Data Protection Act Will Incentivize Cybersecurity to Protect Consumer Data

Columbus OH, November 13th, 2017: Ohio Attorney General Mike DeWine today publicly endorsed Senate Bill 220, the Data Protection Act, at a news conference with bill sponsor State Senator Bob Hackett (R-London). The legislation was introduced as part of Attorney General DeWine's CyberOhio Initiative to help Ohio businesses with cybersecurity issues.

"The Data Protection Act is an effort to encourage businesses to take the necessary steps to protect their customer data and avoid costly data breaches," said Attorney General DeWine. “As businesses beef up their cybersecurity, consumers will benefit from the additional protection as well."

"As the world is increasingly interconnected, we have a responsibility to secure cyberspace," Sen. Hackett said. "S.B. 220 will provide businesses and consumers with quality protections."

The Data Protection Act would change Ohio laws so that businesses that take reasonable precautions and meet industry-recommended standards would be afforded a "safe harbor" against legal claims should a data breach occur. To trigger the "safe harbor" provision, businesses must create their own cybersecurity programs that meet certain standards. The legislation identifies eight different industry-recognized cybersecurity frameworks on which businesses can base their programs.

Senate Bill 220 is the first piece of legislation introduced as a result of Ohio Attorney General Mike DeWine's CyberOhio Initiative. Launched in September 2016, the goal of CyberOhio is to help foster a legal, technical, and collaborative cybersecurity environment to help Ohio businesses thrive. In addition to promoting legislation, other parts of the initiative include training opportunities for businesses, development of cybersecurity workforce personnel, and expansion of the Ohio Attorney General's Identity Theft Unit.

Senate Bill 220 was introduced on October 17th and is pending committee assignment.