Second Regular Session 115th General Assembly (2008)


PRINTING CODE. Amendments: Whenever an existing statute (or a section of the Indiana Constitution) is being amended, the text of the existing provision will appear in this style type, additions will appear in this style type, and deletions will appear in this style type.
Additions: Whenever a new statutory provision is being enacted (or a new constitutional provision adopted), the text of the new provision will appear in this style type. Also, the word NEW will appear in that style type in the introductory clause of each SECTION that adds a new provision to the Indiana Code or the Indiana Constitution.
Conflict reconciliation: Text in a statute in this style type or this style type reconciles conflicts between statutes enacted by the 2007 Regular Session of the General Assembly.


    HOUSE ENROLLED ACT No. 1197


     AN ACT to amend the Indiana Code concerning trade regulation.

Be it enacted by the General Assembly of the State of Indiana:

SOURCE: IC 4-6-9-7.5; (08)HE1197.1.1. -->
    SECTION 1. IC 4-6-9-7.5 IS ADDED TO THE INDIANA CODE AS A NEW SECTION TO READ AS FOLLOWS [EFFECTIVE JULY 1, 2008]: Sec. 7.5. The division may initiate and maintain an educational program to inform consumers of:
        (1) risks involved in a breach of the security of a system; and
        (2) steps that the victim of a security breach should take to prevent and mitigate the damage from the security breach.
SOURCE: IC 24-4.9-2-2; (08)HE1197.1.2. -->
SOURCE: IC 24-4.9-2-2. -->     SECTION 2. IC 24-4.9-2-2, AS ADDED BY P.L.125-2006, SECTION 6, IS AMENDED TO READ AS FOLLOWS [EFFECTIVE JULY 1, 2008]: Sec. 2. (a) "Breach of the security of a system" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a person. The term includes the unauthorized acquisition of computerized data that have been transferred to another medium, including paper, microfilm, or a similar medium, even if the transferred data are no longer in a computerized format.
    (b) The term does not include the following:
        (1) Good faith acquisition of personal information by an employee or agent of the person for lawful purposes of the person, if the personal information is not used or subject to further unauthorized disclosure.
        (2) Unauthorized acquisition of a portable electronic device on

which personal information is stored, if access to the device all personal information on the device is protected by a password that encryption and the encryption key:
            (A) has not been compromised or disclosed; and
            (B) is not in the possession of or known to the person who, without authorization, acquired or has access to the portable electronic device.

HEA 1197 _ Concur
Figure

Graphic file number 0 named seal1001.pcx with height 58 p and width 72 p Left aligned