Wednesday August 8th, 2018 11:10 Affirmative security defense FTW

I didn’t notice this until the election coverage last night brought it bubbling up, but it appears that Ohio has created an affirmative legal defense for data breaches in cases where the company took the reasonable steps necessary to protect themselves.

Computer law badass Sharon Nelson has more detail and insight on this, but generally reaches the same conclusion I did:

About damn time.

Let me explain. No, there is too much. Let me sum up:

If you’re the sec person/on the sec team and you’re all

but then some attackers come at you like

and they’re really clever, so you go

then your users are all

but you show them this new law like

and the lawyers got your back, tellin users

so your company can be all

Los Commentos, as the French say

Your name

Your email

Your URL

Whois

IT guy, dev, designer, writer.

Got a degree in print journalism from UF but history dealt some bad cards to that industry, so I moved back to an earlier love: the computer.

Was recently at ZMOS Networks, but am now the Senior IT Associate at the Edna McConnell Clark Foundation.

My name is moderately common, as are a couple screen names, so always look for the logo to make sure you're reading something with official Km approval.

You can get to me directly with kyle(@)kylemitchell.org