Can you summarize IC 24-4.9-3-1?

Short Summary

This legal document, governed by the Indiana Code, specifically the Trade Regulation section on Disclosure of Security Breach, outlines the disclosure and notification requirements for data base owners in the event of a breach of data security. According to the document, after discovering or being notified of a breach, the data base owner must disclose the breach to an Indiana resident if their unencrypted personal information or encrypted personal information with access to the encryption key was or may have been acquired by an unauthorized person. The disclosure is required if the data base owner knows, should know, or should have known that the breach could result in identity deception, identity theft, or fraud affecting the Indiana resident. Additionally, if the data base owner is required to disclose to more than one thousand consumers, they must also disclose the necessary information to consumer reporting agencies to assist in preventing fraud. The breach must also be disclosed to the attorney general. The document does not specify any penalties for non-compliance or violations.

Whom does it apply to?

Data base owners

What does it govern?

Disclosure of breach

What are exemptions?

Sections 4(c), 4(d), and 4(e) of this chapter

What are the Penalties?

Not specified

Jurisdiction

Indiana

Source

IC 24-4.9-3-1 [https://reggi.cloud.regology.com/regulations/US-INCO/US-INCO_T_24_ST_4.9_C_3_S_1]

• Banking