Authors: Senator James Merritt, Senator Jon Ford
Co-authors: Senator Mark Stoops, Senator Lonnie Randolph
Sponsors: Representative Todd Huston
Co-Sponsors: Representative Christina Hale, Representative Milo Smith
Makes the following changes to the statute concerning the breach of the security of data that includes the sensitive personal information of Indiana residents and that is collected and maintained by a person other than a state agency or the judicial or legislative department of state government: (1) Specifies that the statute is not limited to breaches of computerized data. (2) Repeals the definition of a term ("doing business in Indiana") that is not used in the statute. (3) Replaces the term "data base owner" with "data owner". (4) Defines the term "data collector" as a person that: (A) is not a data owner; and (B) collects, maintains, disseminates, or handles data that includes sensitive personal information. (5) Defines the term "data user" as a data owner or a data collector. (6) Replaces the term "personal information" with "sensitive personal information" and makes conforming amendments. (7) Requires a data user to post certain information concerning the data user's privacy practices on the data user's Internet web site. (8) Increases the amount of the civil penalty that a court may impose in an action by the attorney general to enforce the provisions concerning the safeguarding of data if the court finds that a violation: (A) was done knowingly; or (B) contributed to a breach of the security of data that includes the sensitive personal information of Indiana residents. (9) Sets forth certain information that a data owner must include in a disclosure of a security breach. (10) Specifies the applicability of different enforcement procedures available to the attorney general under the statute.