InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Indiana enacts data breach disclosure requirements
On March 18, the Indiana governor signed HB 1351, which provides that in the event of the discovery of a data breach, persons are required to disclose or provide notification “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” The bill provides for specific reasonable delays, including circumstances that are “necessary to restore the integrity of the computer system” or “to discover the scope of the breach,” or in certain instances where the attorney general or a law enforcement agency states that disclosure of the breach will impede a criminal or civil investigation or jeopardize national security. The statute amends an existing provision of Indiana law, IC-24-4.9.3-3, by making clear that notification must be within 45 days. HB 1351 takes effect July 1.
Indiana passes loan broker provisions
On March 18, the Indiana governor signed HB 1092, which amends the provisions regarding loan brokers that include requirements for licensing, as well as contract for the services of a loan broker. Among other things, the bill establishes that a loan processing company notice filing must be made on a form prescribed by the commissioner and include the: (i) loan processing company's business name, address, and state of incorporation or business registration; (ii) names of the owners, officers, members, or partners who control the loan processing company; and (iii) name of each individual who is employed by the loan processing company, including the unique identifier from the Nationwide Multistate Licensing System (NMLS) of each loan processor. Additionally, when a contract for the services of a loan broker is assigned, the loan broker shall provide a copy of the signed contract and a written disclosure of any agreement entered into by the loan broker to procure loans exclusively from one lender to each party to the contract. The bill is effective July 22.
Indiana governor renews public health disaster emergency and extends some executive orders issued
On January 28, the Indiana governor issued Executive Order 21-03, which renews the public health disaster emergency, originally set forth in Executive Order 20-02 (previously discussed here), for an additional 30-day period beyond January 30, 2021. As a result, all executive orders issued since March 6, 2020, that provide that they are supplements to Executive Order 20-02 are also renewed for the same 30-day period, except to the extent that they have been rescinded, superseded, or specify that they end or expire at another specific date.
Indiana governor renews public health disaster emergency and extends some executive orders issued since March 6, 2020
On July 30, the Indiana governor issued Executive Order 20-38, which renews the public health disaster emergency, originally set forth in Executive Order 20-02, for an additional 30-day period until September 2, 2020. As a result, all executive orders issued since March 6, 2020, that provide that they are supplements to Executive Order 20-02 are also renewed for the same 30-day period, except to the extent that they have been rescinded, superseded, or specify that they end or expire at another specific date.
Indiana provides broker-dealers with relief from branch examination regulation
On July 13, the Indiana Secretary of State, Securities Division, issued a compliance alert providing temporary relief from annual branch examination requirements. In light of the restrictions on travel caused by the pandemic, broker-dealers are not required to conduct an annual compliance examination in each branch office located in Indiana. However, a firm with the ability to conduct a remote branch examination during 2020 is encouraged to do so. Registrants are also reminded of their obligation to properly supervise agents and employees.
Indiana extends expiration date of licenses, certificates and permits
On June 3, the Indiana governor issued Executive Order 20-31, which extends regulatory relief related to Covid-19. Among other things, state agency-issued licenses, certifications or permits that have expired, or are set to expire, during the public health emergency were extended to June 30, 2020. This extension applies to, among other things, occupational and professional licenses.
Indiana updates notary public requirements
Indiana Secretary of State Connie Lawson issued an announcement highlighting new laws and regulations regarding continuing education for notaries public, remote notary authorization, and criminal history record checks for notaries public. As of March 31, active notaries public can receive authorization to conduct remote notarizations if they submit an application, complete an educational course, pay a $100 fee, and contract with an approved technology vendor. The new laws relating to continuing education and criminal history record checks take effect on July 1.
Multi-jurisdiction settlement reached with credit reporting agency over 2017 data breach
On April 17, the Massachusetts attorney general announced a settlement with a credit reporting agency (CRA) to resolve a state investigation into a 2017 data breach that reportedly compromised the personal information of nearly three million Massachusetts residents. According to the AG’s 2017 complaint (covered by InfoBytes here), the CRA ignored cybersecurity vulnerabilities for months before the breach occurred and failed to take measures to implement and maintain reasonable safeguards. Under the terms of the proposed settlement, pending final court approval, the CRA will pay Massachusetts $18.2 million and is required to take significant measures to strengthen its security practices to ensure compliance with Massachusetts law. These measures include (i) implementing a comprehensive information security program; (ii) minimizing the collection of sensitive personal information; (iii) managing and implementing specific technical safeguards and controls; (iv) providing consumer-related relief, such as credit monitoring services and security freezes; and (iv) allowing third-party assessments of its data safeguards.
Earlier, on April 14, the Indiana attorney general also announced that the CRA will pay the state $19.5 million to resolve allegations that it failed to protect Indiana residents whose personal information was exposed in the 2017 data breach. Under the terms of the final judgment and consent decree, in addition to paying $19.5 million in restitution, the CRA must take measures similar to those outlined in the Massachusetts settlement.
Massachusetts and Indiana were the only two states that chose not to participate in the 2017 multi-agency settlement that resolved federal and state investigations into the data breach and required the company to pay up to $700 million (covered by InfoBytes here).
Separately, on April 7, the City of Chicago announced a $1.5 million settlement to resolve allegations that the CRA’s failure to employ adequate data-security measures led to the breach.
Indiana Supreme Court issues order protecting stimulus payments from attachment or garnishment from creditors
On April 20, the Indiana Supreme Court issued an order in response to a petition for emergency rulemaking to protect stimulus payments under the CARES Act from attempts by private creditors to attach or garnish those payments during the Covid-19 emergency. Pursuant to the order, courts are prohibited from issuing new orders placing a hold on, attaching, or garnishing funds in a judgment-debtor’s account in a depository institution if those funds are attributable to a stimulus payment, with certain exceptions. With respect to previously issued court orders placing a hold on a judgment-debtor’s account in a depository institution, the judgement-debtor is entitled to a hearing, upon request, to determine what funds in the account are attributable to a stimulus payment and for the judgement-debtor to assert any exemption(s) under state or federal law. These measures are effective until the expiration of the Covid-19 public health emergency or until the Indiana Supreme Court suspends the order.
Indiana regulator suspends notice requirements for branch closures, provides other relief
The Indiana Department of Financial Institutions, Depository Division announced that it has suspended nearly all examination activity. The division also suspended prior notice requirements for temporary branch or office closures, extended the deadline for submission of audits required for banks and corporate fiduciaries, and granted permission for institutions to make temporary changes to their bylaw requirements for annual meetings.