Ohio Senate Bill 220 Incentivizes Businesses to Maintain Higher Levels of Cybersecurity | #ESC_LLC #CyberSecurity #Government #Regulation | In the last two years alone, there has been a number of high-profile breaches that have given organizations pause, asking them to consider whether the same kind of event could happen to them. After all, a cybersecurity breach could seriously damage or even level your business if you’re not prepared and do not have the appropriate security programs in place. We’ve seen the implementation of the NYDFS Cybersecurity Regulation, and recent breaches have led to serious fines, potentially in the billions, for violating GDPR. (Please scroll down for more.)
Most recently, we saw the Ohio Senate Bill 220 (S.B. 220) signed into law and go into effect as of Nov. 2, 2018. S.B. 220, known as the Data Protection Act, serves as an incentive to businesses to ensure that they achieve and maintain a higher level of security by maintaining industry-standard cybersecurity programs.
“What was once an option is fast becoming a necessity, and ultimately–as you can see here–a legal requirement. There are some extremely unsavory individuals lurking out and about who relish on victimizing innocent businesses like yours and mine,” says John Larkin, Senior Partner with Electronic Systems Consultants LLC of Greater Ohio. “We have to be prepared for them by taking appropriate measures to protect our client data, and ESC has already taken steps to do that.”
Recent research has shown that the average cost of a data breach globally is $3.86 million – an increase of 6.4 percent from 2017. As data breaches are growing in prevalence and the cost to organizations continue to rise, S.B. 220 serves as a legal “safe harbor” for firms operating in Ohio, if they’re sued for negligently failing to implement reasonable information security controls resulting in a data breach. The organization can use its compliance with the cybersecurity control as an affirmative defense, assuming it is in compliance with one of eight industry frameworks:
To read the remainder of this article, click here.