The Ohio Legislature recently passed an innovative cybersecurity law that provides an important opportunity for companies doing business in the state. The Ohio Data Protection Act (ODPA) (S.B. 220) grants an affirmative defense against data breach tort claims to those businesses that bring their cybersecurity frameworks up to an industry standard. Other states’ cybersecurity laws focus on requirements or penalties. The Ohio statute uses an affirmative defense to incentivize companies to improve their cybersecurity practices.

There are many open questions about this first-of-its-kind law. Are the industry standards it identifies sufficiently protective? Will the new affirmative defense actually convince companies to enhance their cybersecurity programs? How can businesses qualify for the affirmative defense? How will the ODPA affect data breach tort litigation in the state?

The Ohio State University Moritz College of Law Program on Data and Governance and the Cleveland-Marshall College of Law Center for Cybersecurity and Privacy Protection recently published an in-depth analysis of the ODPA ( They are hosting an event at which expert legal practitioners and cybersecurity professionals—including some of the architects of the legislation—will explore the history and components of the ODPA, how businesses can obtain the affirmative defense, and the Act’s practical and policy implications.

Refreshments provided.

CLE Pending: 2.0 Hours

This event is made possible with generous support from Microsoft