Ohio Code 3965.08 – Affirmative defense
(A) A licensee that satisfies the provisions of this chapter shall be entitled to an affirmative defense to any cause of action sounding in tort that is brought under the laws of this state or in the courts of this state and that alleges that the failure to implement reasonable information security controls resulted in a data breach concerning nonpublic information.
Terms Used In Ohio Code 3965.08
- Licensee: includes an insurer. See Ohio Code 3965.01
- Nonpublic information: means information that is not publicly available information and is one of the following:
(1) Business-related information of a licensee the tampering with, unauthorized disclosure of, access to, or use of which, would cause a material adverse impact to the business, operation, or security of the licensee;
(2) Information concerning a consumer that because of the name, number, personal mark, or other identifier contained in the information can be used to identify that consumer in combination with any one or more of the following data elements:
(a) Social security number;
(b) Driver's license, commercial driver's license, or state identification card number;
(c) Account, credit card, or debit card number;
(d) Any security code, access code, or password that would permit access to the consumer's financial account;
(e) Biometric records. See Ohio Code 3965.01
- state: means the state of Ohio. See Ohio Code 1.59
- Tort: A civil wrong or breach of a duty to another person, as outlined by law. A very common tort is negligent operation of a motor vehicle that results in property damage and personal injury in an automobile accident.
(B) The affirmative defenses permitted under this section shall not limit any other affirmative defenses available to a licensee.