Terms Used In Ohio Code > Chapter 3965 - Cybersecurity Requirements for Insurance Companies

• Another: when used to designate the owner of property which is the subject of an offense, includes not only natural persons but also every other owner of property. See Ohio Code 1.02
• Assets: (1) The property comprising the estate of a deceased person, or (2) the property in a trust account.
• Beneficiary: A person who is entitled to receive the benefits or proceeds of a will, trust, insurance policy, retirement plan, annuity, or other contract. ^{Source: OCC}
• Child: includes child by adoption. See Ohio Code 1.59
• Consumer: includes an applicant, policyholder, insured, beneficiary, claimant, and certificate holder. See Ohio Code 3965.01
• Contract: A legal written agreement that becomes binding when signed.
• Cybersecurity event: means an event resulting in unauthorized access to, disruption of, or misuse of an information system or nonpublic information stored on an information system that has a reasonable likelihood of materially harming any consumer residing in this state or any material part of the normal operations of the licensee. See Ohio Code 3965.01
• Discovery: Lawyers' examination, before trial, of facts and documents in possession of the opponents to help the lawyers prepare for trial.
• Encrypted: means the transformation of data into a form that results in a low probability of assigning meaning without the use of a protective process or key. See Ohio Code 3965.01
• Evidence: Information presented in testimony or in documents that is used to persuade the fact finder (judge or jury) to decide the case for one side or the other.
• Family: means an individual's spouse, child, stepchild, foster child, parent, stepparent, foster parent, grandparent, grandchild, sibling, half sibling, stepsibling, parent-in-law, brother-in-law, or sister-in-law. See Ohio Code 3965.01
• Fiscal year: The fiscal year is the accounting period for the government. For the federal government, this begins on October 1 and ends on September 30. The fiscal year is designated by the calendar year in which it ends; for example, fiscal year 2006 begins on October 1, 2005 and ends on September 30, 2006.
• HIPAA: means the "Health Insurance Portability and Accountability Act of 1996" Pub. See Ohio Code 3965.01
• in writing: includes any representation of words, letters, symbols, or figures; this provision does not affect any law relating to signatures. See Ohio Code 1.59
• Information security program: means the administrative, technical, and physical safeguards that a licensee uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle nonpublic information. See Ohio Code 3965.01
• Information system: means a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of electronic nonpublic information, as well as any specialized system such as industrial and process controls systems, telephone switching and private branch exchange systems, and environmental control systems. See Ohio Code 3965.01
• Jurisdiction: (1) The legal authority of a court to hear and decide a case. Concurrent jurisdiction exists when two courts have simultaneous responsibility for the same case. (2) The geographic area over which the court has authority to decide cases.
• Licensee: includes an insurer. See Ohio Code 3965.01
• Multifactor authentication: means authentication through verification of at least two of the following types of authentication factors:

  (1) Knowledge factors, such as a password;

  (2) Possession factors, such as a token or text message on a mobile phone;

  (3) Inherence factors, such as a biometric characteristic. See Ohio Code 3965.01

• Nonpublic information: means information that is not publicly available information and is one of the following:

  (1) Business-related information of a licensee the tampering with, unauthorized disclosure of, access to, or use of which, would cause a material adverse impact to the business, operation, or security of the licensee;

  (2) Information concerning a consumer that because of the name, number, personal mark, or other identifier contained in the information can be used to identify that consumer in combination with any one or more of the following data elements:

  (a) Social security number;

  (b) Driver's license, commercial driver's license, or state identification card number;

  (c) Account, credit card, or debit card number;

  (d) Any security code, access code, or password that would permit access to the consumer's financial account;

  (e) Biometric records. See Ohio Code 3965.01

• Obligation: An order placed, contract awarded, service received, or similar transaction during a given period that will require payments during the same or a future period.
• Person: includes an individual, corporation, business trust, estate, trust, partnership, and association. See Ohio Code 1.59
• Publicly available information: means any information that a licensee has a reasonable basis to believe is lawfully made available to the general public from federal, state, or local government records; widely distributed media; or disclosures to the general public that are required to be made by federal, state, or local law. See Ohio Code 3965.01
• Risk assessment: means the risk assessment that each licensee is required to conduct under division (C) of section 3965. See Ohio Code 3965.01
• state: means the state of Ohio. See Ohio Code 1.59
• Subpoena: A command to a witness to appear and give testimony.
• Testify: Answer questions in court.
• Third-party service provider: means a person other than a licensee that:

  (1) Contracts with a licensee to maintain, process, or store nonpublic information through its provision of services to the licensee;

  (2) Otherwise is permitted access to nonpublic information through its provision of services to the licensee. See Ohio Code 3965.01

• Tort: A civil wrong or breach of a duty to another person, as outlined by law. A very common tort is negligent operation of a motor vehicle that results in property damage and personal injury in an automobile accident.