Data Protection Act

(Proposed) Ohio SB 220

formerly known as "Safe Harbor"

The Data Protection Act, formerly known as “Safe Harbor”, is designed to incentivize businesses, particularly small businesses, in defending themselves against a lawsuit alleging that a data breach was caused by the business’s failure to implement reasonable information security controls.

This Act outlines strategies to comply with reasonable cyber security defenses relevant to the size and scope of a business. Not a one-size-fits-all cyber defense but instead a cyber defense that associates with each unique business.

The result is that a business can protect their files, electronic data and computer networks using a proven cyber security program and do so at a minimum cost or possibly no cost to the organization.

XLN can guide you into compliance, which benefits your business, your customers and your reputation.


The aforementioned cyber security defenses will comply with:
NIST 800-171, NIST 800-53 & 800-53A, HIPAA, GLBA and/or FISMA.