Indiana Disclosure of Security Breach law

Indiana SB 503 of 2006 requires that after discovering or being notified of a breach of the security of data, database owners shall disclose the breach to an Indiana resident whose: (1) unencrypted personal information was or may have been acquired by an

unauthorized person; or (2) encrypted personal information was or may have been acquired by an unauthorized person with access to the encryption key; if the database owners know, should know, or should have known that the unauthorized acquisition constituting the breach has resulted in or could result in identity deception, identity theft, or fraud affecting the Indiana resident. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. The rules for this policy are:

• Indiana Disclosure of Security Breach law: Name and SSN
• Indiana Disclosure of Security Breach law: Name and DL
• Indiana Disclosure of Security Breach law: Name and CCN
• Indiana Disclosure of Security Breach law: Name and Password (Wide)
• Indiana Disclosure of Security Breach law: Name and Password (Default)
• Indiana Disclosure of Security Breach law: Name and Password (Narrow)
• Indiana Disclosure of Security Breach law: Password Dissemination for HTTP Traffic (Wide)
• Indiana Disclosure of Security Breach law: Password Dissemination for HTTP Traffic (Default)
• Indiana Disclosure of Security Breach law: Password Dissemination for HTTP Traffic (Narrow)
• Indiana Disclosure of Security Breach law: Account and Password