Cybersecurity » States Beginning to Legislate Cybersecurity

States Beginning to Legislate Cybersecurity

January 15, 2019

Ohio has become the first state to legislate incentives for corporate entities to develop and implement effective data privacy and cybersecurity procedures. As of November 1, 2018, an organization can claim an affirmative defense to a lawsuit that alleges a data breach was caused by failure to implement a cybersecurity framework if that organization has a cybersecurity program that reasonably complies with one of several industry-recognized cybersecurity frameworks, which are listed in the Act. California and Colorado now have cybersecurity legislation on the books. California’s is effective on January 1, 2020, and is similar to the Colorado law that went into effect last September. That law requires businesses and government agencies to maintain a written policy describing how they will dispose of personally identifiable information, notify consumers of a data breach within 30 days of the breach, and take reasonable steps to protect the PII it maintains. PII is defined broadly. It includes social security numbers, passwords, pass codes, driver’s license numbers, passport numbers, biometric data, and financial account numbers.

Read full article at:

Sign up for our free Daily Updates newsletter for the latest news and business legal developments.

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top