As we all read in the news, data breaches seem to occur every day. Ohio has become the first state in the Union to create a “Safe Harbor” for businesses against tort claims if a data breach does occur.
The Data Protection Act changes Ohio law so that businesses that take reasonable precautions and meet industry-recommended standards would be afforded a “safe harbor” against legal claims should a data breach occur. To trigger the “safe harbor” provision, businesses must create their own cybersecurity programs that meet certain standards. The legislation identifies eight different industry-recognized cybersecurity frameworks on which businesses can base their programs.
As a data breach not only damages a business brand but costs the offenders no less than $100,000 and up to millions of dollars, businesses in Ohio should take the necessary steps to ensure their cybersecurity program meets the requirements of the Safe Harbor. While this will cost your business time and money, creating the Safe Harbor is well worth the time and expense to put the program in place.
You will want to discuss your situation with a lawyer in more detail. The Ohio Data Protection Act goes into effect on November 2, 2018.