Amber Thomson, Liisa Thomas, Elfin Noce, and Kari Rollins of SheppardMullin write:
Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do business in Ohio and goes into effect today, March 20, 2019 (the first day of Spring). Companies have, under the law, a year to put the security measures into place. The law, like the NAIC model, requires insurance providers to take several steps to protect personal information, including conducting risk assessments and having a written information security program and incident response plan.
Read more on Eye on Privacy.