There are numerous federal and state laws and standards that govern the use, security, and protection of personal information.

State Data Protection and Security Laws

There are three state laws related to data protection and security that are most frequently applicable to the University and its vendors.

• Indiana’s Release of Social Security Number law prohibits the disclosure of social security numbers except in very limited circumstances.
• Indiana’s Notice of Security Breach law requires the University to provide notice to individuals in the event of an unauthorized disclosure (breach) of personal information held by the University or one of its vendors. Personal Information means an individual’s name (either first and last, or first initial and last name) together with at least one of the following: social security number, driver license or identification card number, account number, credit/debit card number, or security code, access code, or password of an individual’s financial account.
• Indiana’s Persons Holding a Customer’s Personal Information law requires the safe disposal or destruction of some personal data held by the University.

If you have questions regarding the state data protection and security laws, please contact Jennifer Adams.