Ohio

Privacy Law Status

Comprehensive Privacy Law

Ohio does not currently have a comprehensive data privacy law in effect[1]. Unlike states such as California, Virginia, and Colorado, Ohio residents do not yet have statutory rights to access, delete, or control the sale of their personal data by businesses. The state has attempted to pass privacy legislation but no comprehensive law has been enacted as of 2025.

Legislative Activity

Ohio House Bill 345, known as the Ohio Personal Privacy Act, was introduced in November 2023 but died in committee when the 135th General Assembly concluded[2][3]. This bill would have established comprehensive data privacy rights for Ohio residents and requirements for businesses. A previous attempt, House Bill 376, was introduced in 2021 but failed to pass[1][4]. The bill followed similar frameworks established by other states like Colorado and Virginia.

Implementation Timeline

If House Bill 345 had passed, it would have taken effect one year after enactment[5]. However, since the bill died in committee, there is no definitive timeline for when Ohio residents might gain comprehensive data privacy rights. Any new legislation would require reintroduction in the current General Assembly.

Your Rights as a Ohio Resident

Currently, Ohio residents do not have comprehensive statutory data privacy rights. If House Bill 345 had become law, residents would have gained the following protections:

Right to know what data is collected – You could have requested information about what personal data a business has collected about you and how it’s being used
Right to delete personal information – You could have requested that businesses delete personal data they have collected from you
Right to opt out of data sales – You could have told businesses not to sell your personal data to third parties
Right to correct inaccurate data – You could have requested corrections to inaccuracies in your personal information held by businesses
Right to non-discrimination – Businesses could not have discriminated against you for exercising any of these privacy rights

Until comprehensive privacy legislation passes, Ohio residents must rely on federal laws like HIPAA for health information, existing consumer protection laws, and individual company privacy policies for data protection.

Business Requirements

Under the proposed Ohio Personal Privacy Act (HB 345), businesses would have faced several compliance obligations:

Coverage thresholds – The law would have applied to businesses with annual gross revenues exceeding $25 million in Ohio, OR those controlling/processing personal data of 100,000+ consumers, OR those deriving over 50% of revenue from data sales while processing data of 25,000+ consumers[5][6]
Privacy policy requirements – Covered businesses would have needed to establish, maintain, and make available privacy policies describing how they collect, use, and sell consumer personal data[7][6]
Consumer request procedures – Companies would have needed to respond to verified consumer rights requests within 45 days, with a possible 45-day extension if necessary[5]
Data protection assessments – Businesses would have needed to conduct and document assessments for processing activities that pose heightened privacy risks, such as targeted advertising or data sales[5]
Security safeguards – Implementation of reasonable security measures to protect personal data would have been required

Practical Impact

Limited current protection – Without comprehensive privacy legislation, Ohio residents have minimal control over how businesses collect, use, and sell their personal data compared to residents of states with privacy laws
Consumer complaint process – Currently, residents can file complaints with the Ohio Attorney General’s Consumer Protection Section for unfair business practices, but this doesn’t address most data privacy concerns[8][9]
Enforcement limitations – If HB 345 had passed, only the Ohio Attorney General could have enforced violations; residents would not have had the right to sue companies directly for privacy violations[5][7][6]
Safe harbor provisions – Ohio’s existing Data Protection Act provides legal protections for businesses that follow cybersecurity frameworks, but this doesn’t grant consumer privacy rights[10]

Comparison Context

Behind other states – As of 2024, comprehensive state privacy laws are in effect in California, Colorado, Connecticut, Florida, Oregon, Texas, Utah, and Virginia, with additional states like Delaware, Iowa, Montana, Nebraska, New Hampshire, and New Jersey having laws taking effect by early 2025[11]
Missing key protections – Ohio residents lack the data portability rights, sensitive data protections, and universal opt-out mechanisms available in leading privacy states like California
Potential business-friendly approach – The proposed Ohio law includes safe harbor provisions and limits enforcement to the Attorney General, which may be more favorable to businesses than laws in states with private rights of action
Revenue threshold uniqueness – The proposed $25 million Ohio revenue threshold is somewhat unusual compared to other state laws that typically use nationwide revenue figures[5]

Action Steps for Residents

Monitor legislative progress – While House Bill 345 died in the previous General Assembly, you can monitor potential reintroduction of privacy legislation and contact representatives to express support or concerns about new privacy legislation
Review existing protections – Understand your rights under federal laws like HIPAA, FERPA, and the Fair Credit Reporting Act, which provide limited data protections in specific contexts
Practice data hygiene – Read privacy policies, use privacy settings on social media and devices, and be selective about sharing personal information with businesses
File consumer complaints – Report deceptive business practices related to data handling to the Ohio Attorney General’s Consumer Protection Section, even though comprehensive privacy rights don’t yet exist
Stay informed about student data – If you have children in Ohio schools, understand that Senate Bill 29 provides some protections for student data privacy as of October 2024[12]

Official Resources and Contact Information

Ohio Legislature

To find your specific state representatives and contact them about privacy legislation:

Ohio House of Representatives: Visit the official website at https://www.ohiohouse.gov and use their “Who Represents Me?” tool to find your representative by entering your address.

District Maps and Contact Information: Go to https://www.legislature.ohio.gov/legislators/district-maps to find both your Ohio House representative and State Senator contact information.

Track House Bill 345

View the historical status of the failed HB345, not current active legislation, at https://www.legislature.ohio.gov/legislation/135/hb345.

Ohio Attorney General – Consumer Protection

Consumer Help Center: 1-800-282-0515 (Monday-Friday, 8:00 a.m. to 7:00 p.m.)

Online complaint filing: Visit https://www.ohioattorneygeneral.gov to file consumer complaints online.

Mailing address: Consumer Protection Section, 30 E. Broad Street, 14th Floor, Columbus, OH 43215

Consumer complaint search: Search existing consumer complaints at https://complaintsummary.ohioattorneygeneral.gov.

Ohio Governor

Contact Governor Mike DeWine’s office regarding privacy legislation at https://governor.ohio.gov/contact/contact-us.

Additional Resources

Ohio Legal Help: For general consumer protection information, visit https://www.ohiolegalhelp.org/resource/ohio-attorney-generals-office.

Legislative Process Information: Learn about how bills become laws in Ohio at the official legislature website’s glossary and process sections.

Sources and Citations

[1] www.centraleyes.com/privacy-laws/ohio/

[2] www.legislature.ohio.gov/legislation/135/hb345

[3] legiscan.com/OH/bill/HB345/2023

[4] governor.ohio.gov/administration/lt-governor/07132021

[5] syrenis.com/resources/blog/ohio-personal-privacy-act-hb-345/

[6] kjk.com/2024/08/06/ohio-house-considers-enacting-the-ohio-personal-privacy-act/

[7] www.jdsupra.com/legalnews/ohio-house-considers-enacting-the-ohio-1158653/

[8] www.ohioattorneygeneral.gov/About-AG/Service-Divisions/Consumer-Protection

[9] www.ohiolegalhelp.org/resource/ohio-attorney-generals-office

[10] www.upguard.com/blog/ohio-senate-bill-220

[11] www.privacyanddatasecurityinsight.com/2024/07/comprehensive-state-privacy-laws-halfway-through-2024-and-looking-ahead-to-2025/

[12] www.privacyanddatasecurityinsight.com/2025/01/school-is-in-session-ohios-new-student-data-privacy-law-impacts-more-than-students/

Last Updated August 2025. Written with contributions from both human authors and Perplexity AI. If you find incorrect or outdated information let us know at support@optery.com.