Magazine article Information Management

Indiana Passes Data Breach Law

Magazine article Information Management

Indiana Passes Data Breach Law

Article excerpt

Under a law that went into effect July 1, Indiana businesses must notify customers of computer-security breaches that could put them at risk for identify theft.

"It doesn't matter if it was one (customer) or 500,000 or a million, you have to disclose that to your customer," Staci Schneider, spokeswoman for the attorney general's office, told the Associated Press (AP).

According to the AP, Indiana's new law was sparked by the well-publicized ChoicePoint Inc. case. The data firm's massive database of consumer information was accessed by thieves in 2004. The company waited more than four months after discovering the breach to disclose it to the public in February 2005. ChoicePoint contends that authorities asked it to keep the information secret initially.

The Indiana law says a business or database owner must notify affected Indiana residents of security breaches "without unreasonable delay." If more than 1,000 people are affected, the company also must notify the three credit bureaus so they can flag the affected consumers' reports. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.