Ohio Law Incentivizes Businesses for Implementing Cybersecurity Programs

Ohio Law Incentivizes Businesses for Implementing Cybersecurity Programs

Ohio organizations that reasonably conform to established cybersecurity programs may be incentivized.

  • By Sydny Shepard
  • Sep 21, 2018

Ohio Gov. John Kasich has signed Senate Bill 220, also known as the Ohio Data Protection Act, making it the first law in the national which incentivizes businesses to implement certain cybersecurity controls by providing them with an affirmative defense.

Under the Act, eligible organizations may rely on their conformance to certain cybersecurity frameworks as an affirmative defense against tort claims in data breach litigation, according to Columbus Business First. The act is intended to provide organizations with a legal incentive to implement written cybersecurity programs.

In order to qualify, Ohio organizations much implement a written cybersecurity program designed to protect the security and confidentiality of personal information, protect against anticipated threats or hazards to the security and integrity of personal information and protect against unauthorized access to and acquisition of personal information that is likely to result in a material risk of identity theft or fraud.

Additionally, the organization must "reasonably conform" to one of the following cybersecurity frameworks:

  • National Institute of Standards and Technology's (NIST) Cybersecurity Framework
  • NIST special publication 800-171, or 800-53 and 800-53a
  • Federal Risk and Authorization Management Program's Security Assessment Framework
  • Center for Internet Security's Critical Security Controls for Effective Cyber Defense
  • International Organization for Standardization (ISO)/International Electrotechnical Commission’s (IEC) 27000 Family – Information Security Management Systems Standards.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Organizations Struggle with Outdated Security Approaches, While Online Threats Increase

    Cloudflare Inc, recently published its State of Application Security 2024 Report. Findings from this year's report reveal that security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications—the technology that underpins all of today’s most used sites. The report underscores that the volume of threats stemming from issues in the software supply chain, increasing number of distributed denial of service (DDoS) attacks and malicious bots, often exceed the resources of dedicated application security teams. Read Now

  • Milestone Announces Merger With Arcules

    Global video technology company Milestone Systems is pleased to announce that effective July 1, 2024, it will merge with the cloud-based video surveillance solutions provider, Arcules. Read Now

  • Cloud Resources Have Become Biggest Targets for Cyberattacks According to New Research

    Thales recently announced the release of the 2024 Thales Cloud Security Study, its annual assessment on the latest cloud security threats, trends and emerging risks based on a survey of nearly 3000 IT and security professionals across 18 countries in 37 industries. As the use of the cloud continues to be strategically vital to many organizations, cloud resources have become the biggest targets for cyber-attacks, with SaaS applications (31%), Cloud Storage (30%) and Cloud Management Infrastructure (26%) cited as the leading categories of attack. As a result, protecting cloud environments has risen as the top security priority ahead of all other security disciplines. Read Now

Most   Popular

Featured Cybersecurity

Webinars

Whitepapers

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3