Sec. 32. (a) A licensee that satisfies the requirements of this chapter is entitled to an affirmative defense to any cause of action sounding in tort that:
(1) is brought under the laws or in the courts of this state; and
(2) alleges that the failure to implement reasonable information security controls resulted in a data breach concerning nonpublic information.
(b) The affirmative defense available under this section does not limit any other affirmative defenses available to a licensee.
As added by P.L.130-2020, SEC.10.
Structure Indiana Code
Article 2. Powers and Duties of Insurers
Chapter 27. Insurance Data Security
27-2-27-1. Applicability of Chapter
27-2-27-2. "Authorized Individual"
27-2-27-5. "Cybersecurity Event"
27-2-27-8. "Information Security Program"
27-2-27-9. "Information System"
27-2-27-11. "Multi-Factor Authentication"
27-2-27-12. "Nonpublic Information"
27-2-27-13. "Publicly Available Information"
27-2-27-15. "Third Party Service Provider"
27-2-27-16. Information Security Program; Requirements
27-2-27-17. Risk Assessment; Requirements
27-2-27-18. Actions Required Based on Risk Assessment Results
27-2-27-19. Board of Directors; Executive Management
27-2-27-20. Incident Response Plan
27-2-27-21. Investigation of Cybersecurity Event
27-2-27-22. Notice to Ceding Insurers and Commissioner of Cybersecurity Event
27-2-27-23. Notice to Producers of Cybersecurity Event
27-2-27-24. Powers of Commissioner
27-2-27-26. Exemptions From Chapter
27-2-27-27. Suspension; Revocation
27-2-27-29. Private Right of Action