Indiana has made a minor amendment to its data breach notification law. Starting July 1, companies who are obligated to notify under the law must do so (to affected individuals and the Indiana Attorney General) without unreasonable delay, but no later than 45 days after discovery of the breach. This changes the current time frame, which is "without unreasonable delay." Indiana joins many other states that impose a specific timing requirement, in particular no later than 45 days after determining there has been a breach. For example, Alabama, Maryland, Ohio, and Wisconsin (among several others) all require notice to individuals no later than 45 days from discovery.
Putting it into practice: Beginning July 1, 2022, companies who suffer a breach impacting Indiana residents will want to keep in mind this notification timing change.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.