Several dozen LexisNexis employees helped raise nearly $1200, including matching corporate funds, for a Canadian group whose mission is to bring disparate groups together via exposure to the arts. The...
Review this exciting guide to some of the recent content additions to Practical Guidance, designed to help you find the tools and insights you need to work more efficiently and effectively. Practical Guidance...
The following article is a summary of the full checklist , available to Practical Guidance subscribers by following this link . Not yet a Practical Guidance subscriber? Sign up for a free trial here. ...
The following article is a summary of the full practice note , available to Practical Guidance subscribers by following this link . Not yet a Practical Guidance subscriber? Sign up for a free trial here...
The following is a summary of an article by Tom Spiggle, The Spiggle Law Firm Summary of AI in Employment and Regulatory Frameworks Recent years have witnessed a significant transformation in how...
Copyright © 2025 LexisNexis and/or its Licensors.
By: Chad Perlov - LEXIS PRACTICE ADVISOR
THIS ARTICLE DISCUSSES THE OHIO DATA PROTECTION Act’s (ODPA) new legal safe harbor against data breach claims and how to comply with the requirements set out in the statute. Effective November 2, 2018, businesses and nonprofit entities that create and maintain a cybersecurity program in accordance with the ODPA’s requirements can assert their compliance as an affirmative defense to any tort action brought in Ohio alleging that the failure to implement reasonable information security controls caused a data breach.1
Ohio is the first state to incentivize entities to adopt strong cybersecurity practices, rather than punish them for failing to adhere to a specific regulatory framework.2 Entities are eligible for the safe harbor if they create, maintain, and comply with a cybersecurity program that, among other things, reasonably conforms to one of the industry-recognized cybersecurity frameworks listed in the OPDA.
The ODPA applies to any business that accesses, maintains, communicates, or processes personal information or restricted information in or through one or more systems, networks, or services located in or outside of Ohio (covered entity).3
To read the full practice note in Lexis Practice Advisor, follow this link.
Chad Perlov is a Content Manager for Lexis Practice Advisor® in the Data Security & Privacy and Intellectual Property & Technology practice areas, specializing in technology transactions, data privacy, e-commerce, and IP/IT in corporate transactions. In his legal career, Chad served as general counsel for a multinational software development and IT solutions company. He has also practiced at large law firms in New York and Sydney, as well as in-house at a well-known manufacturer of household cleaning products. Chad earned his JD from the University of Colorado School of Law, where he was a member of the Colorado Law Review and a research assistant. He is admitted to practice in New York and Colorado.
For a detailed discussion on preparing data breach avoidance and response plans, see
> DATA BREACH PLANNING AND MANAGEMENT
> Data Security & Privacy > Data Breaches > Planning > Practice Notes
For guidance on preparing plans for avoidance of a data breach and how to respond in the event of a breach, see
> DATA BREACH AVOIDANCE AND RESPONSE PLAN CHECKLIST
> Data Security & Privacy > Data Breaches > Planning > Checklists
For assistance in creating a cybersecurity resilience implementation plan, see
> CYBERSECURITY RESILIENCE IMPLEMENTATION PLAN
> Data Security & Privacy > Cybersecurity Risk Management > Forms
For an example of an internal information security plan, see
> WRITTEN INFORMATION SECURITY PLAN
1. Ohio Rev. Code Ann. § 1354.02. 2. Press Release, Ohio Attorney General, Data Protection Act Will Incentivize Cybersecurity to Protect Customer Data (Nov. 3, 2017), available at https://www.ohioattorneygeneral.gov/Media/News-Releases/November-2017/Data-Protection-Act-Will-Incentivize-Cybersecurity. 3.Ohio Rev. Code Ann. § 1354.01(B).
* The views expressed in externally authored materials linked or published on this site do not necessarily reflect the views of LexisNexis Legal & Professional.