2017 Indiana Code
TITLE 24. Trade Regulation
ARTICLE 4.9. DISCLOSURE OF SECURITY BREACH
CHAPTER 2. Definitions
24-4.9-2-2. "Breach of the security of data"
Sec. 2. (a) "Breach of the security of data" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a person. The term includes the unauthorized acquisition of computerized data that have been transferred to another medium, including paper, microfilm, or a similar medium, even if the transferred data are no longer in a computerized format.
(b) The term does not include the following:
(1) Good faith acquisition of personal information by an employee or agent of the person for lawful purposes of the person, if the personal information is not used or subject to further unauthorized disclosure.
(2) Unauthorized acquisition of a portable electronic device on which personal information is stored, if all personal information on the device is protected by encryption and the encryption key:
(A) has not been compromised or disclosed; and
(B) is not in the possession of or known to the person who, without authorization, acquired or has access to the portable electronic device.
As added by P.L.125-2006, SEC.6. Amended by P.L.136-2008, SEC.2; P.L.137-2009, SEC.3.