Indiana Data Privacy Laws

Data Breach provisions applicable to state agencies:

  • I.C. § 4-1-11-1. Applicability, click here.
  • I.C. § 4-1-11-2. Breach of the security of the system defined, click here.
  • I.C. § 4-1-11-3. Definition of “personal information,” click here.
  • I.C. § 4-1-11-4. Definition of “state agency,” click here. For the referenced definition of “state agency” in I.C. 4-1-10-2, click here.
  • I.C. § 4-1-11-5. State agency that owns or licenses computerized data; notice of breach, click here.
  • I.C. § 4-1-11-6. State agency that maintains computerized data; notice of breach, click here.
  • I.C. § 4-1-11-7. Notice, click here.
  • I.C. § 4-1-11-8. Manner of notice, click here.
  • I.C. § 4-1-11-9. Alternate forms of notice, click here.
  • I.C. § 4-1-11-10. Notice to consumer reporting agencies, click here.

Data Breach provisions applicable to data base owners and holders:

  • I.C. § 24-4.9-1-1. Limits on application, click here.
  • I.C. § 24-4.9-2-1. Applicability, click here.
  • I.C. § 24-4.9-2-2. “Breach of the security of data,” click here.
  • I.C. § 24-4.9-2-3. “Data base owner,” click here.
  • I.C. § 24-4.9-2-4. “Doing business in Indiana,” click here.
  • I.C. § 24-4.9-2-5. Encrypted data, click here.
  • I.C. § 24-4.9-2-6, “Financial institution,” click here.  For the referenced definition of “Financial institution” in I.C. 28-1-1-3 and 15 U.S.C. § 6809, click here and here.
  • I.C. § 24-4.9-2-7. “Indiana resident,” click here.
  • I.C. § 24-4.9-2-8. “Mail,” click here.  For the referenced definition of “mail” in I.C. 23-1-20-15, click here.
  • I.C. § 24-4.9-2-9. “Person,” click here.
  • I.C. § 24-4.9-2-10. “Personal information,” click here.
  • I.C. § 24-4.9-2-11. Redacted data, click here.
  • I.C. § 24-4.9-3-1. Duty of data base owner to disclose breach, click here.
  • I.C. § 24-4.9-3-2. Duty of person that maintains computerized data to notify data base owner, click here.
  • I.C. § 24-4.9-3-3. Notification without unreasonable delay, click here.
  • I.C. § 24-4.9-3-3.5. Exceptions to the application of this statute; reasonable procedures to protect personal information, click here.
  • I.C. § 24-4.9-3-4. Disclosure methods, click here.
  • I.C. § 24-4.9-4-1. Deceptive acts, click here.
  • I.C. § 24-4.9-4-2. Actions brought by attorney general, click here.
  • I.C. § 24-4.9-5-1. This statute preempts authority of a unit (county, municipality or township,) click here.

This page was last updated on 10/10/2018.