To embed, copy and paste the code into your website or blog: In mid-March, Utah Governor Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80) (“the Act”), an amendment to Utah’s data breach notification law, creating several affirmative defenses for persons (defined below) facing a cause of action arising out of a breach of system security, and establishing the requirements for asserting such a defense. In short, the Act seeks to incentivize individuals, associations, corporations, and other entities (“persons”) to maintain reasonable safeguards to protect personal information by providing an affirmative defense in litigation flowing from a data breach. More specifically, a person that creates, maintains,