Glossary
I
Idaho Title 28 Chapter 51
- Description: Idaho’s breach notification law requires that residents and the Attorney General be notified of breaches involving unencrypted Personal Information (PI).
- Enacted and Enforced: Enacted March 19, 2007; enforced October 1, 2007.
- Impacts Data Types: SSNs, driver’s license numbers, financial account data.
- Examples: Stolen, unencrypted USB drives with SSNs.
- Potential Fines: Civil penalties of up to $5,000 per violation.
Illinois HB 1633
- Description: The Illinois Personal Information Protection Act (PIPA) mandates breach notifications involving SSNs, financial data, and more.
- Enacted and Enforced: Enacted August 5, 2005; enforced January 1, 2006.
- Impacts Data Types: SSNs, driver’s license or state ID numbers, financial accounts.
- Examples: Hacked customer database with SSNs.
- Potential Fines: Up to $750 per individual per incident plus civil penalties.
Indiana SB 503
- Description: Indiana’s law requires notification after unauthorized acquisition of personal data.
- Enacted and Enforced: Enacted March 18, 2012; enforced July 1, 2012.
- Impacts Data Types: SSNs, driver’s license numbers, financial accounts.
- Examples: Payroll data leak via email.
- Potential Fines: Up to $150,000 per incident.
Information Security Policy
- Description: A formal set of rules to ensure confidentiality, integrity, and availability of information.
- Origin: Best practice since early 2000s; no formal enforcement.
- Impacts Data Types: All organizational data.
- Examples: Password and encryption policies.
- Potential Fines: Non-compliance may lead to GDPR or HIPAA fines.
Insider Threat
- Description: A security risk from internal actors like employees or contractors misusing access.
- Origin: Recognized since early 2000s; not formally enforced.
- Impacts Data Types: All sensitive data.
- Examples: Employee sending client list to personal email.
- Potential Fines: Can result in breach fines.