BreachExchange mailing list archives
Indiana Amends Breach Notification Law to Require Notification Within 45 Days
From: Terrell Byrd <terrell.byrd () riskbasedsecurity com>
Date: Fri, 25 Mar 2022 10:01:43 -0400
https://www.natlawreview.com/article/indiana-amends-breach-notification-law-to-require-notification-within-45-days Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is “reasonable” if it is: “(1) necessary to restore the integrity of the computer system; (2) necessary to discover the scope of the breach; or (3) in response to a request from the attorney general or a law enforcement agency to delay disclosure because disclosure will: (A) impede a criminal or civil investigation; or (B) jeopardize national security.” IN LEGIS 171-2022 (2022), 2022 Ind. Legis. Serv. P.L. 171-2022 (H.E.A. 1351) (WEST) The law goes into effect on July 2, 2022. On a side note, the Indiana Attorney General’s office is well known when it comes to consumer protection and frequently issues data requests after receiving notice that an Indiana resident’s personal information may have been compromised. Therefore, it is worthwhile to be aware of this new time frame when sending notification to individuals and the Indiana AG.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Indiana Amends Breach Notification Law to Require Notification Within 45 Days Terrell Byrd (Mar 25)