Sec. 5. As used in this chapter, "cybersecurity event" means an event resulting in unauthorized access to or a disruption or misuse of an information system or nonpublic information stored on the information system that has a reasonable likelihood of materially harming a consumer or any material part of the normal operations of the licensee. However, the term does not include the following:
(1) The unauthorized acquisition of encrypted nonpublic information if the encryption, process, or key is not also acquired, released, or used without authorization.
(2) An event in which a licensee has determined that the nonpublic information accessed by an unauthorized person has not been used or released and has been returned or destroyed.
As added by P.L.130-2020, SEC.10.
Structure Indiana Code
Article 2. Powers and Duties of Insurers
Chapter 27. Insurance Data Security
27-2-27-1. Applicability of Chapter
27-2-27-2. "Authorized Individual"
27-2-27-5. "Cybersecurity Event"
27-2-27-8. "Information Security Program"
27-2-27-9. "Information System"
27-2-27-11. "Multi-Factor Authentication"
27-2-27-12. "Nonpublic Information"
27-2-27-13. "Publicly Available Information"
27-2-27-15. "Third Party Service Provider"
27-2-27-16. Information Security Program; Requirements
27-2-27-17. Risk Assessment; Requirements
27-2-27-18. Actions Required Based on Risk Assessment Results
27-2-27-19. Board of Directors; Executive Management
27-2-27-20. Incident Response Plan
27-2-27-21. Investigation of Cybersecurity Event
27-2-27-22. Notice to Ceding Insurers and Commissioner of Cybersecurity Event
27-2-27-23. Notice to Producers of Cybersecurity Event
27-2-27-24. Powers of Commissioner
27-2-27-26. Exemptions From Chapter
27-2-27-27. Suspension; Revocation
27-2-27-29. Private Right of Action