Review this exciting guide to some of the recent content additions to Practical Guidance, designed to help you find the tools and insights you need to work more efficiently and effectively. Practical Guidance...
By: Romaine Marshall and Jennifer Bauer , Polsinelli PC This article addresses the broad scope of artificial intelligence (AI) laws in the United States that focus on mitigating risk, and discusses the...
By: Bijan Ghom , Saxton & Stump This article addresses existing deepfake technology and covers topics such as the available platforms to both create and detect deepfakes and the best practices for...
By: Ellen M. Taylor , SLOAN SAKAI YEUNG & WONG LLP THIS ARTICLE ADDRESSES THE BROAD SCOPE OF artificial intelligence (AI) laws in the United States that focus on mitigating risk. AI-driven employment...
By: Jessica Bishop and Sarah Stothart , GOODMANS LLP This checklist provides an overview of key legal considerations attorneys should review when advising clients on negotiating and drafting contracts...
Copyright © 2025 LexisNexis and/or its Licensors.
By: Chad Perlov - LEXIS PRACTICE ADVISOR
THIS ARTICLE DISCUSSES THE OHIO DATA PROTECTION Act’s (ODPA) new legal safe harbor against data breach claims and how to comply with the requirements set out in the statute. Effective November 2, 2018, businesses and nonprofit entities that create and maintain a cybersecurity program in accordance with the ODPA’s requirements can assert their compliance as an affirmative defense to any tort action brought in Ohio alleging that the failure to implement reasonable information security controls caused a data breach.1
Ohio is the first state to incentivize entities to adopt strong cybersecurity practices, rather than punish them for failing to adhere to a specific regulatory framework.2 Entities are eligible for the safe harbor if they create, maintain, and comply with a cybersecurity program that, among other things, reasonably conforms to one of the industry-recognized cybersecurity frameworks listed in the OPDA.
The ODPA applies to any business that accesses, maintains, communicates, or processes personal information or restricted information in or through one or more systems, networks, or services located in or outside of Ohio (covered entity).3
To read the full practice note in Lexis Practice Advisor, follow this link.
Chad Perlov is a Content Manager for Lexis Practice Advisor® in the Data Security & Privacy and Intellectual Property & Technology practice areas, specializing in technology transactions, data privacy, e-commerce, and IP/IT in corporate transactions. In his legal career, Chad served as general counsel for a multinational software development and IT solutions company. He has also practiced at large law firms in New York and Sydney, as well as in-house at a well-known manufacturer of household cleaning products. Chad earned his JD from the University of Colorado School of Law, where he was a member of the Colorado Law Review and a research assistant. He is admitted to practice in New York and Colorado.
For a detailed discussion on preparing data breach avoidance and response plans, see
> DATA BREACH PLANNING AND MANAGEMENT
> Data Security & Privacy > Data Breaches > Planning > Practice Notes
For guidance on preparing plans for avoidance of a data breach and how to respond in the event of a breach, see
> DATA BREACH AVOIDANCE AND RESPONSE PLAN CHECKLIST
> Data Security & Privacy > Data Breaches > Planning > Checklists
For assistance in creating a cybersecurity resilience implementation plan, see
> CYBERSECURITY RESILIENCE IMPLEMENTATION PLAN
> Data Security & Privacy > Cybersecurity Risk Management > Forms
For an example of an internal information security plan, see
> WRITTEN INFORMATION SECURITY PLAN
1. Ohio Rev. Code Ann. § 1354.02. 2. Press Release, Ohio Attorney General, Data Protection Act Will Incentivize Cybersecurity to Protect Customer Data (Nov. 3, 2017), available at https://www.ohioattorneygeneral.gov/Media/News-Releases/November-2017/Data-Protection-Act-Will-Incentivize-Cybersecurity. 3.Ohio Rev. Code Ann. § 1354.01(B).