Hunton Andrews Kurth’s Privacy & Information Security Law Blog reports on the legal safe harbor within Ohio’s recently enacted data breach law for certain incidents. Covered entities are protected under the safe harbor if they have maintained a cybersecurity program with the proper administrative, technical and physical safeguards for personal data at the time they were hit by a breach. The program must also follow an “industry-recognized” cybersecurity framework and should be designed to protect against anticipated threats and unauthorized access. Ohio’s law, which went into effect Nov. 2, is the first in the U.S. to incentivize businesses to ensure they have policies and procedures in place to protect against breaches.
If you want to comment on this post, you need to login.