To limit the data-breach liability of individuals, institutions and organizations that maintain or access personal information about others if they “established, maintained, and reasonably complied with a written cybersecurity program that contains administrative, technical, and physical safeguards” as described in the bill. The bill would establish as the “strong policy of this state” to “incentivize conformance to a recognized cybersecurity standard or framework”.   Official Text and Analysis.

With the recommendation that the substitute (S-1) be adopted and that the bill then pass.