Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Iowa · Chapter 554G — Tort Liability — Cybersecurity Programs

554G.1 Definitions.

790 words·~4 min read·/ia/chapter-554g-tort-liability-cybersecurity-programs/554g-1·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

As used in this chapter:
1. “Business” means any limited liability company, limited liability partnership, corporation, sole proprietorship, association, or other group, however organized and whether operating for profit or not for profit, including a financial institution organized, chartered, or holding a license authorizing operation under the laws of this state, any other state, the United States, or any other country, or the parent or subsidiary of any of the foregoing, including an entity organized under chapter 28E. “Business” does not include a municipality as defined in section 670.1.
2. “Contract” means the same as defined in section 554D.103.
3. “Covered entity” means a business that accesses, receives, stores, maintains, communicates, or processes personal information or restricted information in or through one or more systems, networks, or services located in or outside this state.
4. “Data breach” means an intentional or unintentional action that could result in electronic records owned, licensed to, or otherwise protected by a covered entity being viewed, copied, modified, transmitted, or destroyed in a manner that is reasonably believed to have or may cause material risk of identity theft, fraud, or other injury or damage to person or property. “Data breach” does not include any of the following:
a. Good-faith acquisition of personal information or restricted information by the covered entity’s employee or agent for the purposes of the covered entity, provided that the personal information or restricted information is not used for an unlawful purpose or subject to further unauthorized disclosure.
b. Acquisition or disclosure of personal information or restricted information pursuant to a search warrant, subpoena, or other court order, or pursuant to a subpoena, order, or duty of a regulatory state agency.
5. “Distributed ledger technology” means the same as defined in section 554E.1.
6. “Electronic record” means the same as defined in section 554D.103.
7. “Encrypted” means the use of an algorithmic process to transform data into a form for which there is a low probability of assigning meaning without use of a confidential process or key.
8. “Individual” means a natural person.
9. “Maximum probable loss” means the greatest damage expectation that could reasonably occur from a data breach. For purposes of this subsection, “damage expectation” means the total value of possible damage multiplied by the probability that damage would occur.
10. a. “Personal information” means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, social security number, driver’s license number or state identification card number, passport number, account number or credit or debit card number, location data, biometric data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.
b. “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records or any of the following media that are widely distributed:
(1)Any news, editorial, or advertising statement published in any bona fide newspaper, journal, or magazine, or broadcast over radio, television, or the internet.
(2)Any gathering or furnishing of information or news by any bona fide reporter, correspondent, or news bureau to news media identified in this paragraph.
(3)Any publication designed for and distributed to members of any bona fide association or charitable or fraternal nonprofit business.
(4)Any type of media similar in nature to any item, entity, or activity identified in this paragraph.
11. “Record” means the same as defined in section 554D.103.
12. “Redacted” means altered, truncated, or anonymized so that, when applied to personal
§554G.1, TORT LIABILITY — CYBERSECURITY PROGRAMS 2
information, the data can no longer be attributed to a specific individual without the use of additional information.
13. “Restricted information” means any information about an individual, other than personal information, or business that, alone or in combination with other information, including personal information, can be used to distinguish or trace the identity of the individual or business, or that is linked or linkable to an individual or business, if the information is not encrypted, redacted, tokenized, or altered by any method or technology in such a manner that the information is anonymized, and the breach of which is likely to result in a material risk of identity theft or other fraud to person or property.
14. “Smart contract” means the same as defined in section 554E.1.
15. “Transaction” means a sale, trade, exchange, transfer, payment, or conversion of virtual currency or other digital asset or any other property or any other action or set of actions occurring between two or more persons relating to the conduct of business, commercial, or governmental affairs.
Referred to in §8.93
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.