Ohio.gov  |   State Agencies   |   Online Services
You are here : Business  >  Business Overview
Security and Privacy for Businesses

Many of the following links are to "foreign" web sites, which are not actually part of our site and not under our control. Clicking on any of these links will open the selected item in a new browser tab or window (if your browser allows). 

After visiting the linked item, you can return here at any time by closing the new browser tab or window that was ccreated when you clicked the link. (If your browser settings do not allow us to create a new tab/window, you will have to use the "back arrow" to return here)

Data Breach Notification & Response

Data Breach Notification Laws - The legal requirements for reporting and reacting to data breaches vary by state. This link will take you to the National Conference of State Legislatures, which has links to legislation relevant for each state.

DHS Privacy Incident Handling Guidance - The Department of Homeland Security provides some guidance to help you plan your responses to an incident. This document can assist you in establishing policies and procedures in order to handle a breach in accordance with legal requirements.

Office of Management and Budget Recommendations for Identity Theft Related Data Breach Notification (.pdf) 

Data Disposal Laws - Laws relevant to disposal of any data containing "private" or "sensitive" information. This applies to any paper, electronic, photographic, or other media that contains private data.

Medical Privacy

Health Information Technology for Economic and Clinical Health (HITECH) Act - Rules and regulations regarding the storage, transmission, and dissemination of medical information.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) - Rules and regulations pertaining to protection and handling of private health information, including disclosure requirements for breaches. Establishes standards for Privacy of Individually Identifiable Health Informatio

Health Privacy Project (Georgetown University Center for Democracy and Technology) - Considerations for privacy of health data.

HIPAA Basics: Medical Privacy  (Privacy Rights Clearinghouse) Consumer-oriented considerations for health related privacy issues.

Financial Privacy

Financial Privacy Resources (Privacy Rights Clearinghouse)

Gramm-Leach-Bliley Act Privacy Rule - The Gramm-Leach-Bliley Act requires that financial institutions explain their information-sharing practices to their customers and to safeguard sensitive data.

Paying by Credit Card or Check: What Can Merchants Ask? - Know your rights! There are rules regarding what personal data companies are allowed to collect.

Marketing (Unwanted Communications)

Anti-Phishing Working Group - Industry, law enforcement, and government coalition focused on unifying the global response to cyber crime through development of data resources, data standards and model response systems and protocols for private and public sectors.

CAN-SPAM Act - a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.

Unsolicited Commercial Email Legislation - State Laws Relating to Unsolicited Commercial or Bulk E-mail (SPAM)

Coalition Against Unwanted Commercial E-Mail - CAUCE provides information and resources for defending the interests all users in the areas of privacy and abuse in all its forms on the Internet.

Direct Marketing Association Telephone, Mail & E-Mail Preference Services - opt out of unwanted marketing email

National Do-Not-Call Registry - Add your telephone numbers to the "do not call" list to avoid unwanted marketing cold-calls

Privacy Impact Assessment Information

Department of Homeland Security PIA - Privacy Impact Assessment (PIA) is a decision tool used by DHS to identify and mitigate privacy risks

Basics of the Privacy Impact Assessment (ppt) - (Dept. of the Interior)

Privacy Impact Assessment Handbook (Information Commission Office - UK)

Privacy Impact Assessment Template (Word) - (Dept. of the Interior)

Federal E-Government Act of 2002 - (Office of Management and Budget) Privacy protections when Americans interact with their government

Census Bureau PIA

Security Exchange Commissions PIA & template documents - Evaluate privacy risks and develop mitigation strategies, consistent with requirements of the Privacy Act of 1974, as amended and the E-Government Act of 2002, and other Federal privacy laws, regulations, standards, and guidance.

Veteran's Association PIA Handbook - Procedures for conducting Privacy Impact Assessments (PIA), and implements the policies pertaining to PIAs that are set forth in Department of Veterans Affairs (VA) Directive 6502, VA Enterprise Privacy Program.

Information Sharing and Analysis Centers (ISACs)

Electricity Sector - serves as the primary security communications channel for the electricity sector and enhances the ability of the sector to prepare for and respond to cyber and physical threats, vulnerabilities and incidents.

Emergency Management and Response - support emergency responder health and safety and help fire departments prepare for and respond to fire, natural disasters, non-fire emergencies, and other threats and vulnerabilities.

Financial Services - forum for collaboration on critical security threats facing the global financial services sector

Multi-State - focal point for cyber threat prevention, protection, response and recovery for the nation's state, local, tribal, and territorial (SLTT) governments

Real Estate - Public-private partnership between U.S. real estate industry and the federal government to counter terrorism and protect buildings ant the people who occupy them.

Surface Transportation - Provides an electronic trusted ability for the membership to exchange and share information on cyber, physical, and all threats in order to defend critical infrastructure.

Telecommunications - monitors national and international incidents and events that may impact emergency communications. Incidents include not only acts of terrorism, but also natural events such as tornadoes, floods, hurricanes and earthquakes. In cases of emergency, NCC Watch leads emergency communications response and recovery efforts

Water - Inform drinking water and wastewater utility managers about potential risks to the nation's water infrastructure from contamination, terrorism and cyber threats and provide information to help utilities respond to and recover from all hazards.

National Council of ISACs - Members of the National Council of ISACs

Privacy and Security Basics

Data Classification Guidance (Educause)

Privacy Manager's Resource Center (Better Business Bureau)

Protecting Personal Information: A Guide for Business (FTC)

Fair Information Practice Principles (FTC)

Privacy Statement Generator- (OECD) - online educational tool to provide guidance on conducting an internal review of existing personal data practices and on developing a privacy policy statement.

Privacy & Personal Information Basics (Proctor & Gamble)

Privacy Impact Assessment Handbook (Information Commission Office - UK)

Data Protection Technical Guidance: Determining what is personal data (ICO - UK)

Key Components of Information Security (secureflorida.org)