As used in this chapter, 'cybersecurity event' means an event resulting in unauthorized access to or a disruption or misuse of an information system or nonpublic information stored on the information system that has a reasonable likelihood of materially harming a consumer or any material part of the normal operations of the licensee. However, the term does not include the following:(1) The unauthorized acquisition of encrypted nonpublic information if the encryption, process, or key is not also acquired, released, or used without authorization.(2) An event in which a licensee has determined that the nonpublic information accessed by an unauthorized person has not been used or released and has been returned or destroyed.As added by P.L.130-2020, SEC.10.
Indiana Legal Code