USA - Ohio
an individual, if the information is not encrypted, redacted, or altered by any method or technology in such a manner that the information is unreadable, and the breach of which is likely to result in a material risk of identity theft or other fraud to person or property.”[1] The concepts of both “personal information” and “restricted information’ are integral to the [1] Ohio Rev. Code, 1354.01(E)
foundation of the DPA in that, for a business to enjoy an affirmative defense under the DPA, the legal cause of action brought against the business seeking to employ the affirmative defense must allege a failure to implement reasonable information security controls resulted in a data breach concerning personal or restricted information.[2] Moreover, personal information is foundational to the affirmative defense in that the cybersecurity [2] Ohio Rev. Code, 1354.02(D)
https://www.mcdonaldhopkins.com/
Made with FlippingBook - PDF hosting