This year, the Iowa legislature turned its attention to a variety of cyber security issues including Senate File 262, a new Iowa privacy law, joining California, Colorado, Connecticut, Utah, and Virginia to broadly protect consumer data. In addition to this broader law, the Iowa legislature amended Iowa Code 554G.1 to include affirmative defenses in claims relating to data breaches.

When hackers attack, there are always multiple concerns for your business - operations, keeping your data intact, customer access, publicity, reputational damage, and more. While the new statute won’t help with the immediate chaos triggered by a ransomware attack, it can help down the road in the case of a customer lawsuit involving lost or compromised data. An affirmative defense allows you to say you did your best and should not be held liable.

While an affirmative defense can be incredibly useful, the downside of any codified affirmative defense is that in many instances, it could be used to argue about a standard for what your cybersecurity program should look like. This is especially true in cyber law As we have seen nationally, the laws rarely keep pace with the industry, sending courts non-codified standards in various cases. Failure to meet those unspecified standards can sometimes be used as an indication of liability.

Written Cybersecurity Programs

Section 554.G.2 states that to utilize an affirmative defense, the business “shall create, maintain and comply with a written...

Read Full Story: https://news.google.com/rss/articles/CBMihQFodHRwczovL3d3dy5kZW50b25zLmNvbS9l...