Effective November 2, 2018, a new Ohio breach law will provide covered entities a legal safe harbor in certain data breach-related claims brought in an Ohio court or under Ohio law if, at the time of the breach, the entity maintains and complies with a cybersecurity program that (1) contains administrative, technical, and physical safeguards for the protection of personal information, and (2) reasonably conforms to one of the “industry-recognized” cybersecurity frameworks enumerated in the law.
Continue Reading New Ohio Law Creates Safe Harbor for Certain Breach-Related Claims

On August 3, 2018, Ohio Ohio Governor John Kasich signed into law Senate Bill 220, which provides covered entities with an affirmative defense to tort claims, based on Ohio law or brought in an Ohio court, that alleges or relates to the failure to implement reasonable information security controls which resulted in a data breach.
Continue Reading Ohio Law Provides Safe Harbor from Tort Claims Related to Data Breaches

On November 13, 2013, two companies that provide consumer background reports to third parties, including criminal record checks, agreed to an 18.6 million dollar settlement stemming from allegations that they violated the Fair Credit Reporting Act when providing these reports to prospective employers.
Continue Reading Background Check Companies Settle FCRA Allegations

The United States Court of Appeals for the Sixth Circuit recently upheld a lower court decision that losses resulting from the theft of customers’ banking information in a retailer’s computer system were covered under a commercial crime policy’s computer fraud endorsement.
Continue Reading Sixth Circuit Finds Coverage for Losses Resulting from Retailer’s Data Breach