Improved Sensitive Data Protection Is Goal of Multi-Agency Working Group 

Issue Date: January 2007

Source: IGD, Statewide IT Policy

Ohio’s citizens and businesses expect that their state government will diligently protect sensitive data. To that end, the Ohio Office of Information Technology, through the Statewide IT Policy program area, has formed the Sensitive Data Protection Working Group to recommend an Ohio administrative rule that would set standards for the protection of sensitive data that state agencies hold.

In 2006, a number of security breaches were reported in both the public and private sectors across the nation. The working group was formed in response to recent security breaches and based on the responsibility of state government to protect sensitive data. To address the issue, the working group intends to recommend a rule, consistent with Ohio Revised Code Chapters 1306 and 1347, that is effective in terms of security, workable, and not so onerous that it becomes counter-productive.

The rule is to be crafted weighing appropriate standards of protection and the implementation effort envisioned for state agencies. Doing so will help assure that across state government, agencies can continue to fulfill their missions, while at the same time, take reasonable precautions to protect whatever sensitive data they hold.

The working group comprises program, legal, and information technology professionals from twenty state agencies and two state universities. The working group is scheduled to complete its recommendations for a sensitive data protection rule in the first quarter of 2007.

Inquiries may be directed to:

Statewide IT Policy

Ohio Office of Information Technology

Investment and Governance Division  

30 E. Broad Street, 39th Floor

Columbus, Ohio 43215-3414

Telephone:  (614) 752-7204

Facsimile:  (614) 644-9152

E-mail:  OITLawAndPolicyAdvisor@oit.ohio.gov