The term breach has different legal definitions based on state law. There are states that have breach notification laws and Ohio is one of them. The Ohio Revised Code (ORC) 13449.19 “Private Disclosure of Security Breach of Computerized Personal Information Data” defines what a breach is, and what must be done in Ohio if a breach occurs. It is important to understand that if you are doing business in other states, you must understand each state’s laws and comply with them. It gets even trickier if you have information for individuals in foreign countries.
From the ORC: “Breach of the security of the system” means unauthorized access to and acquisition of computerized data that compromises the security or confidentiality of personal information owned or licensed by a person and that causes, reasonably is believed to have caused, or reasonably is believed will cause a material risk of identity theft or other fraud to the person or property of a resident of this state. It is interesting to note that it specifies computerized data and does not include paper records.
Other things that need to be clearly understood are industry or regulatory requirements that you must meet. If you are in the medical industry, you need to be compliant with HIPAA, banking (GLBA), Finance (FINRA), Energy or Power Generation (NERC) and the list goes on.
If you are concerned about your security posture and want to avoid an incident, or breach contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
