Civil Actions - Affirmative Defenses - Business Data Breaches
Impact
The impact of SB973 on state laws is significant. It establishes legal guidelines for businesses in the context of data breaches, explicitly allowing them to defend against liability claims if they can demonstrate that they had implemented an appropriate cybersecurity program. This move aims to encourage businesses to adopt better data protection practices, potentially reducing incidents of identity theft and other cyber crimes.
Summary
Senate Bill 973, titled 'Civil Actions - Affirmative Defenses - Business Data Breaches', seeks to provide business entities with an affirmative defense against civil claims arising from data breaches. The bill defines a 'covered entity' as both for-profit and nonprofit businesses that handle personal information or restricted information. If a data breach occurs, a covered entity can assert this affirmative defense provided they maintain a compliant cybersecurity program at the time of the breach.
Contention
Notably, the bill does not create a private right of action for individuals who suffer from data breaches, which has raised concerns among consumer advocacy groups. Critics argue that without the ability for individuals to hold businesses accountable, there might be less incentive for these entities to invest in robust cybersecurity measures. This aspect of the bill may lead to a significant legal debate about the balance between protecting business interests and safeguarding consumer rights.
A bill for an act relating to affirmative defenses for entities using cybersecurity programs and electronic transactions recorded by blockchain technology.(See SF 495.)