Sec. 10. A state educational institution (as defined in IC 21-7-13-32) shall:
(1) submit a summary analysis report of cyber security incidents to the office on a quarterly basis in a format prescribed by the chief information officer; and
(2) provide the office with the name and contact information of any individual who will act as the primary reporter of a summary report of cybersecurity incidents described in subdivision (1) before September 1, 2021, and before September 1 of every year thereafter.
Nothing in this section shall be construed to require reporting by the state educational institution that conflicts with federal privacy laws or is prohibited due to an ongoing law enforcement investigation.
As added by P.L.134-2021, SEC.6.