2017 Indiana Code
TITLE 24. Trade Regulation
CHAPTER 3. Disclosure and Notification Requirements
24-4.9-3-1. Disclosure of breach

Universal Citation: IN Code § 24-4.9-3-1 (2017)
IC 24-4.9-3-1 Disclosure of breach

     Sec. 1. (a) Except as provided in section 4(c), 4(d), and 4(e) of this chapter, after discovering or being notified of a breach of the security of data, the data base owner shall disclose the breach to an Indiana resident whose:

(1) unencrypted personal information was or may have been acquired by an unauthorized person; or

(2) encrypted personal information was or may have been acquired by an unauthorized person with access to the encryption key;

if the data base owner knows, should know, or should have known that the unauthorized acquisition constituting the breach has resulted in or could result in identity deception (as defined in IC 35-43-5-3.5), identity theft, or fraud affecting the Indiana resident.

     (b) A data base owner required to make a disclosure under subsection (a) to more than one thousand (1,000) consumers shall also disclose to each consumer reporting agency (as defined in 15 U.S.C. 1681a(p)) information necessary to assist the consumer reporting agency in preventing fraud, including personal information of an Indiana resident affected by the breach of the security of a system.

     (c) If a data base owner makes a disclosure described in subsection (a), the data base owner shall also disclose the breach to the attorney general.

As added by P.L.125-2006, SEC.6. Amended by P.L.137-2009, SEC.4.


Disclaimer: These codes may not be the most recent version. Indiana may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.