The Ohio Data Protection Act, Sec. 1354.01-1354.05 Ohio Revised Code, became effective November 2, 2018.  It institutes a safe harbor for a business that is proactive in establishing a written cybersecurity program that conforms to the  NIST Cybersecurity Framework.

The Act provides an affirmative defense to a tort action brought under state law or in state courts for data breach of personal information.  Compliance with HIPAA, FISMA and several other federal regulations will also comply.  The Ohio Data Protection Act is the first legislation from the CyberOhio Initiative to help businesses thwart cyber attacks.

OBLIC’s CyberToolbox offers resources to help you in this process.  If you are not registered for OBLIC’s Loss Prevention portal, click here to register and gain access.