[BreachExchange] Indiana Amends Breach Notification Law to Require Notification Within 45 Days

[Terrell Byrd]

https://www.natlawreview.com/article/indiana-amends-breach-notification-law-to-require-notification-within-45-days

Indiana has amended its breach notification law to require entities to
notify individuals “without unreasonable delay, but not more than
forty-five (45) days after the discovery of the breach.” It clarifies that
a delay is “reasonable” if it is: “(1) necessary to restore the integrity
of the computer system; (2) necessary to discover the scope of the breach;
or (3) in response to a request from the attorney general or a law
enforcement agency to delay disclosure because disclosure will: (A) impede
a criminal or civil investigation; or (B) jeopardize national security.” IN
LEGIS 171-2022 (2022), 2022 Ind. Legis. Serv. P.L. 171-2022 (H.E.A. 1351)
(WEST)

The law goes into effect on July 2, 2022.

On a side note, the Indiana Attorney General’s office is well known when it
comes to consumer protection and frequently issues data requests after
receiving notice that an Indiana resident’s personal information may have
been compromised. Therefore, it is worthwhile to be aware of this new time
frame when sending notification to individuals and the Indiana AG.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220325/a6e0fbdf/attachment.html>