How would Ohio’s Personal Privacy Act benefit you?

Woman with smartphone sitting

What privacy rights do Ohioans have related to the personal data businesses hold about them?  A new proposed Ohio law - Ohio’s Personal Privacy Act (OPPA) - intends to answer that question.  

The State of Ohio is taking exciting steps to require certain businesses to uphold consumer privacy rights and protect consumer privacy.  InnovateOhio led a working group to draft Ohio’s first privacy law. As the Ohio State University’s chief privacy officer, I played a key role in drafting the bill that will be introduced to the Ohio legislature later this month. 

The proposed law applies to companies that meet certain requirements such as having $25 million in gross revenue and handling personal data of 100,000 or more consumers.  The law describes a consumer’s privacy rights related to the personal data companies hold about them such as the right to: (1) access their own data; (2) correct inaccurate personal data; (3) delete personal data; (3) opt-out of the sale of their personal data; and (4) the right to complain to the Ohio Attorney General’s office. 

While there is no private right of action in the proposed law, the Ohio Attorney General has the authority to enforce the law.  Companies may use their compliance efforts to defend against enforcement actions if they take steps to reasonably comply with the National Institute of Standards and Technology’s Privacy Framework (NIST-P). 

The Ohio State Privacy Program is focused on developing a privacy program that follows privacy principles that you will find in the Ohio law and NIST-P.  To learn more about Ohio State’s privacy principles or Ohio State’s Privacy Program visit