BY SVIATLANA LIASHCHYNA
as seen in Issue-34 of a360inc's Compliance Newsletter
Up until recently, the default legal services industry was used to seeing information security laws and regulations that provided for specific actions that needed to be taken or for penalties for non-compliance with the specific requirements. This month, Ohio passed a state law (Bill SB 220) that took a different approach and encourages businesses to establish stronger information security controls through providing a safe harbor protection to tort actions alleging that failure to implement security controls resulted in a data breach. The new law does not create minimum cybersecurity standards that must be achieved, nor does it imposes any liability on businesses that fail to meet any legal requirements. Instead, the Act enables businesses to use implemented internal cybersecurity programs as an affirmative defense in tort actions raised out of data breaches.
Sharing trends and best practices to help you improve your processes and maximize your profitability.