This bill provides that a private entity is not liable in a class action resulting from an event resulting in unauthorized access to, or disruption or misuse of, an information system or nonpublic information stored on an information system unless the event was caused by willful, wanton, or gross negligence on the part of the private entity.
ON APRIL 22, 2024, THE HOUSE ADOPTED AMENDMENT #1 AND PASSED HOUSE BILL 2434, AS AMENDED.
AMENDMENT #1 establishes that a private entity is not liable in a class action lawsuit resulting from a cybersecurity event unless the cybersecurity event was caused by willful and wanton misconduct or gross negligence on the part of the private entity.