I didn’t notice this until the election coverage last night brought it bubbling up, but it appears that Ohio has created an affirmative legal defense for data breaches in cases where the company took the reasonable steps necessary to protect themselves.
Computer law badass Sharon Nelson has more detail and insight on this, but generally reaches the same conclusion I did:
About damn time.
Let me explain. No, there is too much. Let me sum up:
If you’re the sec person/on the sec team and you’re all
but then some attackers come at you like
and they’re really clever, so you go
then your users are all
but you show them this new law like
and the lawyers got your back, tellin users
so your company can be all