February 13, 2008





ENGROSSED

HOUSE BILL No. 1197

_____


DIGEST OF HB 1197 (Updated February 12, 2008 11:29 am - DI 106)



Citations Affected: IC 4-6; IC 24-4.9.

Synopsis: Data breaches. Authorizes the attorney general to initiate a program to educate consumers of risks posed by a security breach. Provides, for purposes of the law requiring the disclosure of a breach of the security of a system, that the unauthorized acquisition of a portable electronic device on which personal information is stored does not constitute a breach of the security of a system if the contents of the portable electronic device are encrypted and if the encryption key is not compromised.

Effective: July 1, 2008.





Pierce , Dermody , Walorski , Koch
(SENATE SPONSORS _ HERSHMAN, BRODEN)




    January 10, 2008, read first time and referred to Committee on Technology, Research and Development.
    January 16, 2008, amended, reported _ Do Pass.
    January 24, 2008, read second time, amended, ordered engrossed.
    January 25, 2008, engrossed.
    January 28, 2008, read third time, passed. Yeas 94, nays 0.

SENATE ACTION

    January 29, 2008, read first time and referred to Committee on Corrections, Criminal, and Civil Matters.
    February 12, 2008, amended, reported favorably _ Do Pass.






February 13, 2008

Second Regular Session 115th General Assembly (2008)


PRINTING CODE. Amendments: Whenever an existing statute (or a section of the Indiana Constitution) is being amended, the text of the existing provision will appear in this style type, additions will appear in this style type, and deletions will appear in this style type.
Additions: Whenever a new statutory provision is being enacted (or a new constitutional provision adopted), the text of the new provision will appear in this style type. Also, the word NEW will appear in that style type in the introductory clause of each SECTION that adds a new provision to the Indiana Code or the Indiana Constitution.
Conflict reconciliation: Text in a statute in this style type or this style type reconciles conflicts between statutes enacted by the 2007 Regular Session of the General Assembly.


ENGROSSED

HOUSE BILL No. 1197



    A BILL FOR AN ACT to amend the Indiana Code concerning trade regulation.

Be it enacted by the General Assembly of the State of Indiana:

SOURCE: IC 4-6-9-7.5; (08)EH1197.1.1. -->     SECTION 1. IC 4-6-9-7.5 IS ADDED TO THE INDIANA CODE AS A NEW SECTION TO READ AS FOLLOWS [EFFECTIVE JULY 1, 2008]: Sec. 7.5. The division may initiate and maintain an educational program to inform consumers of:
        (1) risks involved in a breach of the security of a system; and
        (2) steps that the victim of a security breach should take to prevent and mitigate the damage from the security breach.
SOURCE: IC 24-4.9-2-2; (08)EH1197.1.2. -->
SOURCE: IC 24-4.9-2-2. -->     SECTION 2. IC 24-4.9-2-2, AS ADDED BY P.L.125-2006, SECTION 6, IS AMENDED TO READ AS FOLLOWS [EFFECTIVE JULY 1, 2008]: Sec. 2. (a) "Breach of the security of a system" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a person. The term includes the unauthorized acquisition of computerized data that have been transferred to another medium, including paper, microfilm, or a similar medium, even if the transferred data are no longer in a computerized format.
    (b) The term does not include the following:
        (1) Good faith acquisition of personal information by an employee or agent of the person for lawful purposes of the person, if the personal information is not used or subject to further unauthorized disclosure.
        (2) Unauthorized acquisition of a portable electronic device on which personal information is stored, if access to the device all personal information on the device is protected by a password that encryption and the encryption key:
            (A)
has not been compromised or disclosed; and
            (B) is not in the possession of or known to the person who, without authorization, acquired or has access to the portable electronic device.