February 13, 2008
HOUSE BILL No. 1197
DIGEST OF HB 1197
(Updated February 12, 2008 11:29 am - DI 106)
Citations Affected: IC 4-6; IC 24-4.9.
Synopsis: Data breaches. Authorizes the attorney general to initiate a
program to educate consumers of risks posed by a security breach.
Provides, for purposes of the law requiring the disclosure of a breach
of the security of a system, that the unauthorized acquisition of a
portable electronic device on which personal information is stored does
not constitute a breach of the security of a system if the contents of the
portable electronic device are encrypted and if the encryption key is not
Effective: July 1, 2008.
(SENATE SPONSORS _ HERSHMAN, BRODEN)
January 10, 2008, read first time and referred to Committee on Technology, Research and
January 16, 2008, amended, reported _ Do Pass.
January 24, 2008, read second time, amended, ordered engrossed.
January 25, 2008, engrossed.
January 28, 2008, read third time, passed. Yeas 94, nays 0.
January 29, 2008, read first time and referred to Committee on Corrections, Criminal, and
February 12, 2008, amended, reported favorably _ Do Pass.
February 13, 2008
Second Regular Session 115th General Assembly (2008)
PRINTING CODE. Amendments: Whenever an existing statute (or a section of the Indiana
Constitution) is being amended, the text of the existing provision will appear in this style type,
additions will appear in this style type
, and deletions will appear in
this style type.
Additions: Whenever a new statutory provision is being enacted (or a new constitutional
provision adopted), the text of the new provision will appear in this style type
. Also, the
will appear in that style type in the introductory clause of each SECTION that adds
a new provision to the Indiana Code or the Indiana Constitution.
Conflict reconciliation: Text in a statute in this style type
this style type
between statutes enacted by the 2007 Regular Session of the General Assembly.
HOUSE BILL No. 1197
A BILL FOR AN ACT to amend the Indiana Code concerning trade
Be it enacted by the General Assembly of the State of Indiana:
SOURCE: IC 4-6-9-7.5; (08)EH1197.1.1. -->
SECTION 1. IC 4-6-9-7.5 IS ADDED TO THE INDIANA CODE
AS A NEW SECTION TO READ AS FOLLOWS [EFFECTIVE JULY
1, 2008]: Sec. 7.5. The division may initiate and maintain an
educational program to inform consumers of:
(1) risks involved in a breach of the security of a system; and
(2) steps that the victim of a security breach should take to
prevent and mitigate the damage from the security breach.
SOURCE: IC 24-4.9-2-2; (08)EH1197.1.2. -->
SOURCE: IC 24-4.9-2-2. -->
SECTION 2. IC 24-4.9-2-2, AS ADDED BY P.L.125-2006,
SECTION 6, IS AMENDED TO READ AS FOLLOWS [EFFECTIVE
JULY 1, 2008]: Sec. 2. (a) "Breach of the security of a system" means
unauthorized acquisition of computerized data that compromises the
security, confidentiality, or integrity of personal information
maintained by a person. The term includes the unauthorized acquisition
of computerized data that have been transferred to another medium,
including paper, microfilm, or a similar medium, even if the transferred
data are no longer in a computerized format.
(b) The term does not include the following:
(1) Good faith acquisition of personal information by an employee
or agent of the person for lawful purposes of the person, if the
personal information is not used or subject to further unauthorized
(2) Unauthorized acquisition of a portable electronic device on
which personal information is stored, if
access to the device all
personal information on the device
is protected by
that encryption and the encryption key:
has not been compromised or
(B) is not in the possession of or known to the person who,
without authorization, acquired or has access to the
portable electronic device.