Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Indiana enacts data breach disclosure requirements

Privacy/Cyber Risk & Data Security State Issues State Legislation Indiana Data Breach Disclosures

Privacy, Cyber Risk & Data Security

On March 18, the Indiana governor signed HB 1351, which provides that in the event of the discovery of a data breach, persons are required to disclose or provide notification “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” The bill provides for specific reasonable delays, including circumstances that are “necessary to restore the integrity of the computer system” or “to discover the scope of the breach,” or in certain instances where the attorney general or a law enforcement agency states that disclosure of the breach will impede a criminal or civil investigation or jeopardize national security.  The statute amends an existing provision of Indiana law, IC-24-4.9.3-3, by making clear that notification must be within 45 days. HB 1351 takes effect July 1.