Senate Bill 220: Data Protection Act Testimony
Timothy M. Opsitnick
Technology Concepts & Design, Inc. (TCDI)
January 10, 2018
Chairman Coley and members of the Ohio Senate Government Oversight & Reform Committee, my name is Tim Opsitnick. I am the Executive Vice President & General Counsel at Technology Concepts & Design, Inc. (TCDI), a company that provides cybersecurity, data privacy, computer forensics, electronic discovery and litigation management services. My practice focuses on the investigation of data incidents and cybersecurity services. I founded a company almost twenty years ago that was recently acquired by TCDI. For thirty years, TCDI has been a leader in the marketplace, providing value to our clients through proprietary eDiscovery and litigation management software. To that end, the collection of litigation related data has encouraged TCDI to be a leader in the protection of its client data. I am proudly based in Cleveland, Ohio and I also serve on the Attorney General’s CyberOhio Advisory Board, a group composed of state industry experts and business leaders aimed at helping Ohio’s businesses fight back against cyber-attacks.
Thank you for the opportunity to provide testimony in favor of Senate Bill 220 (SB 220) on behalf of members of the Greater Cleveland Partnership (GCP) and its small business division, the Council of Smaller Enterprises (COSE). Our organization represents the most comprehensive small, middle market, and large business organizations in the state with more than 8,500 business members in Northeast Ohio.
GCP member companies have increasingly identified cybersecurity as an emerging issue and significant challenge. Over the course of the last several months, we have had encouraging dialogue, resulting in the introduction of this legislation and ultimately the organization’s support for SB 220.
We strongly support providing a legal safe harbor opportunity for covered entities that implement a specified cybersecurity program because the legislation provides an incentive to encourage businesses to achieve a higher level of cybersecurity through voluntary action. The purpose of SB 220 is to create an affirmative defense to a cause of action sounding in tort related to a data breach and it would apply to all businesses that include and comply with certain cybersecurity frameworks. The bill, also known as the Data Protection Act, is not a mandate and it would not create a minimum cybersecurity standard.
As you know, the use of technology to conduct business efficiently in the marketplace is practically unavoidable. Unfortunately, the technology we use daily is vulnerable and can be hacked. Accordingly, the consequences can have a rippling effect and can be devastating for a business of any size, in any industry – particularly for small businesses. SB 220 is a sound initiative that encourages more businesses to properly protect their business ventures, their workforce, and those with whom they do business.
The GCP will continue to proactively engage our members and the legislature on this constantly changing threat to help foster a stronger business environment in the region and beyond. Swift passage of this common-sense legislation is a worthy goal and the Greater Cleveland Partnership looks forward to playing a role in the process by educating stakeholders on the importance of this initiative.
I appreciate the opportunity to provide the perspective of our membership and I am available to answer any questions that you may have.