A Potential Trend in the Making? Utah Becomes the Second State to Enact Data Breach Safe Harbor Law Incentivizing Companies to Maintain Robust Data Protection Programs
Today, the question is no longer a matter of “if,” but “when,” a company will fall victim to a successful security incident. Over the years, lawmakers have struggled with devising effective methods and incentives for companies to enhance their data protection programs without mandating one-size-fits-all requirements that undercut effective data security management.
Earlier this year, Utah enacted a new data security statute—the Utah Cybersecurity Affirmative Defense Act (“CADA”)—which accomplishes just that goal. With the CADA—the second law of its kind to be enacted in the United States—Utah businesses are now afforded a safe harbor against certain causes of action that commonly arise in data breach class action litigation where the entity maintains reasonable data protection measures to safeguard sensitive personal information at the time of the incident. From a broader perspective, the passage of the CADA may influence other states to follow Utah’s lead and enact similar laws of their own.
To read the full article, please click here.
“A Potential Trend in the Making? Utah Becomes the Second State to Enact Data Breach Safe Harbor Law Incentivizing Companies to Maintain Robust Data Protection Programs,” by David J. Oberly, was published in the ABA TIPS Cybersecurity & Data Privacy Committee Newsletter (Summer 2021). Reprinted with permission.