The Office of the Attorney General (OAG) held a public hearing this morning (October 30) regarding a proposed rule about data privacy. Indiana law currently requires database owners to “implement and maintain reasonable procedures … to protect and safeguard from unlawful use or disclosure any personal information of Indiana residents” that they collect and maintain. A database owner is defined as a business or person “that owns or licenses computerized data that includes personal information.”

The OAG’s proposed rule seeks to impose a “duty” on database owners to “implement and maintain a data security plan” – the failure to do so will constitute a “deceptive act” that the OAG may prosecute pursuant to statute.

In short, the proposed rule would increase the burden placed on employers, especially small businesses, who leverage data for professional use and impose onerous consequences in the event of a data breach. Accordingly, the Indiana Chamber submitted comments and offered suggestions to add clarity to sections of the rule and lessen the potential impact to business. A summary of the Chamber’s submitted testimony is provided below.

The Indiana Chamber has a long-standing position that encourages privacy and security of government open data, particularly personal information, to continue to be strengthened to ensure confidentiality and anonymity. Regarding the private sector, data-driven innovation provides Indiana businesses with tremendous growth opportunities and its consumers with increased convenience and efficiency. The Indiana Chamber represents businesses that use data to improve the goods and services they provide – including small, medium and large companies. 

In fact, most of our businesses today (and certainly in the future) are in the “tech market” – and the collection and use of data are key to their ability to thrive. As such, it is paramount that any legislation, regulation or public action in this space contemplates input from the business community so unintended consequences do not occur that hamper or endanger enterprises’ ability to conduct business.

In the absence of a federal framework, the Indiana Chamber prefers the codification of a state-based data privacy law – including oversight and enforcement – be the product of the General Assembly and that any such law, if any, promotes innovation and regulatory certainty while respecting individual privacy and choice.

Resource: Adam H. Berry at (317) 264-6892 or email: aberry@indianachamber.com