HB 565 Summary

• Requires state agencies and political subdivisions that own or license computerized data containing personal information to disclose any security breaches to affected Ohio residents within 45 days of discovery.

• Requires persons (including business entities) that own or license computerized data to disclose security breaches to affected Ohio residents within 45 days, with exceptions for financial institutions subject to federal security breach notification requirements.

• Mandates that all entities required to disclose a breach must report the breach to the Ohio Attorney General in writing or by email, including the breach date, number of people affected, and notification method used.

• Directs the Attorney General to establish and maintain a searchable, publicly accessible database containing all reported security breaches with information including breach date, number of affected persons, notification methods, and other relevant details.

• Defines "breach of security" as unauthorized access to computerized data that compromises personal information security and creates material risk of identity theft or fraud to Ohio residents.