Senate Passes Bill Aimed at Incentivizing Increased Cybersecurity for Businesses
May 18, 2018
Bob D. Hackett News
COLUMBUS—On Wednesday the Senate passed legislation, sponsored by State Senator Bob Hackett (R-London), to create an incentive for businesses to attain a higher level of cybersecurity through voluntary action, creating better protection for their customer information
“Senate Bill 220 will improve Ohio’s business climate while better protecting all Ohioans,” said Senator Hackett. “Passage of this legislation will lead Ohio businesses to focus on cyber protections and to invest more resources the right way – following comprehensive best practices and industry-specific frameworks.”
To provide guidance to businesses, Senate Bill 220 provides different industry-recognized cybersecurity frameworks which a business can follow when creating its own cybersecurity program. In order to receive the benefit of the safe harbor, a business must create its own cybersecurity program.
The legislation would also provide an affirmative defense to a lawsuit which alleges a data breach that was caused by a business' failure to implement reasonable information security controls.
Businesses are only required to incorporate one of the frameworks into the business’ cybersecurity program. Further, businesses are free to choose whichever framework best fits their information security controls.
Senate Bill 220 will now go to the Ohio House for further consideration.
“Senate Bill 220 will improve Ohio’s business climate while better protecting all Ohioans,” said Senator Hackett. “Passage of this legislation will lead Ohio businesses to focus on cyber protections and to invest more resources the right way – following comprehensive best practices and industry-specific frameworks.”
To provide guidance to businesses, Senate Bill 220 provides different industry-recognized cybersecurity frameworks which a business can follow when creating its own cybersecurity program. In order to receive the benefit of the safe harbor, a business must create its own cybersecurity program.
The legislation would also provide an affirmative defense to a lawsuit which alleges a data breach that was caused by a business' failure to implement reasonable information security controls.
Businesses are only required to incorporate one of the frameworks into the business’ cybersecurity program. Further, businesses are free to choose whichever framework best fits their information security controls.
Senate Bill 220 will now go to the Ohio House for further consideration.