Sec. 83. (a) Except to the extent prohibited by law other than this chapter, the attorney general or the attorney general's agent shall notify a holder as soon as practicable of:
(1) a suspected loss, misuse or unauthorized access, disclosure, modification, or destruction of confidential information obtained from the holder in the possession of the attorney general or the attorney general's agent; and
(2) any interference with operations in any system hosting or housing confidential information which:
(A) compromises the security, confidentiality, or integrity of the information; or
(B) creates a substantial risk of identity fraud or theft.
(b) The attorney general and the attorney general's agent must comply with the requirements of IC 4-1-10 and IC 4-1-11 if an event described in subsection (a) leads to the disclosure of confidential information.
(c) If an event described in subsection (a) occurs, the attorney general and the attorney general's agent shall:
(1) take action necessary for the holder to understand and minimize the effect of the event and determine its scope; and
(2) cooperate with the holder with respect to:
(A) any notification required by law concerning a data or other security breach; and
(B) a regulatory inquiry, litigation, or similar action.
As added by P.L.141-2021, SEC.20.