715.9 Ransomware prohibition. 1. A person shall not intentionally, willfully, and without authorization do any of the following: a. Access, attempt to access, cause to be accessed, or exceed the person’s authorized access to all or a part of a computer network, computer control language, computer, computersoftware, computer system, or computer database. b. Copy, attempt to copy, possess, or attempt to possess the contents of all or part of a computer database accessed in violation of paragraph 'a'. 2. A person shall not commit an act prohibited in subsection 1 with the intent to do any of the following: a. Cause the malfunction or interruption of the operation of all or any part of a computer, computer network, computer control language, computer software, computer system,computer service, or computer data. b. Alter, damage, or destroy all or any part of data or a computer program stored, maintained, or produced by a computer, computer network, computer software, computersystem, computer service, or computer database. 3. A person shall not intentionally, willfully, and without authorization do any of the following: a. ter, computer network, computer software, computersystem, computer service, or computer database. 3. A person shall not intentionally, willfully, and without authorization do any of the following: a. Possess, identify, or attempt to identify a valid computer access code.b. Publicize or distribute a valid computer access code to an unauthorized person.4. A person shall not commit an act prohibited under this section with the intent to interrupt or impair the functioning of any of the following: a. The state.b. A service, device, or system related to the production, transmission, delivery, or storage of electricity or natural gas in the state that is owned, operated, or controlled by a personother than a public utility as defined in chapter 476. c. A service provided in the state by a public utility as defined in section 476.1, subsection 2. d. A hospital or health care facility as defined in section 135C.1.e. A public elementary or secondary school, community college, or area education agency under the supervision of the department of education. f. A city, city utility, or city service. g. An authority as defined in section 330A.2.5. ary school, community college, or area education agency under the supervision of the department of education. f. A city, city utility, or city service. g. An authority as defined in section 330A.2.5. This section shall not apply to the use of ransomware for research purposes by a person who has a bona fide scientific, educational, governmental, testing, news, or othersimilar justification for possessing ransomware. However, a person shall not knowinglypossess ransomware with the intent to use the ransomware for the purpose of introductioninto the computer, computer network, or computer system of another person without theauthorization of the other person. 6. A person who has suffered a specific and direct injury because of a violation of this section may bring a civil action in a court of competent jurisdiction. a. In an action under this subsection, the court may award actual damages, reasonable attorney fees, and court costs. b. A conviction for an offense under this section is not a prerequisite for the filing of a civil action. 2023 Acts, ch 77, §7NEW section Sat Dec 23 12:30:09 2023 Iowa Code 2024, Section 715.9 (2, 2)
Iowa Legal Code