Privacy Impact Assessments
Ohio Privacy Impact Statements and Assessment 2013 (.pdf) Replaces Privacy Impact Assessment for Existing Systems and ITB 2008.02 "Privacy Impact Assessments" Privacy Threshold Assessment Template (.doc) Privacy Impact Assessment Template (.doc)
Templates for ORC 1347.15 Policies and Procedures
Ohio Privacy Policies Framework (.pdf) Includes Complete Instructions and ORC 1347.15 policy and procedure templates
Template Policy on Protecting Privacy (.doc) Procedure Template - Accessing and Logging CPI (Computer) (.doc) Procedure Template - Incident Response for Invalid Access of Confidential or Sensitive PII (.doc) Procedure Template - Accessing CPI (Paper) (.doc) Procedure Template - Requests for PI (.doc) Procedure Template - Accessing Sensitive Data (.doc)
Model Rules Template
ORC 1347.15(B) Model Rules Template (ver. 1.01 - minor update; .doc)
Guidance
Ohio Revised Code Section 1347.15 Ohio Revised Code Chapter 1347: Personal Information Systems
Guide to Implementing Section 1347.15 of the Ohio Revised Code (.pdf)
Role of the Data Privacy Point of Contact (.pdf)
Interim Policy on Logging Access to Confidential Personal Information (.pdf) State of Ohio
Sample Template 1 - Sample Template 2
Access Policies Resource Kit (.pdf) (State of Ohio) Role and Identity Management Resource Kit (.pdf) (State of Ohio) Ohio Revised Code Chapter 1347: Personal Information Systems Preliminary Checklist for Applying "Confidential Personal Information" to Priority Systems(.pdf) Data Classification Resource Kit (State of Ohio)
Guide to HIPAA Privacy Rule (.pdf) (State of Ohio)
Business Associate Agreement Template
HIPAA Business Associate Agreement Template (.doc) (State of Ohio)
Incident Response Tools
Form for Breach Checklist (.doc) (State of Ohio)
Notification Diagrams (.pdf) (State of Ohio)
Risk of Harm Assessment (.doc) (State of Ohio)
General Privacy and Security Resources
Statewide IT Security Policies and Guidance (State of Ohio) Data Encryption and Securing Sensitive Data Bulletin (.pdf) (State of Ohio ) Data Encryption and Cryptography Standard (.pdf) (State of Ohio)
Compendium of Federal Privacy Laws (Center for Democracy and Technology)
Communications Privacy National Do-Not-Call Registry Telephone Consumer Protection Act of 1991 The Electronic Communications Privacy Act (1986) Children's Privacy Children's Online Privacy Protection Act of 1998 (COPPA) Financial Privacy
Fair Credit Reporting Act (1970) Gramm-Leach-Bliley Act (1999) Right to Financial Privacy Act (1978) Health Privacy Education Privacy FERPA Family Education Rights and Privacy Act (1974) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Health Privacy Project Government Privacy Census Confidentiality Statute of 1954 Computer Security Act of 1987 E-government Act of 2002 Freedom of Information Act (1966) Privacy Act of 1974 Other Federal Privacy Laws Administrative Procedure Act Cable Communications Policy Act of 1984 Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 Driver's Privacy Protection Act of 1994 Employee Polygraph Protection Act of 1988 Privacy Protection Act of 1980 Video Privacy Protection Act of 1988
Department of Homeland Security PIA Basics of the Privacy Impact Assessment (ppt) - (Dept. of the Interior) Privacy Impact Assessment Handbook (Information Commission Office - UK) Privacy Impact Assessment Template (Word) - (Dept. of the Interior) Federal E-Government Act of 2002 (Office of Management and Budget) Census Bureau PIA Security Exchange Commissions PIA & template documents Veteran's Association PIA Handbook
Data Breach Notification Laws DHS Privacy Incident Handling Guidance Office of Management and Budget Recommendations for Identity Theft Related Data Breach Notification (.pdf)
Data Classification Guidance (Educause) Data Protection Technical Guidance: Determining what is personal data (ICO - UK) E-Government Act of 2002 including Title III - The Federal Information Security Management (FISMA) Act - The purpose of this Act is to enhance the management and promotion of electronic government services and processes. Title III of this act is the Federal Information Security Management Act of 2002. The E-Government Act permanently supersedes the Homeland Security Act in those instances where both Acts prescribe different amendments to the same provisions of the United States Code. Office of Management and Budget Guidance on FISMA - The subject of this memorandum is Reporting Instructions for the Federal Information Security Management Act and Updated Guidance on Quarterly IT Security Reporting. (.pdf) Homeland Security Presidential Directive/HSPD-7 - This directive establishes a national policy for Federal departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist attacks. National Strategy to Secure Cyberspace - This document outlines an initial framework for both organizing and prioritizing efforts to protect against disruptions to our critical information systems and reduce vulnerabilities to cyber threats. The Department of Homeland Security's National Cyber Security Division (NCSD) has been charged with coordinating the implementation of the strategy. (.pdf) Privacy Impact Assessment Handbook (Information Commission Office - UK)
MS-ISAC Cyber Security Guides State Laws Related to Internet Privacy
ComputerWorld Hunton & Williams IAPP Daily Dashboard
October 2011 Newsletter Dark Reading Schneier on Security ComputerWorld Security Center SecurityFocus Yahoo Security News
Multi-State Information Sharing and Analysis Center (MS-ISAC) United States Computer Emergency Readiness Team (US-CERT) National Vulnerability Database (NIST)
Ohio Privacy and Security Contact Information Office of Information Technology Contacts
Home | Business | Citizens | Education | Government | Resources Security | Privacy Notice | Search | Disclaimer | Site Index | Contacts Please Note: To view documents on this site, you must have the corresponding software installed on your Computer Last Updated: May 16, 2013