Who will be affected by Ohio data privacy laws?
If the OPPA is signed into law, it will apply to businesses that conduct business in Ohio or produce products and services targeted to Ohio residents, and that:
- Have an annual gross revenue in Ohio exceeding $25 million;
- Control or process the personal data of 100,000 or more residents during a calendar year; or
- Derive over 50 percent of their gross revenue from the sale of personal data, and process or control the personal data of 25,000 or more Ohio residents during a calendar year.
OPPA would not apply to government agencies, business-to-business (B2B) transactions, higher education institutions, financial institutions governed by the federal Graham-Leach-Bliley Act, or a covered entity or business associate governed by HIPAA.
What’s the difference between privacy policies and privacy notices?
Ohio privacy laws
OPPA offers the following consumer protections:
- Right to know: Consumers have the right to know what kind of personal data a business is collecting about them, as well as their data security and privacy practices.
- Right to access: Consumers have the right to access their personal data, including where the business is selling data to third parties.
- Right to deletion: A consumer may also request that a business delete the personal data collected for commercial purposes. There are certain exemptions if the data is necessary to retain.
- Right to opt out: Consumers can opt out of the sale of their personal data.
- Right to non-discrimination: Consumers cannot be targeted for exercising their rights under the OPPA.
The OPPA does not offer a private right of action, including class actions. The Ohio attorney general retains the exclusive right to investigation and enforces the act’s provisions. Businesses have a 30-day opportunity to cure any violations before they can be held liable. However, affected residents may be awarded between $100 and $750 per violation—and the award can be tripled if the violation was willfully or knowingly committed.
You can quickly create custom Ohio privacy notices and privacy policies with our privacy tools. We’ll also monitor changes to the law for you: you’ll receive notifications whenever there’s been an update. As soon as the law changes, we update our tools and let you know it’s time to regenerate your privacy documents.
Our software pairs technology with legal expertise to quickly and easily deliver compliant Ohio privacy policies and notices. Simply answer a series of questions, download the generated documents, and have your lawyer review. It’s the easiest way to stay compliant, save time, and keep legal costs low.