Loading chat...
IN HB1357
Bill
Status
1/12/2016
Primary Sponsor
William Fine
Click for details
AI Summary
HB 1357 Summary
-
Expands data breach notification law to cover all data formats (computerized, paper, microfilm, and other mediums), not just computerized data.
-
Replaces terminology throughout the statute: changes "data base owner" to "data owner" and "personal information" to "sensitive personal information"; repeals the unused "doing business in Indiana" definition.
-
Creates new definitions for "data collector" (entities that collect/maintain sensitive personal information but don't own it) and "data user" (both data owners and data collectors).
-
Requires data users to post privacy practices on their public-facing Internet websites and increases civil penalties up to $5,000 per violation, or $50 per affected resident if violation contributes to a breach (capped at $150,000 total per deceptive act).
-
Specifies required disclosure information in breach notifications including breach description, affected information types, protective actions taken, and toll-free numbers for consumer reporting agencies and the Federal Trade Commission.
-
Effective July 1, 2016.
Legislative Description
Data breaches. Makes the following changes to the statute concerning the breach of the security of data that includes the sensitive personal information of Indiana residents and that is collected and maintained by a person other than a state agency or the judicial or legislative department of state government: (1) Specifies that the statute is not limited to breaches of computerized data. (2) Repeals the definition of a term ("doing business in Indiana") that is not used in the statute. (3) Replaces the term "data base owner" with "data owner". (4) Defines the term "data collector" as a person that:
Last Action
Representative DeLaney added as coauthor
1/21/2016