Hackett Bill Aimed at Incentivizing Increased Cybersecurity for Businesses Signed by Governor
COLUMBUS—The Governor today signed Senate Bill 220, sponsored State Senator Bob Hackett
(R-London), to create an incentive for businesses to attain a higher level of cybersecurity through voluntary action, creating better protection for their customer information.
“Senate Bill 220 will improve Ohio’s business climate while better protecting all Ohioans,” said Hackett. “I am pleased to see this important piece of legislation was signed into law today to help lead Ohio businesses to focus on cyber protections and to invest more resources the right way – following comprehensive best practices and industry-specific frameworks.”
To provide guidance to businesses, Senate Bill 220 provides different industry-recognized cybersecurity frameworks which a business can follow when creating its own cybersecurity program. In order to receive the benefit of the safe harbor, a business must create its own cybersecurity program.
The legislation provides an affirmative defense to a lawsuit which alleges a data breach that was caused by a business' failure to implement reasonable information security controls.
Businesses are only required to incorporate one of the frameworks into the business’ cybersecurity program. Further, businesses are free to choose whichever framework best fits their information security controls.