Ind. Code § 23-2.5-9-3
If a breach occurs of the security of records that:
(2) contain the unencrypted, unredacted personal information of one (1) or more borrowers or prospective borrowers;
the loan processing company is subject to the disclosure requirements under IC 24-4.9-3 . However, this section does not apply if the loan processor is exempt from the disclosure requirements under IC 24-4.9-3-4 .
As added by P.L.175-2019, SEC.2.