As cybersecurity challenges continue to evolve, many government agencies have responded by passing laws to protect consumers and their information. In the last 12 months, the state of Ohio has implemented two new rules that pertain to data protection. The hope is that laws like these will help to create a rising tide of regulation, lifting all boats in the data security sea.
Ohio’s Data Protection Act, or Senate Bill 220, went into effect in November 2018. Although it’s only voluntary, it urges businesses to implement robust cybersecurity policies that proactively protect customer data. As the law states, “Strong policies and definitive actions by businesses will help save customers from the expense, embarrassment, and harm caused by having their personal information stolen by cybercriminals.”
Ohio’s Senate Bill 273, which went into effect in March 2019, addresses cybersecurity for the insurance industry. The law requires insurance companies based in the state to deploy specific IT programs that safeguard the private information of both businesses and individuals. Ohio joins South Carolina as the second state to adopt a version of MDL-668, an Insurance Data Security Model Law drafted by the National Association of Insurance Commissioners to address high-profile data breaches in the industry.
Similar to the way that the European Union’s General Data Protection Regulation (GDPR) increased transparency around data security, IT experts hope that Ohio’s two new laws will strengthen the cybersecurity standard in the United States. In particular, Senate Bill 273 comes with strong enforcement measures for investigating data breaches and transparently reporting on the results.
Why do these new laws matter? According to Fortune magazine, 25 of the largest businesses in the world are based in Ohio, including the corporate headquarters of many insurance companies. Because they typically operate in several states, new rules about data protection in Ohio should lead to increased security in other states, as well.
In addition, the U.S. Small Business Administration estimates that nearly one million small businesses call Ohio home. Between Senate Bill 273 and the state’s Data Protection Act, those businesses will be compelled to act to better protect the information of their clients and customers.
What does this mean if your business is based in Ohio? Licensed insurance companies have one year to comply with Senate Bill 273—and six months have already passed since its enactment. If you operate in the insurance industry and aren’t sure about your company’s adherence to new cybersecurity requirements, contact a trusted IT provider like CMIT Solutions today.
What does this mean if your business IS NOT based in Ohio? New cybersecurity regulations in one place only strengthen the baseline standard in others. Businesses that take privacy-related threats seriously now will be in a better position to thrive in the future, no matter what laws apply in what municipalities.
For now, consider these basic strategies as you work toward data security for your business:
1. Partner with a trusted IT provider to audit your current data privacy system.
The best way to understand where your company stands now is to conduct an accurate assessment of current processes and policies. By doing so, you can identify high-risk areas that may require immediate action and develop more long-term strategies to implement over time.
2. Train and educate your employees on cybersecurity.
Your staff members can act as your first line of defense when it comes to data protection. Anyone who handles data can be empowered to enhance security and help the company comply with new privacy requirements.
3. Implement solutions that will strengthen data privacy.
The number of tools available to businesses is endless—but multi-layered defenses have become the norm as hackers evolve their methods of attack. Consider data encryption, strong firewalls, anti-malware and anti-spam software, network management, proactive monitoring, email archiving, and regular data backup as must-haves for any modern business.
4. Work with third-party providers who take data security seriously.
This includes email service providers, customer relationship management software, and outside agencies that assist your company with its data. Similar to the way that HIPAA rules instituted in 2013 have had a ripple effect across multiple industries, data breaches suffered by one company can have adverse impacts on its business associates.
5. Use compliance as a selling point.
The average American consumer may not know much about data privacy laws. But in this digital day and age, when everyone is concerned about the security of their information, demonstrating that your company adheres to stringent regulations can be a major competitive advantage. Once an IT provider helps your company solidify its cybersecurity protections, don’t be afraid to use those advances as a selling point.
No matter where your business is based or what state in which it operates, regular advances in data security are becoming the norm. If you need help protecting your information and that of your customers, contact CMIT Solutions today. We take cybersecurity seriously, keeping track of new regulations so that their impacts can benefit your business.