Nexigen: Your Partner in Ohio Data Protection Compliance Reading time: 12 mins
If you’re collaborating with an IT service provider like Nexigen, rest assured that you don’t need to be an expert in current data protection regulations—we’ve got that covered for you. However, it’s crucial to understand the requirements of Ohio’s Safe Harbor Act to ensure that your cyber security insurance contract aligns with “reasonable” cyber security controls.
Back in 2018, the State of Ohio introduced the Ohio Data Protection Act (SB 220), also known as the Safe Harbor Act, which mandates businesses to establish and maintain “reasonable” cyber security controls. Utah and Connecticut followed suit in 2021.
The primary aim of this act is to safeguard the security and integrity of personal information against potential threats and unauthorized access, which could lead to identity theft.
Tech Beacon highlights that the law’s protections are specifically limited to certain types of tort claims. Even businesses with robust cyber security programs may remain susceptible to statutory violations such as data breach notification requirements or contract-based claims.
According to Tech Republic, the law allows businesses to choose a suitable framework based on their unique needs.
The Ohio law requires cyber security programs to be adequate considering factors like available resources, business size and complexity, nature of activities, sensitivity of information, and tools’ cost and availability to enhance security.