WHAT YOU NEED TO KNOW:
Ohio is taking a unique technique for address records breaches through offering groups assembly certain necessities with a secure harbor towards complaints following a facts breach.
Specifically, the act affords affirmative protection in opposition to tort moves brought below Ohio regulation or in Ohio courts alleging failure to implement affordable records security controls resulting in a statistics breach to the one’s entities that adopt certain cybersecurity frameworks.
The new Ohio Data Protection Act became powerful in past due 2018. The Act provides the safe harbor to businesses that create, hold, and observe written cybersecurity packages along with administrative, technical, and bodily safeguards for protective non-public information and moderately comply with an enterprise-diagnosed cybersecurity framework which includes:
The National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity;
NIST Special Publication 800-171;
NIST Special Publications 800-fifty three and 800-53a;
The Federal Risk and Authorization Management Program (FedRAMP) Security Assessment Framework; or
The Center for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense.
In addition, an entity’s cybersecurity application can also be observed to comply to an industry-diagnosed cybersecurity framework if the entity is challenge to and conforms to the safety necessities of the Health Insurance Portability and Accountability Act (HIPAA), Title V of the Gramm-Leach-Bliley Act, the Federal Information Security Modernization Act, or the Health Information Technology for Economic and Clinical Health Act. Covered entities concern to the charge card industry records security trendy may also be eligible for safe harbor popularity.
WHAT SHOULD YOU DO?
Make positive your cybersecurity program is compliant.