The prospects for and the effect of a comprehensive federal data privacy act remain uncertain. There are no indications that any comprehensive federal data privacy act will be considered by Congress this year, and questions and debates remain around whether federal privacy law will preempt state legislation or whether it will function as a minimum
utah
Utah Considers a Cybersecurity Safe Harbor as Ransomware Runs Riot
Last year the FTC mandated what an organization’s written cybersecurity program should include to avoid being deemed “unfair and deceptive” to consumers,[1] and this year California consumers whose personal information is compromised may file lawsuits against organizations that failed to implement “reasonable security.”[2]
But several states provide legal safe harbors to organizations with written cybersecurity programs. Now, Utah is considering joining them. Under House Bill 158, referred to as the Cybersecurity Affirmative Defense Act (the “Proposed Act”),[3] if at the time of a data breach a covered entity has created, maintained, and complied with a written cybersecurity program it has an affirmative defense to a civil tort claim.
Continue Reading Utah Considers a Cybersecurity Safe Harbor as Ransomware Runs Riot