Iowa introduces new breach notification bill

Iowa House Study Bill 526 would require organizations to report a breach within 45 days, add new categories to reporting requirements, and expand the definition of what is considered personal information. The bill would apply to personal data in any form and also cover medical records, effectively shortening HIPAA breach reporting requirements by 15 days. If organizations implement increased encryption methods, they can be exempt from the proposed state reporting requirements.