Legal mumbo-jumbo

One often overlooked aspect of programming is that evil legal side.  Case in point, you are keeping user records of some kind.  Now, I'm not talking about SSN, Health Records (HIPPA) or bank info.  No, I'm speaking of retaining a users home phone, address, first name, last name, etc.  At what point does this fall into the legal consideration category?  The answer is "check your local codes".  Yea, it sucks, but there's hope.

Within 5 minutes I was able to find the state of Ohio's code regarding (legalese warning!) Private disclosure of security breach of computerized personal information data which is a fancy way of saying if someone steals enough stuff to grant the ability to steal someones ID or other non-public records.  The Federal govt has a law(s) for it, but local laws usually reach further and are more clear (as clear as a law can be) as to the actions necessary for this (typically notification and credit monitoring).  In this case, here's what the Ohio Law says "Private" information would be... Article 1349.19 section 7 chapter B items 1-4 (I don't make this stuff up)

(b) “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records or any of the following media that are widely distributed:

(i) Any news, editorial, or advertising statement published in any bona fide newspaper, journal, or magazine, or broadcast over radio or television;

(ii) Any gathering or furnishing of information or news by any bona fide reporter, correspondent, or news bureau to news media described in division (A)(7)(b)(i) of this section;

(iii) Any publication designed for and distributed to members of any bona fide association or charitable or fraternal nonprofit corporation;

(iv) Any type of media similar in nature to any item, entity, or activity identified in division (A)(7)(b)(i), (ii), or (iii) of this section.

If you can't get it though normal means (public records, mass media or publication), its considered private information.  Still leaves room for "what is public" but something to consider.