Andrew M. Jaffe, Attorney at Law Blog

COVID-19 Consumer Protection Act of the 2021 Consolidated Appropriations Act

LINK:

https://www.congress.gov/116/bills/hr133/BILLS-116hr133enr.pdf

For the duration of the COVID-19 public health emergency declared pursuant to section 319 of the Public Health Service Act (42 U.S.C. 247d), this Act makes it unlawful under Section 5 of the Federal Trade Commission Act for any person, partnership, or corporation to engage in a deceptive act or practice in or affecting commerce associated with the treatment, cure, prevention, mitigation, or diagnosis of COVID–19 or a government benefit related to COVID–19. The Act provides that such a violation shall be treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under Sec. 18(a)(1)(B) of the FTC Act.

As we all read in the news, data breaches seem to occur every day. Ohio has become the first state in the Union to create a “Safe Harbor” for businesses against tort claims if a data breach does occur.

The Data Protection Act changes Ohio law so that businesses that take reasonable precautions and meet industry-recommended standards would be afforded a “safe harbor” against legal claims should a data breach occur. To trigger the “safe harbor” provision, businesses must create their own cybersecurity programs that meet certain standards. The legislation identifies eight different industry-recognized cybersecurity frameworks on which businesses can base their programs.

As a data breach not only damages a business brand but costs the offenders no less than $100,000 and up to millions of dollars, businesses in Ohio should take the necessary steps to ensure their cybersecurity program meets the requirements of the Safe Harbor. While this will cost your business time and money, creating the Safe Harbor is well worth the time and expense to put the program in place.

You will want to discuss your situation with a lawyer in more detail. The Ohio Data Protection Act goes into effect on November 2, 2018.