Government agencies. Indiana law requires that notice be provided to consumers when there has been a breach in the security, confidentiality, or integrity of computerized personal information maintained by a state agency or owned or licensed by a state agency. Notice must be sent without reasonable delay. Personal information includes an individual's first and last name or first initial and last name in combination with a Social Security number (SSN); driver's license or identification card number; or account number, credit card number, debit card number, security code, access code, or password of an individual's financial account (IN Code Sec. 4-1-11-1 et seq.).
Private employers. The state's security breach law applies to database owners, defined as individuals or businesses that own or license computerized data that includes personal information. Under the law, a database owner must disclose a breach in its security system to an Indiana resident whose:
• Unencrypted personal information was or may have been acquired by an unauthorized person; or
• Encrypted personal information ...