Skip to content

Utah’s New Data Breach Safe Harbor Law: What It Means and What’s to Come

Download the privacy alert

Why This Privacy Law is Important:

Data breach safe harbors are designed to encourage businesses to follow good cybersecurity practices. However, individuals and the plaintiff’s bar will continue to pursue breach litigation. The primary effect of this legislation will be to shift the focus of negligence claims from security to data retention practices. Data breach safe harbors are a relatively new phenomenon, and thus far exist in just Ohio and Utah. However, they appear to be gathering momentum. In fact, Connecticut’s legislature is currently considering legislation that essentially mirrors Ohio’s safe harbor law. This will increase the requirements for businesses to improve both their cybersecurity and data retention programs.


Under Utah’s recently passed Cyber Security Affirmative Defense Act, entities that create, maintain, and reasonably comply with a written cybersecurity program may use their compliance with their cybersecurity program as an affirmative defense to data breach claims brought under state law.

Download the Privacy Alert to the right to get the full text and expert analysis!