This story originally appeared on Drata and was produced and distributed in partnership with Stacker Studio.
The status of new cybersecurity laws proposed in Utah
As employers in the private and public sectors adjust to the advent of flexible work over the last two years, they're simultaneously trying to protect their organizations from attackers looking to steal and sell data.
2021 was a year defined by significant cyberattacks that crippled infrastructure and shut down hospitals, schools, and municipal governments. It's the same year the Colonial Pipeline, which supplies gasoline to millions living in the Northeast U.S., was hobbled by a ransomware attack that triggered a gas panic and elevated prices for consumers.
And lawmakers were paying attention—passing dozens of laws in 2022 aimed at training workers, securing government agencies, and funneling money into cybersecurity education programs.
Drata compiled a list of new cybersecurity-related legislation in Utah through February 2023 based on data collected by the National Conference of State Legislatures.
States that passed the most cybersecurity legislation in the past year:
#1. Maryland - 8 laws enacted
#2. Florida - 4
#3 (tie). Virginia - 3
#3 (tie). Kentucky - 3
Utah new cybersecurity laws in 2022
- Bills enacted: 2
- Bills failed: 1
- Bills vetoed: 0
UT HB 280
- Description: Creates the Cybersecurity Commission to gather information and share best practices on cybersecurity, repeals the Data Security Management Council, creates the Cybersecurity Commission, directs the appointment of members to the commission, directs the commission to gather information about cybersecurity, authorizes the commission to share information it gathers with the governor, directs the commission to establish guidelines and best practices with respect to cybersecurity protections.
- Read more about the bill here
UT SB 15
- Description: Amends provisions relating to the Department of Government Operations, permits the Data Security Management Council to hold a closed meeting to conduct business relating to information technology security, modifies provisions relating to rulemaking authority, clarifies provisions relating to the setting of rates and fees, clarifies provisions relating to risk management, modifies provisions relating to the duties of the Division of Archives and Records Services.
- Read more about the bill here