August 17, 2018

August 16, 2018

Subscribe to Latest Legal News and Analysis

August 15, 2018

Subscribe to Latest Legal News and Analysis

August 14, 2018

Subscribe to Latest Legal News and Analysis

Compliance With Established Cybersecurity Standards Provides Protection From Liability in Ohio

On August 3, 2018, the Governor in Ohio signed into law the Data Protection Act, which provides businesses with an affirmative defense to data breach claims if the business was in compliance with reasonable security measures at the time of the breach.  Specifically, a business would have to show that it creates, maintains and complies with “a written cybersecurity program . . .  that reasonably conforms to an industry recognized cybersecurity framework.”  Acceptable standards include the NIST framework and compliance with PCI requirements.  For businesses subject to regulatory standards, evidence of compliance with those regulatory standards, such as the Health Insurance Portability and Accountability Act (HIPAA) or Gramm-Leach Bliley (GLBA), will also provide protection.  Many believe that this legislation will encourage businesses in Ohio to allocate more resources for cybersecurity and data protection programs.

© Copyright 2018 Murtha Cullina

TRENDING LEGAL ANALYSIS


About this Author

Dena Castricone, Murtha Cullina Law Firm, Privacy and Cybersecurity Attorney
Partner

Dena M. Castricone is a member of the Long Term Care and Health Care practice groups.  She is the Chair of the Privacy and Cybersecurity practice group and the Chair of the firm’s Pro Bono Committee.  Prior to joining Murtha Cullina, Dena served as a law clerk to the Chief Justice of the Rhode Island Supreme Court, Frank J. Williams.

Dena’s long term care and health care clients compete in a constantly evolving industry, facing both rising administrative and regulatory burdens and shrinking reimbursement rates. She helps skilled nursing centers, physician groups, home health and...

203-772-7767