USA - Ohio
a privacy policy. Moreover, if Ohio enacts OPPA, it will join an expanding group of other U.S. states in providing residents with specific rights pertaining to their personal data, such as the rights to request a copy, correction, or deletion of their personal data. Meanwhile, through Ohio’s DPA, Ohio has already joined other U.S. jurisdictions in setting forth parameters for cybersecurity programs. That said, Ohio has taken the unique approach through its DPA of framing the cybersecurity program as an incentive-based eligibility criteria for an affirmative defense as opposed to a requirement enforced through punitive measures. 5.1. OPPA Privacy Policy Requirement Under OPPA, businesses would be required to provide consumers notice about the personal data that it processes about the consumer. Notice would be in the form of a conspicuously posted privacy policy that would identify: the categories of personal data processed by the business; the purposes of processing for each category of personal data; the categories of sources from which the personal data is collected; the categories of processors with whom the business discloses personal data; the data retention practices and the purposes for retention; ·how individuals can exercise their rights under OPPA;
how the business will notify consumers of material changes to its privacy policies; the categories of any third parties to whom the business sells personal data (if any); and · the identities of any affiliates to which personal data may be transferred[1] 5.2. New Consumer Rights Under OPPA If enacted, OPPA would provide consumers specific rights with respect to the processing and [1] Id.
https://www.mcdonaldhopkins.com/
Made with FlippingBook - PDF hosting