Linn Foster Freedman of Robinson + Cole writes:
Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is “reasonable” if it is: “(1) necessary to restore the integrity of the computer system; (2) necessary to discover the scope of the breach; or (3) in response to a request from the attorney general or a law enforcement agency to delay disclosure because disclosure will: (A) impede a criminal or civil investigation; or (B) jeopardize national security.” Ind. Code § 24-4.9-3-3 (2022)
The law goes into effect on July 2, 2022.
Read more at Data Privacy + Cybersecurity Insider.