Bill Text: IA SF2252 | 2019-2020 | 88th General Assembly | Introduced
Bill Title: A bill for an act providing for an affirmative defense to certain claims relating to personal information security breach protection. (Formerly SF 2073.)
Spectrum: Committee Bill
Status: (Introduced - Dead) 2020-02-13 - Committee report, approving bill. S.J. 309. [SF2252 Detail]
Download: Iowa-2019-SF2252-Introduced.html
Senate
File
2252
-
Introduced
SENATE
FILE
2252
BY
COMMITTEE
ON
JUDICIARY
(SUCCESSOR
TO
SF
2073)
A
BILL
FOR
An
Act
providing
for
an
affirmative
defense
to
certain
claims
1
relating
to
personal
information
security
breach
protection.
2
BE
IT
ENACTED
BY
THE
GENERAL
ASSEMBLY
OF
THE
STATE
OF
IOWA:
3
TLSB
5597SV
(1)
88
ja/rn
S.F.
2252
Section
1.
Section
715C.2,
subsection
9,
paragraph
a,
Code
1
2020,
is
amended
to
read
as
follows:
2
a.
A
violation
of
this
chapter
section
is
an
unlawful
3
practice
pursuant
to
section
714.16
and,
in
addition
to
the
4
remedies
provided
to
the
attorney
general
pursuant
to
section
5
714.16,
subsection
7
,
the
attorney
general
may
seek
and
obtain
6
an
order
that
a
party
held
to
violate
this
section
pay
damages
7
to
the
attorney
general
on
behalf
of
a
person
injured
by
the
8
violation.
9
Sec.
2.
NEW
SECTION
.
715C.3
Affirmative
defense
for
10
implementation
of
cyber
security
program.
11
1.
It
is
an
affirmative
defense
to
any
claim
or
action
12
alleging
that
a
person’s
failure
to
implement
reasonable
13
security
measures
resulted
in
a
breach
of
security,
that
the
14
person
established,
maintained,
and
complied
with
a
written
15
cyber
security
program
that
conforms
to
current
and
accepted
16
industry
standards
regarding
cyber
security
and
personal
17
information
security
breach
protection,
including
the
national
18
institute
of
standards
and
technology’s
framework
for
improving
19
critical
infrastructure
cyber
security.
20
2.
An
affirmative
defense
under
this
section
shall
be
21
established
by
a
preponderance
of
the
evidence.
22
3.
This
section
shall
not
be
construed
to
create
a
private
23
right
of
action
with
respect
to
a
breach
of
security.
24
EXPLANATION
25
The
inclusion
of
this
explanation
does
not
constitute
agreement
with
26
the
explanation’s
substance
by
the
members
of
the
general
assembly.
27
This
bill
establishes
an
affirmative
defense
to
any
claim
28
or
action
alleging
that
a
person’s
failure
to
implement
29
security
measures
resulted
in
a
breach
of
security
that
the
30
person
established,
maintained,
and
complied
with
a
cyber
31
security
program
that
conforms
to
current
and
accepted
industry
32
standards
regarding
cyber
security,
including
the
national
33
institute
of
standards
and
technology’s
framework
for
improving
34
critical
infrastructure
cyber
security.
35
-1-
LSB
5597SV
(1)
88
ja/rn
1/
2
S.F.
2252
The
bill
provides
that
an
affirmative
defense
under
the
bill
1
shall
be
established
by
a
preponderance
of
the
evidence.
The
2
bill
also
provides
that
it
shall
not
be
construed
to
create
a
3
private
right
of
action
with
respect
to
personal
information
4
security
breaches.
5
-2-
LSB
5597SV
(1)
88
ja/rn
2/
2
