Iowa businesses have a great new bill to consider that can allow entities to avoid liability for data breaches if they can show that they have implemented reasonable cybersecurity measures.
Iowa House File 553 (HF553) is a bill that was introduced in the Iowa House of Representatives in March 2023. It was signed into law by Governor Kim Reynolds on May 3, 2023, effective July 1st. The bill establishes affirmative defenses for entities that use cybersecurity programs. These affirmative defenses would allow entities to avoid liability for data breaches if they can show that they had implemented reasonable cybersecurity measures.
The bill is intended to encourage entities to invest in cybersecurity measures by providing them with legal protection if they are hacked. The bill also aims to help protect consumers from the financial and other consequences of data breaches.
Here is a summary of the key provisions of HF553:
- Creates affirmative defenses for entities that use cybersecurity programs
- Defines “reasonable” cybersecurity program
- Requires entities to maintain documentation of their cybersecurity programs
HF553 is a significant piece of legislation that could have a major impact on cybersecurity in Iowa. The bill is expected to encourage entities to invest in cybersecurity measures and to help protect consumers from the consequences of data breaches.
At Bound Planet, we have strong familiarity with planning, implementing, and maintaining NIST SP 800-171, NIST SP 800-53, 800-53a, and the Center for Internet Security (CIS) Controls referenced within HF553. If you are an Iowa-based business looking for assistance in taking advantage of these new provisions, we would be happy to assist. Feel free to reach out for a free consultation!