Nov 12


Ohio’s Data Protection Act, Why It Matters

In 2017, 61% of small businesses experienced a cyberattack and small- to mid-size businesses spent an average of $1 million as a result of the damage done from cyberattacks. Ohio’s Data Protection Act was conceived in response to cyber threats on businesses and was introduced as a result of GCP volunteer leadership and Ohio Attorney General Mike DeWine’s CyberOhio initiative.

Launched in 2016, the goal of CyberOhio is to help foster a legal, technical and collaborative cybersecurity environment to help Ohio businesses thrive. The Data Protection Act was signed into law in August 2018 (effective November 2, 2018) and it encourages businesses to voluntarily adopt strong cybersecurity practices to protect consumer data. In addition, it specifies industry-recognized security frameworks for business owners in Ohio to incorporate into their cybersecurity policies. 

With effective protections against this type of business-related crisis, customers can be spared the expense, embarrassment and harm caused by having their information compromised.  An incentive to businesses owners who establish a cybersecurity program that meets one of the act’s requirements is that the business is eligible to use the affirmative defense in the event of a lawsuit filed due to a data breach.  And, the initiative is inherently flexible. Under this act, a cybersecurity program is scalable to each business based on: size, complexity, nature, cost, and resources.

Lastly, and importantly, language was included that generally states:  
• "A record or contract that is secured through blockchain technology is considered to be … an electronic record.”
• “A signature that is secured through blockchain technology is considered to be … an electronic signature.”

Learn more about the Data Protection Act, why the GCP led the way in support of it, and how it could help safeguard your business.