Information Maintained by the Office of Code Revision Indiana Legislative Services Agency
IC 24-4-14
     Chapter 14. Persons Holding a Customer's Personal Information

IC 24-4-14-1
Applicability
    
Sec. 1. This chapter does not apply to the following:
        (1) The executive, judicial, or legislative department of state government or any political subdivision.
        (2) A unit (as defined in IC 36-1-2-23).
        (3) The office of county auditor.
        (4) The office of county treasurer.
        (5) The office of county recorder.
        (6) The office of county surveyor.
        (7) A county sheriff's department.
        (8) The office of county coroner.
        (9) The office of county assessor.
        (10) A person who engages in the business of waste collection, except to the extent the person holds a customer's personal information directly in connection with the business of waste collection.
        (11) A person who maintains and complies with a disposal program under:
            (A) the federal USA Patriot Act (P.L.107-56);
            (B) Executive Order 13224;
            (C) the federal Driver's Privacy Protection Act (18 U.S.C. 2721 et seq.);
            (D) the federal Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
            (E) the federal Financial Modernization Act of 1999 (15 U.S.C. 6801 et seq.); or
            (F) the federal Health Insurance Portability and Accountability Act (HIPAA) (P.L.104-191);
        if applicable.
As added by P.L.125-2006, SEC.5.

IC 24-4-14-2
"Customer"
    
Sec. 2. As used in this chapter, "customer" means a person who:
        (1) has:
            (A) received; or
            (B) contracted for;
        the direct or indirect provision of goods or services from another person holding the person's personal information; or
        (2) provides the person's personal information to another person in connection with a transaction with a nonprofit corporation or charitable organization.
The term includes a person who pays a commission, a consignment fee, or another fee contingent on the completion of a transaction.
As added by P.L.125-2006, SEC.5.



IC 24-4-14-3
"Dispose of"
    
Sec. 3. As used in this chapter, "dispose of" means to discard or abandon the personal information of a customer in an area accessible to the public. The term includes placing the personal information in a container for trash collection.
As added by P.L.125-2006, SEC.5.

IC 24-4-14-4
"Encrypted"
    
Sec. 4. For purposes of this chapter, personal information is "encrypted" if the personal information:
        (1) has been transformed through the use of an algorithmic process into a form in which there is a low probability of assigning meaning without use of a confidential process or key; or
        (2) is secured by another method that renders the personal information unreadable or unusable.
As added by P.L.125-2006, SEC.5.

IC 24-4-14-5
"Person"
    
Sec. 5. As used in this chapter, "person" means an individual, a partnership, a corporation, a limited liability company, or another organization.
As added by P.L.125-2006, SEC.5.

IC 24-4-14-6
"Personal information"
    
Sec. 6. As used in this chapter, "personal information" has the meaning set forth in IC 24-4.9-2-10. The term includes information stored in a digital format.
As added by P.L.125-2006, SEC.5.

IC 24-4-14-7
"Redacted"
    
Sec. 7. (a) For purposes of this chapter, personal information is "redacted" if the personal information has been altered or truncated so that not more than the last four (4) digits of:
        (1) a driver's license number;
        (2) a state identification number; or
        (3) an account number;
is accessible as part of personal information.
    (b) For purposes of this chapter, personal information is "redacted" if the personal information has been altered or truncated so that not more than five (5) digits of a Social Security number are accessible as part of personal information.
As added by P.L.125-2006, SEC.5.

IC 24-4-14-8


Disposal of personal information; infraction
    
Sec. 8. A person who disposes of the unencrypted, unredacted personal information of a customer without shredding, incinerating, mutilating, erasing, or otherwise rendering the information illegible or unusable commits a Class C infraction. However, the offense is a Class A infraction if:
        (1) the person violates this section by disposing of the unencrypted, unredacted personal information of more than one hundred (100) customers; or
        (2) the person has a prior unrelated judgment for a violation of this section.
As added by P.L.125-2006, SEC.5.