Privacy & Security - Government

Ohio Information Technology Policies

ORC 1347.15 Guidance

Privacy Impact Assessments

Ohio Privacy Impact Statements and Assessment 2013 (.pdf)
Replaces Privacy Impact Assessment for Existing Systems and ITB 2008.02 "Privacy Impact Assessments"

    Privacy Threshold Assessment Template (.doc)
    Privacy Impact Assessment Template (.doc)

Templates for ORC 1347.15 Policies and Procedures 

Ohio Privacy Policies Framework (.pdf)
Includes Complete Instructions and ORC 1347.15 policy and procedure templates

    Template Policy on Protecting Privacy (.doc)
    Procedure Template - Accessing and Logging CPI (Computer) (.doc) 
    Procedure Template - Incident Response for Invalid Access of Confidential or Sensitive PII (.doc) 
    Procedure Template - Accessing CPI (Paper) (.doc)   
    Procedure Template - Requests for PI (.doc)
    Procedure Template - Accessing Sensitive Data (.doc)

Model Rules Template

ORC 1347.15(B) Model Rules Template (ver. 1.01 - minor update; .doc)


Ohio Revised Code Section 1347.15
Ohio Revised Code Chapter 1347: Personal Information Systems

Guide to Implementing Section 1347.15 of the Ohio Revised Code (.pdf)

Role of the Data Privacy Point of Contact (.pdf)

Interim Policy on Logging Access to Confidential Personal Information (.pdf) State of Ohio

Sample Template 1 - Sample Template 2

Access Policies Resource Kit (.pdf) (State of Ohio)
Role and Identity Management Resource Kit (.pdf) (State of Ohio)
Ohio Revised Code Chapter 1347: Personal Information Systems
Preliminary Checklist for Applying "Confidential Personal Information" to Priority Systems(.pdf)

Data Classification Resource Kit (State of Ohio)

State Agency Guidance on HIPAA and Health Information Privacy

Guide to HIPAA Privacy Rule (.pdf) (State of Ohio)

Business Associate Agreement Template

HIPAA Business Associate Agreement Template (.doc) (State of Ohio)

Incident Response Tools

Form for Breach Checklist (.doc) (State of Ohio)

Notification Diagrams (.pdf) (State of Ohio)

Risk of Harm Assessment (.doc) (State of Ohio)

Other Ohio Resources

General Privacy and Security Resources

Statewide IT Security Policies and Guidance (State of Ohio) 
Data Encryption and Securing Sensitive Data Bulletin (.pdf) (State of Ohio )
Data Encryption and Cryptography Standard (.pdf) (State of Ohio)

Policy Resources

Data Classification Guidance (Educause)

Data Protection Technical Guidance: Determining what is personal data (ICO - UK)

E-Government Act of 2002 including Title III - The Federal Information Security Management (FISMA) Act - The purpose of this Act is to enhance the management and promotion of electronic government services and processes. Title III of this act is the Federal Information Security Management Act of 2002. The E-Government Act permanently supersedes the Homeland Security Act in those instances where both Acts prescribe different amendments to the same provisions of the United States Code.

Office of Management and Budget Guidance on FISMA - The subject of this memorandum is Reporting Instructions for the Federal Information Security Management Act and Updated Guidance on Quarterly IT Security Reporting. (.pdf)
Homeland Security Presidential Directive/HSPD-7 - This directive establishes a national policy for Federal departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist attacks.
National Strategy to Secure Cyberspace - This document outlines an initial framework for both organizing and prioritizing efforts to protect against disruptions to our critical information systems and reduce vulnerabilities to cyber threats. The Department of Homeland Security's National Cyber Security Division (NCSD) has been charged with coordinating the implementation of the strategy. (.pdf)

Privacy Impact Assessment Handbook (Information Commission Office - UK)

State and Local Government Privacy and Security Laws and Guides