Sec. 32. (a) A licensee that satisfies the requirements of this chapter is entitled to an affirmative defense to any cause of action sounding in tort that:
(1) is brought under the laws or in the courts of this state; and
(2) alleges that the failure to implement reasonable information security controls resulted in a data breach concerning nonpublic information.
(b) The affirmative defense available under this section does not limit any other affirmative defenses available to a licensee.
As added by P.L.130-2020, SEC.10.