Why safe harbor is the best way forward for data protection

Data breach notification regulations are now common in all 50 states, as well as the District of Columbia, Guam, Puerto Rico, and the Virgin Islands. States, on the other hand, continue to tweak these policies once they are in place. 22 states, for example, have submitted or are considering proposals to alter existing laws this year. 


Many of the changes focus on reducing the amount of time it takes to notify a breach, broadening who must report a breach, redefining what constitutes personal information, and requiring breaches to be reported to the state's attorney general or another agency. Some states are considering giving businesses incentives to improve their security by giving them an affirmative defense in civil lawsuits if acceptable security techniques were in place at the time of the data leak. It might be tough to persuade companies to take data privacy seriously. As a result, there is an incentive. Here's why using so-called safe harbor laws to incentivize data protection is the greatest way to improve cybersecurity. 

Safe harbor for meeting standards

Unlike states such as California and Colorado, which have taken a punitive approach, states that use the incentive method strive to encourage improved levels of cybersecurity by establishing a "safe harbor" from data breach litigation by imposing industry or government security standards.

Georgia, New Jersey, Illinois, and Connecticut are among the states contemplating affirmative defense legislation this year. Nevada voted down a bill that would have shielded businesses from liability for damages if they implemented specific security controls or standards. Meanwhile, in Utah, a bill establishing an affirmative defense was passed.
If the person had actual notice of a threat or hazard to the security, confidentiality, or integrity of personal information; if the person did not act in a reasonable amount of time to take known remedial efforts to protect the personal information against the threat or hazard; or if the threat or hazard resulted in a breach of system security, the act does not provide any affirmative defense. These omissions serve as a reminder that a cybersecurity program is not something that can be written and then forgotten about. They alerted businesses to the fact that cybersecurity initiatives are a risk management tool for a company.

The Cybersecurity Affirmative Defense Act (HB80) amends Utah's data breach notification statute by defining multiple affirmative defenses for persons facing a cause of action stemming from a breach of system security, as well as the standards for raising such a defense.

The act's principal goal is to encourage people, associations, corporations, and other entities to keep adequate precautions in place to protect personal information by offering an affirmative defense in data breach action. A individual who designs, maintains, and complies with a written cybersecurity program that was in place at the time of the intrusion will be rewarded.
Utah isn't the only state that has established an affirmative defense to data breach lawsuits. The Ohio Data Protection Act (SB 220) was enacted in 2018, giving a similar safe harbor for organizations who build and maintain "reasonable" cybersecurity protections.

To qualify for the defense, a business must implement written cybersecurity measures designed to protect the security and confidentiality of personal information, protect against any anticipated threats or hazards to the security or integrity of the personal information, and protect against any anticipated threats or hazards to the security or integrity of the personal information, according to a "client alert" published at the time the Ohio law was enacted.

Protections are good but limited

Even firms with effective cybersecurity programs are exposed to statutory violations, such as data breach reporting requirements, or claims based on contract, such as a business-vendor dispute, because the law's protections are significantly restricted in breadth.

The laws in New York are comparable to those in Utah and Ohio, except they are narrower. New York's Stop Hacks and Improve Electronic Data Security Act, which goes into effect in 2020, mandates that organizations that collect data maintain reasonable security, in accordance with applicable regulatory schemes like the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act, which requires financial institutions to explain their information-sharing practices to their customers.

All in on what works for data privacy protection

I'm all for using an affirmative defense approach if it drives corporations to act and adopt data privacy safeguards. Developing, maintaining, and adhering to a thorough data protection program is a vital risk management and legal compliance step they should take, and one that could help them avoid litigation in the event of a data breach.

Comments

Post a Comment

Popular posts from this blog

Man I Love Fortnite Top List

Image
  https://www.buymeacoffee.com/lowpricestshirt/milf-man-i-love-fortnite-shirt http://getpocket.com/@tshirtatlowprice/share/6561678 https://coldenthusiastdreamer.tumblr.com/post/658033745190928384/milf-man-i-love-fortnite-shirt https://linkhay.com/blog/176047/milf-man-i-love-fortnite-shirt https://www.linkedin.com/posts/thanh-xu%C3%A2n-nguy%E1%BB%85n-466261202_buy-yours-here1599-only-https-activity-6826440421602840576-osC7 https://www.buymeacoffee.com/lowpricestshirt/offical-milf-man-i-love-fortnite-shirt https://www.buymeacoffee.com/lowpricestshirt/milf-man-i-love-fortnite-shirt-gaming-lover https://www.buymeacoffee.com/lowpricestshirt/funny-milf-man-i-love-fortnite-shirt http://getpocket.com/@tshirtatlowprice/share/6562653 http://getpocket.com/@tshirtatlowprice/share/6562652 http://getpocket.com/@tshirtatlowprice/share/6562651 https://coldenthusiastdreamer.tumblr.com/post/658045020991062016/offical-milf-man-i-love-fortnite-shirt https://coldenthusiastdreamer.tumblr.com/post/6580450525
Read more

Where to buy Deez Nuts Sold Here T Shirt?

https://influence.co/tshirtatlowprice/60c47ab96a7c25298e1c482d/activities/610b05dcf41172451372a68d/activity https://www.buymeacoffee.com/lowpricestshirt/deez-nuts-sold-here-t-shirt-15-99-tshirt-low-price https://www.plurk.com/p/ohwd9c https://www.facebook.com/tshirtatlowprice/posts/300578561858212 https://twitter.com/tshirtlowprices/status/1423033760111464448 https://bit.ly/37iEGPx https://rebrand.ly/deez-nuts-sold-here-t-shirt https://mix.com/!YzA3ZDA5:deez-nuts-sold-here-t-shirt https://ko-fi.com/post/Deez-Nuts-Sold-Here-T-Shirt-at-Tshirt-at-Low-Price-G2G05KQRS https://www.gearbubble.com/deez-nuts-sold-here-t-shirt https://linkhay.com/blog/178150/deez-nuts-sold-here-t-shirt-at-tshirt-at-low-price-fast-delivery https://www.linkedin.com/posts/cuongtran2704_deez-nuts-sold-here-t-shirt-activity-6828803100535504896-2TmM/ https://getpocket.com/@tshirtatlowprice/share/6596549 https://tshirtatlowprice.tumblr.com/post/658625042993823744/only-1599 https://tshirtatlowprices.gumroad.com/p/buy-de
Read more
Image
  Top 10 Things Every New Dad Should Know 1. You'll have moments when you believe you've made a huge blunder. It's natural to wonder why you ever had a child in the first place every now and then. Allow yourself to mourn your pre-parenthood life from time to time, and forgive yourself for these moments of self-doubt. These are fleeting occasions. 2. Babies + Travel = Not the disaster you might expect. Most people are apprehensive about flying with an infant, but this is the best time to go. At three months old, all they need is a bottle or boob to keep them entertained. They have few needs and even fewer opinions, so the difference between Cozumel and Cleveland is insignificant (to them). Go get a tan while you still can.  3. Purchase a cordless, rechargeable hand vacuum. You'll be spending a lot of time getting things off the floor. Initially, it will be a variety of bodily fluids, but before long, you will be dealing with everything from Cheerios to banana slices. L
Read more