Data Protection Act may protect more consumers and businesses

The Data Protection Act (DPA) is trying to encourage more Ohio businesses to install industry-recognized cybersecurity programs to protect consumer’s confidential information. Under the new law, companies that implement these security frameworks receive some protection against data breach lawsuits.

DPA allows businesses some protections

If a data breach occurs, a compliant business can use an affirmative defense in a data breach suit. An affirmative defense allows someone who committed an act the possibility of not being held liable for that act. Under the DPA, if a business introduces evidence that it protected against data breaches, it may negate the company’s liability. That is, assuming the court finds the evidence presented credible.

The law also seeks to protect consumers’ information

But more than protecting businesses from liability lawsuits, the DPA is pushing more businesses to adopt stauncher cybersecurity programs. The tougher security is meant to protect Ohio residents’ personal information from theft. To meet the DPA’s requirements, a business must draft a written cybersecurity program. This program must include:

  • Protections that keep personal information confidential and secure
  • Protections against anticipated risks and threats
  • Protections against unauthorized access to and the acquisition of personal information

The new law also asks companies use security frameworks that conform to certain industry standards like CIS Critical Security Controls, ISO, NIST, IEC and a few others.

For smaller businesses, the law only expects reasonable compliance. That means the size of your business, the cost of cybersecurity tools and your company’s resources are considered when evaluating your company’s compliance.

Businesses are not required to comply

Ohio businesses do not have to implement the DPA. However, those that do, demonstrate to consumers that their privacy is taken seriously. The additional security should help protect against data breaches and may provide legal protection, if a data breach eventually occurs.

No Comments

Leave a comment
Comment Information

3681 South Green Road, Suite 411
Cleveland, OH 44122

Phone: 216-360-8500
Fax: 216-360-8501
Map & Directions