Senate Bill (S.B.). 220, known as the Data Protection Act, was recently passed in the state of Ohio to incentivize businesses to attain a “higher level of cybersecurity” by maintaining a compliant cybersecurity program. If a firm is sued post data breach for not having information security controls in place, the firm can then state its compliance with the cybersecurity control as an affirmative defense.
S.B. 220 serves as a potent reminder for firms to implement robust cybersecurity to protect their information. Also, now is a great time to look at current cybersecurity plans and determine how to enhance them. Determine possible risk areas in your firm and make sure there is an appropriate IRP in place to help prepare. Compliance with industry standards provides immediate value to a firm in a myriad of ways from lower total IT expenditure, insulation against risk, preservation of the firm’s reputation, improved uptime, operational consistency, and more. If your firm is ready to make sure they have the proper measures in place, please reach out to firstname.lastname@example.org.