March 22, 2006
Ohio passes Disclosure Law
On February 17, 2006, the Ohio Legislature passed a HB 104 which requires entities such as Case to contact individuals if computerized Personal Information about them is improperly disclosed.
This means that the Case must contact affected individuals, if any computerized Personal Information is accessed in an unauthorized manner (e.g. lost laptop, hacking, insider misuse, inadvertent disclosure, etc.) and it is believed a material risk of identity theft is evident.
The Case community is advised that if they encounter a security incident involving Personal Information, they must contact the Help Desk and advise them of the situation. Any necessary response will be implemented the ITS Information Security Incident Response capability. If you have any additional questions about a possible disclosure, contact firstname.lastname@example.org.
Definitions from HB 104-
Personal Information is any combination of an individual's name and:
- social security number
- driver's license number or state identification number
- account number or credit card number or debit card number, in combination with any of the following items that would permit access to the individual's financial account
- required security code
- access code
The University takes all reasonable measures to prevent any breach of security that would result in disclosure of personal information, but advises all University users of IT resources to be aware of the need to protect such information while it is in their custody. Should any user become aware that personal information has been associated with any security breach, they must notifiy Case ITS immediately by contacting the Case Help Desk.
Posted by Thomas Siu at 01:36 PM