OHIO HOUSE BILL 96  •  ORC § 9.64

The Cybersecurity Law Every Ohio Agency Must Now Meet

A free 90-minute briefing from Pelican3 Consulting on what ORC § 9.64 requires, where your agency stands, and how to build a compliant program. Lunch follows the event.

Tuesday, August 4, 202610:00 to 11:30 AM1343 Belmont Ave., YoungstownLunch providedFree to attend

ORC § 9.64 AT A GLANCEALL DEADLINES PASSED

WHAT THE LAW REQUIRES

1Written cybersecurity programAdopted by your legislative authority and tailored to your entity, its systems, data, and vendors.
2Incident reportingOCIC within 7 days of discovery, Auditor of State within 30, with a designated contact. Active now.
3Ransomware payment restrictionsNo ransom can be paid without a formal public vote. No exceptions.

COMPLIANCE TIMELINE

June 30, 2025Signed into lawDONE
Sept 30, 2025Incident reporting in effectACTIVE
Jan 1, 2026County & city deadlinePASSED
July 1, 2026All other entitiesPASSED

⚠  The Auditor of State specifically tests whether your program is tailored to your entity. A downloaded template is not sufficient.

This event has passed!

Seats are limited. The briefing begins in...

00

days

00

hours

00

minutes

00

seconds

$2.83M

The Average Cost of a Breach

What a single cyber incident costs a government entity on average, or roughly $943 per resident when systems, records, and recovery are counted.

100%

Every Agency Is In Scope

ORC § 9.64 covers all Ohio political subdivisions: law enforcement, fire, EMS, PSAPs, administrators, councils, and commissions. No exemptions.

$91.75M

Federal Funding Available

Grant dollars are on the table to help Ohio agencies build compliant programs. We will cover how to position your agency to pursue them.

YOUR PRESENTERS

Meet the Team Behind the Briefing

Paul Hugenberg and Dom Rozzo of Pelican3 Consulting LLC walk you through the law, the threat landscape, and a practical path to a compliant program. Open Q&A follows, with no obligation and no invoice.

PBHPic
Paul Hugenberg
Pelican3 Consulting LLC

Paul opens the briefing with the law and the threat: what ORC § 9.64 requires, the deadlines that have already passed, what the auditor will look for, and where your agency stands right now.

ProProfile
Dom Rozzo
Pelican3 Consulting LLC

Dom covers your risk exposure and the IT partnership gap: what most IT agreements are missing under HB96, the real cost of non-inclusive contracts, and how to frame the investment for your board.

THE AGENDA

What We’ll Cover in 90 Minutes

Four fast-moving segments that take you from what the law says to a practical plan for your agency. Lunch is served after the briefing.

PART 01

The Law & the Threat

  • What ORC § 9.64 requires and the deadlines that have already passed
  • Real Ohio incidents: Columbus, Licking County, and Columbiana County
  • Breach costs, who is in scope, and $91.75M in federal grant funding

PART 03

The IT & Partnership Gap

  • IT as operational infrastructure: the same budget conversation as fleet and dispatch
  • What your IT agreement is missing vs. what HB96 actually requires
  • The real cost of non-inclusive contracts
  • Framing the investment for your board: $1 to $3 per resident vs. $943 if breached

PART 02

Your Risk Exposure

  • Your attack surface: financial systems, email, patrol & CAD, remote access, records
  • The six specific checkpoints the auditor will look for
  • Risk assessments and what your cyber insurer requires before they pay a claim

PART 04

Building a Compliant Program

  • Every agency type covered, no exemptions
  • CJIS, HIPAA & HB96 as one unified program, not three projects
  • Gap assessment findings and law enforcement-led incident response
  • How Pelican3 partners with you, then open Q&A and next steps

FREE EVENT • SEATS ARE LIMITED

Reserve Your Seat

Tuesday, August 4, 2026 • 10:00 to 11:30 AM • Lunch provided after the briefing. Registration is free.

1343 Belmont Avenue, Youngstown, OH 44505