INDIANAPOLIS — A proposed rule would help protect Hoosiers from cyberattacks by giving businesses a clearer understanding of how to protect consumers’ data.
Data security specialists say the proposed rule would help businesses put their resources to complying with the rule, rather than the costs of a class-action lawsuit that could follow a data breach.
“We need a way to separate the businesses that are taking important steps to secure data from those who are not,” Indiana Attorney General Curtis Hill said. “This rule would provide businesses a playbook on how to protect data, and would protect the businesses that follow the playbook. It’s a win for both consumers and businesses.”
Attorney General Hill says the Equifax data breach is an example of why businesses must invest resources into data protection.
“Equifax did not take the precautions necessary to protect the personal data of millions of consumers,” Attorney General Hill said. “Much of the damage from this data breach could have been mitigated had Equifax followed the steps outlined in this rule. It is our hope that this proposed rule prevents data breaches of this scale from happening again in the future.”
If passed, Indiana would be the first state in the nation to approach the issue of cybersecurity with regulation. The proposed rule will soon be up for a public hearing. It is expected that the proposed rule will take effect by the end of the year.