Indiana Senate Bill 472

---

Spectrum: Partisan Bill (Republican 2-0)
Status: Introduced on January 13 2025 - 25% progression
Action: 2025-01-23 - Committee report: amend do pass adopted; reassigned to Committee on Appropriations
Pending: Senate Appropriations Committee
Text: Latest bill text (Comm Sub) [PDF]

Cybersecurity. Requires political subdivisions, state agencies, school corporations, and state educational institutions (public entities), with the exception of specified categories of hospitals, to adopt not later than December 31, 2025, a: (1) technology resources policy; and (2) cybersecurity policy; that meet specified requirements. Requires the office of technology (office) to develop: (1) standards and guidelines regarding cybersecurity for use by political subdivisions and state educational institutions; and (2) a uniform cybersecurity policy for use by state agencies. Requires the office to develop, in collaboration with the department of education: (1) a uniform technology resources policy governing use of technology resources by the employees of school corporations; and (2) a uniform cybersecurity policy for use by school corporations. Requires: (1) a public entity to biennially submit to the office the cybersecurity policy adopted by the public entity; and (2) the office to establish a procedure for collecting and maintaining a record of submitted cybersecurity policies. Establishes: (1) the cybersecurity insurance program (program) for the purpose of providing coverage to a participating government entity for losses incurred by the government entity as a result of a cybersecurity incident; and (2) the cybersecurity insurance board (board) to administer the program. Provides that coverage for losses incurred by a participating government entity as a result of a cybersecurity incident are paid under the program from premiums paid into a trust fund by participating government entities. Provides that the board shall contract with cybersecurity professionals who can be dispatched by the board to assist a participating government entity in the event of a cybersecurity incident. Provides that fines recovered by the attorney general for any of the following violations are deposited in the trust fund: (1) Failure of an adult oriented website to implement or properly use a reasonable age verification method. (2) Failure of a data base owner to safeguard personal information of Indiana residents. (3) Failure of a data base owner to disclose or provide notice of a security breach. (4) Violation of consumer data protection law. Makes an appropriation.

Cybersecurity.

Sen. Elizabeth Brown [R]

Sen. Brian Buchanan [R]

Date	Chamber	Action
2025-01-23	Senate	Committee report: amend do pass adopted; reassigned to Committee on Appropriations
2025-01-16	Senate	Senator Buchanan added as second author
2025-01-13	Senate	First reading: referred to Committee on Commerce and Technology
2025-01-13	Senate	Authored by Senator Brown L

Type	Source
Summary	https://iga.in.gov/legislative/2025/bills/senate/472/details
Text	https://iga.in.gov/pdf-documents/124/2025/senate/bills/SB0472/SB0472.01.INTR.pdf
Text	https://iga.in.gov/pdf-documents/124/2025/senate/bills/SB0472/SB0472.02.COMS.pdf
Amendment	https://iga.in.gov/pdf-documents/124/2025/senate/bills/SB0472/committee-amendments/amendments/SB0472.01.INTR.AMS01.pdf
Supplement	https://iga.in.gov/pdf-documents/124/2025/senate/bills/SB0472/fiscal-notes/SB0472.01.INTR.FN001.pdf
Supplement	https://iga.in.gov/pdf-documents/124/2025/senate/bills/SB0472/votesheets/SB0472.01.INTR.04.pdf
Supplement	https://iga.in.gov/pdf-documents/124/2025/senate/bills/SB0472/committee-reports/SB0472.01.INTR.CRS001.pdf
Supplement	https://iga.in.gov/pdf-documents/124/2025/senate/bills/SB0472/fiscal-notes/SB0472.02.COMS.FN001.pdf