Skip to main content
House Bill 1101

House Bill 1101

ARCHIVE (2006)

Latest Information

DIGEST OF HB1101 (Updated March 8, 2006 6:25 pm - DI 84)

Security breach disclosure and identity deception. Provides that a person that owns or licenses certain unredacted or unencrypted personal information concerning Indiana residents that is contained in a computerized data base must disclose to those Indiana residents without unreasonable delay a security breach in the computerized data base (including the unauthorized acquisition of computerized data that have been transferred to another medium) if the security breach could cause the Indiana residents to become victims of identity theft, identity deception, or fraud. Requires a database owner who is required to make a disclosure concerning a security breach to more than 1,000 persons to notify each credit reporting bureau of the security breach. Specifies that a person that maintains a computer data base but does not own or license the personal information contained in the data base must notify the data base owner if there is a security breach in the data base. Provides that a data base owner with a privacy plan drafted to comply with certain federal statutes may comply with that plan instead of these provisions if that plan meets the federal requirements, and permits a data base owner with its own privacy plan to comply with its own plan instead of these provisions if its plan is at least as stringent as these provisions or a plan that complies with certain federal statutes. Authorizes the attorney general to bring an action to enforce the disclosure requirements. Makes certain information that relates to a license application submitted to the Indiana gaming commission confidential. Provides that a person who disposes of a customer's unencrypted, unredacted personal information without first shredding, incinerating, mutilating, or erasing the personal information commits a Class C infraction. Enhances the offense to a Class A infraction for a second or subsequent offense, or if the person has unlawfully disposed of the personal information of more than 100 customers. Includes as personal information certain information collected as part of a license or permit application. Provides that a person who unlawfully obtains the identifying information of a deceased person commits identity deception. Makes identity deception a Class C felony if a person unlawfully obtains the identities of more than 100 persons or the fair market value of the fraud or harm caused by the identity theft is at least $50,000. Makes possession of a card skimming device with the intent to commit identity deception or fraud a Class D felony and a Class C felony if the device is possessed with the intent to commit terroristic deception. Permits a court to enter a restitution order requiring a person convicted of identity deception to reimburse the victim for additional expenses that arise or are discovered after sentencing or after the entry of a restitution order. Grants a court a five year period in which to order a person convicted of identity deception to pay additional restitution. Provides that a person who commits the offense of identity deception may be tried in any county in which any element of the offense occurs. Provides that jurisdiction for cases of identity deception lies in Indiana if the victim resides in Indiana. Imposes certain fiduciary obligations on members of the governing board of a county hospital, and specifies that if a hospital governing board has two physician members, only one physician member is required to be an active member of the medical staff of the hospital.
Current Status:
Law Enacted
Latest Printing (PDF)