Craig A. Newman of Patterson Belknap writes:
Starting today, Ohio businesses with written cybersecurity programs will be looking for a free pass if they are sued under state law over a data breach.
Ohio’s Data Protection Act (Senate Bill 220, Ohio Rev. Code § 1354.01, et seq.) goes into effect today, creating a safe harbor from tort liability for businesses that meet specific cybersecurity standards. The law won’t prevent litigation over a data breach, but provides an affirmative defense to companies hit with such claims if they have met the requirements of the new law. This includes adopting data security policies that conform to a number of existing industry standards including the NIST Cybersecurity Framework.
Read more on Data Security Law Blog.