"Cyber safe harbor: What to know about Ohio's new data protection law"
Israel Arroyo Jr. spent 20 years in the Marine Corps working as a signals intelligence analyst supporting the National Security Agency. Today, he’s still running drills and “war games,” but now they’re for clients of his private business, Stealth Entry Cyber Security Solutions.
His experience allowed him to land the U.S. Department of Defense as his biggest customer, but he also works with small- and medium-size businesses that need help warding off hackers and understanding the risks of the ever-changing digital landscape.
Ohio’s new Data Protection Act, he says, will prompt some of those smaller companies to work harder to protect customer information, now that there’s a liability safe harbor for maintaining certain cybersecurity programs.
“Customers are worried. They are taking this act seriously and it is in their favor,” he said. “The difference between a big business and a small business is one breach. One breach can do so much damage to a small company that it puts them out of business. Your larger businesses – Amazon, Target, Home Depot – they can survive it.”
Senate Bill 220 was signed into law in August. According to the Ohio Attorney General’s Office, it provides an “affirmative defense” for companies that adhere to certain cybersecurity protocols – think frameworks or action plans. Those include the Health Insurance Portability and Accountability Act, the Payment Card Industry Standard and the National Institute of Standards and Technology.
Click here to read the full article, including Jim's quote, from Columbus Business First (subscription required)