top of page

Ohio Data Protection Act

In 2018, Ohio enacted the its Data Protection Act under which companies can get safe harbor from tort claims by compiling with one of below cyber security programs:

1. The NIST Cybersecurity Framework.

2. NIST Special Publication 800-171, or 800-53 and 800-53a.

3. The FedRAMP Security Assessment Framework.

4. The CIS (Center for Internet Security) Controls.

5. ISO 27000 Security Management Standards

Businesses that have sites on which financial transactions can be made, must also comply with Payment Card Industry’s Data Security Standards (PCI-DSS). A safe harbor affirmative defense is also available to businesses that meet the security requirements of HIPAA, and the Gramm -Leach-Bliley Act.


bottom of page