By Drew M Smith
As fears abound about cyber security and trying to protect data, states have been passing legislation to combat hackers. Ohio recently passed a law in November over this exact problem.
The “Safe Harbor” Law is designed to cover entities that are breached. SB 220, the law associated with this provision, states that “Beginning November 2, 2018, businesses will have the ability to invoke a cyber security safe harbor provision pursuant to Ohio law (SB 220) to obtain tort-related liability protection if they suffer a data breach. Businesses can undertake simple measures to efficiently and effectively avail themselves of Ohio’s cyber security safe harbor.” Under Ohio guidance, they must conform to guidelines that they recognize as industry standards, such as The Federal Risk and Authorization Management Program Security Assessment Framework.
This means protection against liability if the company can prove they have adequately protected their data and implemented the correct security procedures. It however does not protect against the cyber risk. It only provides protection if they can prove that they could not have prevented the cyber breach through normal means and all of their cyber security was up to date. As a result, they can still feel serious litigation from their customers if they can’t protect their data.