Indiana Breach Notification Law Amended, Changes Effective July 1, 2022

SM
Sheppard Mullin Richter & Hampton

Contributor

Sheppard Mullin is a full service Global 100 firm with over 1,000 attorneys in 16 offices located in the United States, Europe and Asia. Since 1927, companies have turned to Sheppard Mullin to handle corporate and technology matters, high stakes litigation and complex financial transactions. In the US, the firm’s clients include more than half of the Fortune 100.
Indiana has made a minor amendment to its data breach notification law. Starting July 1, companies who are obligated to notify under the law must do so...
United States Alabama Indiana Maryland Ohio Wisconsin Privacy

Indiana has made a minor  amendment to its data breach notification law. Starting July 1, companies who are obligated to notify under the law must do so (to affected individuals and the Indiana Attorney General) without unreasonable delay, but no later than 45 days after discovery of the breach. This changes the current time frame, which is "without unreasonable delay." Indiana joins many other states that impose a specific timing requirement, in particular no later than 45 days after determining there has been a breach. For example, Alabama, Maryland, Ohio, and Wisconsin (among several others) all require notice to individuals no later than 45 days from discovery.

Putting it into practice: Beginning July 1, 2022, companies who suffer a breach impacting Indiana residents will want to keep in mind this notification timing change.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More