Goering Center opens voting for ‘Rising Leader’
Wed, July 10, 2019
Article has no nextliveshere tags assigned
Article has no topics tags assigned
Article has no colleges tags assigned
Description is empty
Article has no audiences tags assigned
Article has no units tags assigned
Contacts are empty
These messages will display in edit mode only.
By R. David Weber, Esq.
Recent high-profile cybersecurity breaches at some of the world’s largest companies, such as Equifax, Facebook and Marriott International, have highlighted the dangers posed by cyberbreaches to businesses and their customers. These mega-breaches have led to negative publicity, consumer backlash and class-action lawsuits totaling in the billions of dollars. The market has responded to this growing threat by spawning a cottage industry of data protection consultants and identity theft detection, protection and insurance products. Government is also racing to catch up with hackers by, until now, primarily passing laws that punish businesses for failing to adequately protect customer data. In late 2018, however, Ohio’s legislature took a different approach by passing a first-of-its-kind law that provides businesses incentives for bolstering cybersecurity.
The Ohio Data Protection Act (ODPA) became effective on Nov. 2, 2018. It provides sole proprietors, associations, for-profit business entities and non-profit business entities a safe harbor against legal claims resulting from data breaches. Compliance with the ODPA is completely voluntary. Businesses face no requirement to comply; however, those that do are rewarded with increased protection from lawsuits in the event that sensitive data is compromised.
For those businesses that choose to comply, the ODPA provides flexibility. To be protected, businesses must “create, maintain and comply with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of personal information and that reasonably conforms to” one of five industry-recognized cybersecurity frameworks:
In addition, businesses may also claim safe harbor protection if they maintain a written cybersecurity program as required by the ODPA and are regulated by and comply with certain other Ohio and/or federal privacy frameworks, including:
Finally, if a business processes payment cards, it may comply with the Payment Card Industry Data Security Standard to qualify for the safe harbor.
The major benefit to compliant businesses is a new affirmative defense to legal claims that flow from cybersecurity breaches. In the event of a data breach resulting in litigation, ODPA-compliant businesses can assert ODPA compliance as an affirmative defense to any claim resulting from such data breach, potentially saving businesses from the costs of court judgments and prolonged litigation. This allows businesses to use an established good practice — having a credible, written cybersecurity policy — as a shield against cyberbreach claims.
While legislation in other states has focused on punishing businesses that fail to protect customer data, the ODPA is the first state-level legislation that incentivizes businesses to bolster data security. Compliance is optional, however, businesses large and small would be well-served to consider its benefits. Those benefits include greater protection for sensitive customer information and, if a cyberbreach were to occur, an affirmative defense to potential legal claims.
About the Goering Center for Family & Private Business
Established in 1989, the Goering Center serves more than 400 member companies, making it North America’s largest university based educational non-profit center for family and private businesses. The Center’s mission is to nurture and educate family and private businesses to drive a vibrant economy. Affiliation with the Carl H. Lindner College of Business at the University of Cincinnati provides access to a vast resource of business programing and expertise. Goering Center members receive real-world insights that enlighten, strengthen and prolong family and private business success. For more information on the Center, participation and membership visit goering.uc.edu.