Why This Privacy Law is Important:
The Ohio Personal Privacy Act generally resembles the privacy laws enacted in California, Virginia, and Colorado, but it more closely aligns with the Virginia CDPA in regards to structure, approach, and language. The Ohio Privacy Act also contains a notable deviation from privacy laws enacted in other states: Businesses can utilize an affirmative defense from an enforcement action by the Ohio Attorney General or a lawsuit filed by a consumer if the business creates, maintains, and complies with a written privacy program that reasonably conforms to the National Institute of Standards and Technology privacy framework.
Overview:
On July 13, 2021, Ohio Lieutenant Governor John Husted announced the introduction of the Ohio Personal Privacy Act (OPPA), a comprehensive privacy framework following in the footsteps of recent legislative enactments in California (the CCPA as modified by the CPRA), Virginia (the CDPA), and Colorado (the Colorado Privacy Act).
Who It Applies To:
The OPPA applies to organizations that conduct business in Ohio, or produce products or services targeted to consumers in Ohio, and either:
- Has annual gross revenues generated in Ohio that exceed $25 million;
- During a calendar year, the business controls or processes personal data of 100,000 or more Ohio consumers;
- During a calendar year, the business derives over 50 percent of its gross revenue from the sale of personal data and processes or controls personal data of 25,000 or more Ohio consumers.
Download the Privacy Alert to the right to get the full text and expert analysis!
Download the Resource