HIPAA Blog

[ Tuesday, April 13, 2021 ]

Leglslation and regulations generally require certain behaviors; the threat of fines, jail time, and lawsuits are often enough to spur compliance. But sometimes, in order to obtain specific behavior over and above the minimum requriements, legislatures will give benefits in addition to penalties, adding a carrot along with the stick.

Utah has just done so with regard to companies that suffer a data breach. If the data holder creates, maintains, and complies with a reasonable cybersecurity program, including safeguards in a framework at an appropriate scale for the data holder, that can serve as a defense for a suit relating to a data breach.

Utah and Ohio now have such laws; I'd expect a few states (particularly red ones) to adopt similar legislation in the coming years.

Jeff [7:57 AM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template