The Ohio Data Protection Act, Sec. 1354.01-1354.05 Ohio Revised Code, became effective November 2, 2018. It institutes a safe harbor for a business that is proactive in establishing a written cybersecurity program that conforms to the NIST Cybersecurity Framework.
The Act provides an affirmative defense to a tort action brought under state law or in state courts for data breach of personal information. Compliance with HIPAA, FISMA and several other federal regulations will also comply. The Ohio Data Protection Act is the first legislation from the CyberOhio Initiative to help businesses thwart cyber attacks.