• |

Sep. 19, 2018

Ohio Adopts Pioneering Cybersecurity Safe Harbor for Companies

  • Vincent Pitaro
    Cybersecurity Law Report
Organizations struggle to understand how the government will view their security programs, and what liability they will have after a data security incident. In the absence of U.S. federal regulation, more states are taking legislative action to provide some clarity. The recently signed Ohio Data Protection Act, which comes into effect on November 2, 2018, will create a safe harbor for covered entities that implement a cybersecurity program in accordance with the act’s requirements. Organizations will be able to use the safe harbor as an affirmative defense in post-breach litigation. The Act is likely to benefit businesses that qualify for the safe harbor, but its greatest significance, said Jason Wool, a counsel at ZwillGen, is that it may be “indicative of a future trend in which states – and maybe even the federal government – will provide meaningful incentives to companies for the implementation of cybersecurity frameworks and standards on a voluntary basis.” See also “Colorado’s Revised Cybersecurity Law Clarifies and Strengthens Existing Requirements,” (Sep. 12, 2018); and “Analyzing New and Amended State Breach Notification Laws” (Jun. 6, 2018).

To read the full article

Continue reading your article with a CSLR subscription.

Most-Read Articles

Spotlight on Trailblazing Women

To mark International Women’s Day 2024, women editors and reporters of ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Jill Abitbol, Managing Editor of the Cybersecurity Law Report and Anti-Corruption Report, features notable women in data privacy, cybersecurity, white collar defense, compliance and anti-corruption law, including Christina Montgomery, Leslie Shanklin, Palmina Fava, Alexandra Ross and Lucinda Low. Enjoy reading their inspiring remarks here.

We Celebrate Data Privacy Day 2024

Read the full brief here.