OHIO ENACTS LAW TO REQUIRE NOTICE OF SECURITY BREACHES

In reaction to well publicized breaches of customer financial information, Ohio has enacted a law that requires government agencies or any person, including a business entity that does business in Ohio, to contact individuals residing in Ohio if unencrypted or unredacted personal information about those individuals that is included in computerized data is accessed and acquired by unauthorized persons and results in or reasonably is believed will create a material risk of identity fraud or other fraud to the individual. The law takes effect February 17, 2006 and will be enforced by the Ohio Attorney General. In enacting this law Ohio joins Arkansas, California, Connecticut, Delaware, Florida, Georgia, Illinois, Louisiana, Maine, Minnesota, Montana, New York, New Jersey, Nevada, North Carolina, North Dakota, Rhode Island, Tennessee, Texas and Washington, all of which have enacted similar legislation. These laws are contained in the Firm’s Marketing and Privacy Digest.

Darrell Dreher and Elizabeth Anstaett