New data breach liability safe harbor passed in this state

There’s some good news. Businesses in one state have just received a new safe harbor to protect them from costly litigation if you get hit with a data breach.

That will help protect you (and your wallet) from lawsuits from customers – or even employees – asserting your company didn’t do enough to protect them from that compromise.

Even better: It may be the start of the trend. Here’s what you need to know.

When you’d be shielded from data breach liability

Utah’s recently-enacted Cybersecurity Affirmative Defense Act (HB80) shields companies from data breach litigation. That’s provided you were taking reasonable steps to safeguard personal info and react to threats.

A large part of that? Having a written cybersecurity plan … and following it!

Your response time counts, as well: If your organization were to take too long to respond to a threat, you’d lose your protection.

Even if you aren’t a Utah employer, your company could soon see something similar. The Beehive State is the second state to pass similar legislation.

Ohio passed a similar law in 2018,and Connecticut has one in the works. Stay tuned. We’ll keep you posted.

A cautionary tale

Data breaches are costly enough without the specter of legal action on top of it. The average cost of a data breach in 2020? $3.86 million.

Take a look at one incident that definitely would not have qualified for safe harbor protection. Back in 2019 one insurance provider discovered a breach of its servers from all the way back in 2010.

So where did things go wrong for this company?

Tech security experts pinpointed several places where things went off the rails. That way you can make sure the same won’t happen within your walls:

1. No regular security audits. Event logs wouldn’t likely have been kept for almost a decade, proving no regular monitoring for breaches occurred.
2. Systems not refreshed or upgraded. Nine years is longer than the usual life-cycle for hardware. That means no one had been updating things. Otherwise someone would have caught the breach long before then.