Ohio is taking a completely unique method of address data breaches by way of presenting groups assembly positive necessities with a safe harbor against proceedings following a records breach.
Specifically, the act provides an affirmative defense in opposition to tort movements introduced under Ohio regulation or in Ohio courts alleging failure to implement affordable statistics protection controls resulting in a statistics breach to the ones entities that adopt certain cybersecurity frameworks.
THE DETAILS:
The new Ohio Data Protection Act became effective in late 2018. The Act gives the secure harbor to corporations that create, maintain, and follow written cybersecurity programs including administrative, technical, and bodily safeguards for protecting non-public statistics and reasonably agree to an enterprise-diagnosed cybersecurity framework inclusive of:
The National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity;
NIST Special Publication 800-171;
NIST Special Publications 800-fifty three and 800-53a;
The Federal Risk and Authorization Management Program (FedRAMP) Security Assessment Framework; or
The Center for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense.
In addition, an entity’s cybersecurity program can also be located to comply to an industry-recognized cybersecurity framework if the entity is situation to and conforms to the safety necessities of the Health Insurance Portability and Accountability Act (HIPAA), Title V of the Gramm-Leach-Bliley Act, the Federal Information Security Modernization Act, or the Health Information Technology for Economic and Clinical Health Act. Covered entities subject to the price card industry information protection trendy can also be eligible for safe harbor popularity.