Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Dec. 23 — Indiana Attorney General Greg Zoeller (R) Dec. 22 announced proposed legislation to require online enterprises to improve security and privacy protection and provide clearer privacy policies for consumers, as well as to expand the state's breach notification law.
Citing recent corporate data breaches—such as those at Staples Inc.—Zoeller said in a statement that Indiana's “existing laws are proving inadequate.”
State Sen. Jim Merritt (R), who joined Zoeller at a press conference announcing the legislative initiative, is slated in January—when the Legislature reconvenes— to sponsor a bill on the issues. “Identity theft and data breaches are serious crimes and can have life-altering consequences for victims,” Merritt said in the statement.
The proposed legislation would require online companies that collect and store personal or financial data to:
• not retain information beyond what is necessary for business purposes and delete it after it is no longerneeded;
• secure stored data;
• “share or sell data only when authorized by law or when consumers are informed in advance;” and
• provide “conspicuous notice” of when data is collected and for how long data will be stored.
In addition, website operators and online companies that collect financial or personal information from state residents would be required under the proposed legislation to “conspicuously post” privacy policies that “identify what personal information the operator collects from site visitors and whether the operator shares or sells any of that information, and with whom.”
A covered online company that profits from selling user information and has failed to disclose to consumers that it is collecting and selling their data would be considered to have made “a knowing misrepresentation,” the statement said.
Zoeller also aims to include provisions in the proposed legislation to strengthen the state's data breach notification law.
Indiana enacted a breach notice law in 2005 that covered only state agency data breaches. In 2006, the notice requirement was expanded to cover all businesses.
The legislative proposal would amend the state Disclosure of Security Breach Act to expand its reach to cover not only breaches of electronic data but breaches of protected personal information in other media, such as paper documents.
The proposal would also require covered entities to provide “more informative notification to affected consumers so they can take action to protect themselves in case of a data breach,” the statement said.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)