Companies Could Sidestep Data Breach Claims Under Ohio Law

Oct. 31, 2018, 2:28 PM

Ohio companies can evade claims in data breach lawsuits if they show they had a recognized cybersecurity program in place before the breach occurred, under a new state law.

The law, which takes effect Nov. 2, provides liability protection to businesses that maintain and comply with one of several cybersecurity programs, such as one offered by the National Institute of Standards and Technology. It’s the first law of its kind in the U.S.

Bill Berglund, Cleveland-based counsel with Tucker Ellis LLP, told Bloomberg Law that the law is unique because it provides “a ‘carrot’ rather than ‘stick’ approach to Ohio ...

To read the full article log in. To learn more about a subscription click here.