Shostack + Friends Blog Archive


Indiana's Breach Law

Indiana’s breach notification law went into effect on July 1, 2006. An excerpt relevant the “lost laptop” phenomenon:

Sec. 2. (a) As used in this chapter, "breach of the security of the system"
means unauthorized acquisition of computerized data that compromises the security,
confidentiality, or integrity of personal information maintained by a state or
local agency.
(b) The term does not include the following:
(1) Good faith acquisition of personal information by an agency or
employee of the agency for purposes of the agency, if the personal information
is not used or subject to further unauthorized disclosure.
(2) Unauthorized acquisition of a portable electronic device on
which personal information is stored if access to the device is protected
by a password that has not been disclosed.

One comment on "Indiana's Breach Law"

  • Lyger says:

    If I read this right, according to point (2) an undisclosed Windows password is considered sufficient protection?
    If so, Knoppix and F.I.R.E say hello.

Comments are closed.