May 26, 2022

Volume XII, Number 146

Advertisement
Advertisement

May 26, 2022

Subscribe to Latest Legal News and Analysis

May 25, 2022

Subscribe to Latest Legal News and Analysis

May 24, 2022

Subscribe to Latest Legal News and Analysis

Breaking: Future of Ohio Privacy Bill Uncertain as Rep. Carfagna Resigns for Position with Ohio Chamber of Commerce

Today the sponsor of an Ohio privacy bill announced he was resigning to pursue a position with the Ohio Chamber of Commerce—an unexpected development.  Recall that the Ohio Personal Privacy Act (the “OPPA”) was introduced in September 2021 by Republican state Reps. Carfagna and Hall, of Butler County, with the backing of Governor DeWine and Lt. Governor Husted.  Four hearings on the bill were held in the fall, although the House Government Oversight Committee ultimately held the bill when they met on December 9, 2021.

The OPPA gives consumers certain rights pertaining to their data and creates new obligations for non-exempt businesses in Ohio.  Under the OPPA, consumers would be allowed to access their personal data and obtain a copy of certain information in a portable format.  Consumers would also have the right to request that a business delete personal data that the business has collected from the consumer for commercial purposes and that the business maintains in an electronic format.  Under the OPPA consumers would have a right to request that a business that sells personal data to third parties not sell the consumer’s personal data.  Unlike the California Consumer Privacy Act (“CCPA”), the OPPA would not provide consumers with a private right of action.  Instead, enforcement is at the discretion of the Ohio Attorney General’s Office (“OAGO”) (although consumers may file complaints with OAGO for purported violations of the OPPA).

The OPPA would apply to entities: (1) with at least $25 million in gross annual revenues in Ohio, (2) those that control or processes the personal data of 100,000 or more consumers, or (3) that over the course of a calendar year derive over fifty per cent of its gross revenue from the sale of personal data and processes or controls personal data of 25,000 or more consumers.  There are certain exceptions, including but not limited to institutions of higher education, business to business transactions, a covered entity or business associate under the Health Insurance Portability and Accountability Act, and a financial institution or an affiliate of a financial institution governed by the federal Gramm Leach-Bliley Act.  Businesses would have an affirmative defense to liability under the OPPA if they create, maintain, and comply with a written privacy program that reasonably conforms to the national institute of standards and technology (“NIST”) privacy framework.

With Rep. Carfagna’s resignation, the future of the OPPA (which has support across party lines and within the Governor’s office) is uncertain.  For more on this, stay tuned.  

© Copyright 2022 Squire Patton Boggs (US) LLPNational Law Review, Volume XII, Number 25
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Kristin L. Bryan Litigation Attorney Squire Patton Boggs Cleveland, OH & New York, NY
Senior Associate

Kristin Bryan is a litigator experienced in the efficient resolution of contract, commercial and complex business disputes, including multidistrict litigation and putative class actions, in courts nationwide.

She has successfully represented Fortune 15 clients in high-stakes cases involving a wide range of subject matters.

As a natural extension of her experience litigating data privacy disputes, Kristin is also experienced in providing business-oriented privacy advice to a wide range of clients, with a particular focus on companies handling customers’ personal data. In this...

216-479-8070
Advertisement
Advertisement
Advertisement