Recently states have begun to adopt broad statutes to fill the void created by a lack of effective Congressional action to protect electronically stored personal data. These new enactments impose new duties on companies that obtain personal data and new remedies for individuals when those companies are hacked. Shareholder Denise Dickerson and Associate Derek Hartman cover these issues in this month’s cover story in the Defense Research Institute’s December 2020 edition of “For the Defense.” It contains an informative summary of these recent statutes. In addition, it discusses important recent cases, illustrating the contours of the substantial financial impact these statutes can have on companies, when user or customer personal data is hacked and how some states have created safe harbor protections for companies following good data management practices, such as those included in “Insurance Data Security Model Law,” which has been adopted by Ohio and several other states. The article can be accessed here.