New Ohio Cyber Security Law to Take Effect November 2nd


Ohio Senate Bill 220 goes into effect on Friday, November 2, 2018.

The new law incentivizes businesses for implementing cyber security programs. Companies and corporations with a written cyber security program may assert “affirmative defense” to a tort claim related to a data breach.

To be eligible, a business must create, comply with, and periodically maintain a cyber security program that contains safeguards protecting both personal and restricted information, and which complies with at least one of the following three stipulations:

1) If a business institutes a policy that reasonably complies with at least one of the six industry-recognized cyber security frameworks.
2) If a business is regulated by the state or federal government, or both, and complies with HIPAA, GLBA, or FISMA guidelines.
3) If a business falls under PCI-DSS and reasonably complies with PCI-DSS guidelines and adopts one of the six industry-recognized frameworks.

If any one of these platforms are revised after implementation, the business in question has one year from the date of the latest revision to amend its cyber security policy in order to maintain the guidelines of that framework.

HBK can help with the creation and implementation or update of a cyber security program, as well as addressing other cyber security concerns or questions.

HBK can assist you with cyber security topics or questions. Please contact Matt Schiavone at, Bill Heaven at, or Steve Franckhauser at for assistance.

About the Author(s)
Established in 1949, HBK serves clients ranging from individuals to small businesses to multi-million dollar corporations across the United States through our office locations in Ohio, Pennsylvania, Florida, and New Jersey. We specialize in a wide variety of tax, accounting, assurance, and business consulting services which can help you achieve all of your personal and business goals.
Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.