outside counsel, our tools do the hard work for you.
You can quickly create custom Ohio privacy notices and privacy policies with our privacy tools. We’ll also monitor changes to the law for you: you’ll receive notifications whenever there’s been an update. As soon as the law changes, we update our tools and let you know it’s time to regenerate your privacy documents.
Our software pairs technology with legal expertise to quickly and easily deliver compliant Ohio privacy policies and notices. Simply answer a series of questions, download the generated documents, and have your lawyer review. It’s the easiest way to stay compliant, save time, and keep legal costs low.
Generate a privacy policy for Ohio with SixFifty
If your company does business in Ohio and qualifies under OPPA’s thresholds, you’ll be affected if it’s signed into law. You need a compliant, state-specific privacy policy and notice. Let SixFifty do the heavy lifting for you with our Ohio privacy policy generator. Reach out today to schedule a demo, or learn more about our privacy tools!