Last November, Taft’s Scot Ganow and Bill Wagner wrote on Ohio first-of-its kind state legislation which would provide companies a safe harbor from some litigation resulting from a data breach. This month, Governor John Kasich signed the Ohio Senate Bill 220, also known as the Ohio Data Protection Act, into law. The law goes into effect in December, and is aimed at providing Ohio businesses with special protection from litigation in the event of a security incident or … Read More
Here are three takeaways for your business from the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure signed on May 11, 2017.
1. Incorporate the NIST Cybersecurity Framework into your business.
The Executive Order requires federal agencies to use the well-established NIST Cybersecurity Framework to fulfill their mission to protect federal networks and critical infrastructure and to appropriately plan for and procure cybersecurity training, products, and services for the future.
As background, the Framework was … Read More
The Department of Justice Cybersecurity Unit recently issued its “best practices” for cybersecurity incidents, while the SEC recently circulated a cybersecurity “guidance update.” These publications recommend that companies institute certain policies and procedures for cybersecurity based on each agency’s experience in the area.
The agencies’ suggestions are good ones. More importantly, like NIST’s Cybersecurity Framework, such recommendations may become de facto standards that regulators, courts, and juries look to when they assess whether your company’s … Read More