Most people do not regard their cybersecurity and privacy documentation as a proactive security measure.
On the contrary, many oftentimes view documentation as a passive effort that offers little protection to a company, generally an afterthought that must be addressed to appease compliance efforts.
Where documentation may get some much-needed attention is through Ohio’s recent passing of the Ohio Data Protection Act (ODPA), legislation which supports the premise of properly scoped cybersecurity and privacy documentation being used as an offensive tool to reduce risk. This article covers the real-world, strategic advantage of what good cybersecurity and privacy documentation can offer.
The ODPA brings a novel approach to data protection laws in the United States.
Unlike earlier Oregon and Massachusetts state data protection laws that contain checklists of mandatory requirements, Ohio passed a law that (1) does not create a minimum set of cybersecurity requirements and (2) is optional for businesses to follow.