In anticipation of the Utah State Legislature’s proposed Cybersecurity Affirmative Defense Act, Nexus IT CEO, Earl Foote, and VP of Business Relations, Travis Gunn, discussed the upcoming bill on the Park City Television platform. According to Earl Foote, if the bill passes, Utah businesses will have access to a type of “safe harbor” when it comes to cybersecurity and compliance liability, assuming that the business has been a good steward of the data that they store for employees and/or clients. Earl Foote and Travis Gunn provide an in-depth look at the bill in question, discussing the various advantages it would offer local businesses and how it would fit into the general landscape of cybersecurity laws in Utah.
In today’s increasingly digital world, data breaches are a frequent occurrence that can result in the exposure of business’ confidential information, whether it pertains to employees, clients, finances or other sensitive topics. The Utah Cybersecurity Affirmative Defense Act is designed to absolve businesses of the liability that they would face if data were exposed and the business was taken to court.
According to the bill, compliant businesses would follow what is called a “written information security program” — or WISP — to outline their cybersecurity measures and adhere to them in efforts to reduce cybersecurity risks. Earl Foote highlights that if this bill is passed, it will help Utah businesses continue to be top performers in the nation, and that the act is in line with a number of business-friendly practices in the state.
While the Cybersecurity Affirmative Defense Act and WISP may seem like a “get out of jail free” card for businesses to bypass liability, Earl Foote and Travis Gunn reiterate that in order for businesses to be absolved of their liability, they must first be “good stewards” of the data that they store. This means establishing a WISP plan each year and following it so that cybersecurity risks are kept as low as possible.
However, there are some situations in which the bill would not protect businesses — for example, the bill would not necessarily absolve businesses of their liability if they are taken to court on a federal level. The bill reinforces Utah’s 2006 Data Security and Personal Information Protection Act, which states that businesses that transact, process and store data must take steps to protect their data, or they can be held liable for negligence.
Since 1998, Nexus IT has been providing small-and-midsize businesses in Utah with top-tier managed IT, cloud support, compliance and cybersecurity services that surpass their competition. By staying up-to-date with proposed cybersecurity legislation like the Cybersecurity Affirmative Defense Act, Nexus IT can help your business stay on the cutting edge of your industry while limiting your liability in case of a data breach.
To learn more about how your business can stay compliant with industry regulations while enjoying superb IT services, connect with our friendly team at Nexus IT by calling (801) 839-7006 or filling out our quick contact form today. We can’t wait to get started!