New Ohio Cyber Security Law to Take Effect November 2nd

Date October 30, 2018

Ohio Senate Bill 220 goes into effect on Friday, November 2, 2018.

The new law incentivizes businesses for implementing cyber security programs. Companies and corporations with a written cyber security program may assert “affirmative defense” to a tort claim related to a data breach.

To be eligible, a business must create, comply with, and periodically maintain a cyber security program that contains safeguards protecting both personal and restricted information, and which complies with at least one of the following three stipulations:

1) If a business institutes a policy that reasonably complies with at least one of the six industry-recognized cyber security frameworks.
2) If a business is regulated by the state or federal government, or both, and complies with HIPAA, GLBA, or FISMA guidelines.
3) If a business falls under PCI-DSS and reasonably complies with PCI-DSS guidelines and adopts one of the six industry-recognized frameworks.

If any one of these platforms are revised after implementation, the business in question has one year from the date of the latest revision to amend its cyber security policy in order to maintain the guidelines of that framework.

HBK can help with the creation and implementation or update of a cyber security program, as well as addressing other cyber security concerns or questions.

HBK can assist you with cyber security topics or questions. Please contact Matt Schiavone at, Bill Heaven at, or Steve Franckhauser at for assistance.

Speak to one of our professionals about your organizational needs

"*" indicates required fields needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.