Effective November 2, 2018, a new Ohio breach law will provide covered entities a legal safe harbor in certain data breach-related claims brought in an Ohio court or under Ohio law if, at the time of the breach, the entity maintains and complies with a cybersecurity program that (1) contains administrative, technical, and physical safeguards for the protection of personal information, and (2) reasonably conforms to one of the “industry-recognized” cybersecurity frameworks enumerated in the law.
Continue Reading

On August 3, 2018, Ohio Ohio Governor John Kasich signed into law Senate Bill 220, which provides covered entities with an affirmative defense to tort claims, based on Ohio law or brought in an Ohio court, that alleges or relates to the failure to implement reasonable information security controls which resulted in a data breach.
Continue Reading