SB 220 - Limits Data Breach Liability in Certain Circumstances - Ohio Key Vote
John Rogers voted Yea (Passage With Amendment) on this Legislation.
Timeline
- Became Law Without Governor's Signature
- Nov. 2, 2018
- House Bill Passed
- June 27, 2018
- Senate Bill Passed
- May 16, 2018
- Introduced
- Oct. 17, 2017
Related Issues
Stage Details
Title: Limits Data Breach Liability in Certain Circumstances
Title: Limits Data Breach Liability in Certain Circumstances
Vote Smart's Synopsis:
Vote to pass a bill with an amendment that authorizes the use of the Blockchain to record all transactions that take place in Bitcoin or other cryptocurrency systems.
Highlights:
-
Authorizes transactions, records, and contracts to be tracked and recorded by Blockchain, a database that keeps track of all money transfers made on a cryptocurrency site such as Bitcoin (Sec. 2).
-
Specifies that if a business is sued because it encountered a data breach, it has an affirmative defense against the claim if it implements a cybersecurity program within 1 year that complies with an industry-recognized framework (Sec. 1).
-
Prohibits an individual from suing a company solely for failing to implement a cybersecurity program, unless another law authorizes the individual to do so (Sec. 1).
-
Requires a business to show in writing that the program complies with the National Institute of Standards and Technology (NIST) or one of several other industry recognized frameworks (Sec. 1).
-
Amends provisions to clarify that the current version of the Payment Card Industry (PCI) Data Security Standard is also considered an industry-recognized framework for purposes of this bill (Sec. 1).
-
Specifies that a "data breach" does not include the acquisition of information for employment background checks or for searches authorized by a warrant, the court, or other regulatory state agency (Sec. 1).
-
Specifies that this bill does not impose any sort of minimum cybersecurity standard, nor does it impose liability on companies that don’t obtain practices in compliance with the bill (Sec. 3).
Title: Limits Data Breach Liability in Certain Circumstances
Vote Smart's Synopsis:
Vote to pass a bill that establishes a legal safe harbor against data breach lawsuits for companies that implement an industry-recognized cybersecurity framework.
Highlights:
-
Specifies that if a business is sued for a data breach, it has an affirmative defense against the claim if it implements a cybersecurity program that complies with an industry-recognized framework (Sec. 1).
-
Prohibits an individual from suing a company solely for failing to implement a cybersecurity program, unless another law authorizes the individual to do so (Sec. 1).
-
Requires a business to create a cybersecurity program within 1 year of a data breach and show in writing that the program complies with the National Institute of Standards and Technology (NIST) or one of several other industry recognized frameworks (Sec. 1).
-
Specifies that this bill does not impose any sort of minimum cybersecurity standard, nor does it impose liability on companies that don’t obtain practices in compliance with the bill (Sec. 1).
Title: Limits Data Breach Liability in Certain Circumstances