From: Lexology
Jared M. Bruce and Jennifer Orr Mitchell | Dinsmore & Shohl LLP
On August 3, 2018, Ohio Governor John Kasich signed the Ohio Data Protection Act, which will provide a legal safe harbor against data breach claims to businesses that implement specified cybersecurity controls. Ohio Senate Bill No. 220 (S.B. 220), also known as the Ohio Data Protection Act (the Act) goes into effect on November 2, 2018. The Act is intended to provide incentives for businesses to invest in a robust cybersecurity framework. The Act will be codified at O.R.C. §§ 1354.01-1354.05. Ohio is the first state in the country to implement a law that provides a data breach safe harbor for businesses.
The Act provides companies with an affirmative defense from tort claims arising out of a data breach concerning personal information if a written cybersecurity program is in place that “reasonably conforms to an industry recognized cybersecurity framework.”[1] The Act recognizes the following as industry recognized cybersecurity frameworks[2]:
Leave a Reply