February 13, 2008
ENGROSSED
HOUSE BILL No. 1197
_____
DIGEST OF HB 1197
(Updated February 12, 2008 11:29 am - DI 106)
Citations Affected: IC 4-6; IC 24-4.9.
Synopsis: Data breaches. Authorizes the attorney general to initiate a
program to educate consumers of risks posed by a security breach.
Provides, for purposes of the law requiring the disclosure of a breach
of the security of a system, that the unauthorized acquisition of a
portable electronic device on which personal information is stored does
not constitute a breach of the security of a system if the contents of the
portable electronic device are encrypted and if the encryption key is not
compromised.
Effective: July 1, 2008.
January 10, 2008, read first time and referred to Committee on Technology, Research and
Development.
January 16, 2008, amended, reported _ Do Pass.
January 24, 2008, read second time, amended, ordered engrossed.
January 25, 2008, engrossed.
January 28, 2008, read third time, passed. Yeas 94, nays 0.
SENATE ACTION
January 29, 2008, read first time and referred to Committee on Corrections, Criminal, and
Civil Matters.
February 12, 2008, amended, reported favorably _ Do Pass.
February 13, 2008
Second Regular Session 115th General Assembly (2008)
PRINTING CODE. Amendments: Whenever an existing statute (or a section of the Indiana
Constitution) is being amended, the text of the existing provision will appear in this style type,
additions will appear in
this style type, and deletions will appear in
this style type.
Additions: Whenever a new statutory provision is being enacted (or a new constitutional
provision adopted), the text of the new provision will appear in
this style type. Also, the
word
NEW will appear in that style type in the introductory clause of each SECTION that adds
a new provision to the Indiana Code or the Indiana Constitution.
Conflict reconciliation: Text in a statute in
this style type or
this style type reconciles conflicts
between statutes enacted by the 2007 Regular Session of the General Assembly.
ENGROSSED
HOUSE BILL No. 1197
A BILL FOR AN ACT to amend the Indiana Code concerning trade
regulation.
Be it enacted by the General Assembly of the State of Indiana:
SOURCE: IC 4-6-9-7.5; (08)EH1197.1.1. -->
SECTION 1. IC 4-6-9-7.5 IS ADDED TO THE INDIANA CODE
AS A NEW SECTION TO READ AS FOLLOWS [EFFECTIVE JULY
1, 2008]: Sec. 7.5. The division may initiate and maintain an
educational program to inform consumers of:
(1) risks involved in a breach of the security of a system; and
(2) steps that the victim of a security breach should take to
prevent and mitigate the damage from the security breach.
SOURCE: IC 24-4.9-2-2; (08)EH1197.1.2. -->
SOURCE: IC 24-4.9-2-2. -->
SECTION 2. IC 24-4.9-2-2, AS ADDED BY P.L.125-2006,
SECTION 6, IS AMENDED TO READ AS FOLLOWS [EFFECTIVE
JULY 1, 2008]: Sec. 2. (a) "Breach of the security of a system" means
unauthorized acquisition of computerized data that compromises the
security, confidentiality, or integrity of personal information
maintained by a person. The term includes the unauthorized acquisition
of computerized data that have been transferred to another medium,
including paper, microfilm, or a similar medium, even if the transferred
data are no longer in a computerized format.
(b) The term does not include the following:
(1) Good faith acquisition of personal information by an employee
or agent of the person for lawful purposes of the person, if the
personal information is not used or subject to further unauthorized
disclosure.
(2) Unauthorized acquisition of a portable electronic device on
which personal information is stored, if
access to the device all
personal information on the device is protected by
a password
that encryption and the encryption key:
(A) has not been
compromised or disclosed;
and
(B) is not in the possession of or known to the person who,
without authorization, acquired or has access to the
portable electronic device.