Data security breach notification: Arizona and Indiana

Arizona and Indiana have both enacted legislation imposing new notice requirements in the event of a data security breach. Effective July 23, 2022, Arizona passed HB 2146 which provides that businesses in the state which own, maintain, or license unencrypted and unredacted computerized personal information must additionally notify the Director of the Arizona Department of Homeland Security in the event of a data security breach which requires notification of more than 1000 individuals. Effective July 1, 2022, Indiana passed HB 1351 which provides a timeline for disclosure of a data security breach. The new law states that any person required to make a disclosure or notification under Indiana’s data security breach statute must do so without “unreasonably delay”, but not more than 45 days after the discovery of the breach. Arizona already has an existing 45-day notice requirement.

By Megan Butz
General Counsel, HR Compliance, Checkwriters
Megan joined Checkwriters in 2020 and is responsible for reviewing, revising, and implementing internal policies of the company, advising on human resource, employment, and labor matters, and monitoring and publishing state and federal legal updates to the Checkwriters News and Compliance Center for distribution to thousands of clients around the country. Before joining Checkwriters, Megan served as a judicial law clerk for the justices of the Massachusetts Probate and Family Court performing legal research and writing, followed by private practice in Cape Cod.

Go back