Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

Indiana
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Within 45 days

FINES & PENALTIES – Violations
Up to $150,000 per deceptive act

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

Indiana Privacy Law Information

PRIVACY PROGRAM

Organizations must implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect and safeguard personal information. Organizations must have measures in place for the secure disposal of personal information. The security breach laws cover computerized data and paper documents that were once maintained as computerized data.

BREACH REPORTING

Breach reporting must be made within 45 days after discovery to the Attorney General. If notification is required for more than 1,000 consumers, the breached Organization must also notify each consumer reporting agency.

CONSUMER NOTIFICATION

If a breach affects residents of other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

VENDOR/THIRD PARTIES

Vendors must notify Organizations without delay after the discovery of a breach or suspected breach. The Organization will be responsible to complete any required regulatory reporting and consumer notification.

INDUSTRY SPECIFIC LAWS

Indiana passed the Insurance Data Security Law, which includes requirements for Insurance licensees to protect personal information and investigate and respond to breaches of security. Effective March 18, 2020, licensees must comply with the breach notification requirements, including Commissioner notification within 3 business days.

FINES & PENALTIES

Organizations may be fined or penalized for Vendor violations. For violations of consumer notification and breach reporting, penalties could include the Attorney General seeking injunctive relief, a civil penalty up to $150,000 per deceptive act, and award of the Attorney General’s reasonable costs for investigating and maintaining the action. Improperly disposing of personal information is considered a deceptive act, and penalties for violations can be imposed up to $5,000 per deceptive act.

Indiana Statutes and Laws

IND. CODE § 24-4.9-3

Disclosure and notification requirements

IND. CODE ARTICLE 24-4-14-1 TO 24-4-14-8

Persons holding a customer’s personal information

IND. CODE § 24-4.9-3-2

Notification of data base owner

IND. CODE § 24-4.9-4-1

Failure to disclose or notify; deceptive act

IND. CODE § 24-4.9-4-2

Action by attorney general

IND. CODE ARTICLE 24-4.9 §§ 24-4.9-1 TO 24-4.9-5-1

Disclosure of security breach

IND. CODE §§ 27-2-27-1 – 27-2-27-32

Insurance Data Security

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.