Sec. 5. (a) Any state agency that owns or licenses computerized data that includes personal information shall disclose a breach of the security of the system following discovery or notification of the breach to any state resident whose unencrypted personal information was or is reasonably believed to have been acquired by an unauthorized person.
(b) The disclosure of a breach of the security of the system shall be made:
(1) without unreasonable delay; and
(2) consistent with:
(A) the legitimate needs of law enforcement, as described in section 7 of this chapter; and
(B) any measures necessary to:
(i) determine the scope of the breach; and
(ii) restore the reasonable integrity of the data system.
As added by P.L.91-2005, SEC.2.