Arizona and Indiana have both enacted legislation imposing new notice requirements in the event of a data security breach. Effective July 23, 2022, Arizona passed HB 2146 which provides that businesses in the state which own, maintain, or license unencrypted and unredacted computerized personal information must additionally notify the Director of the Arizona Department of Homeland Security in the event of a data security breach which requires notification of more than 1000 individuals. Effective July 1, 2022, Indiana passed HB 1351 which provides a timeline for disclosure of a data security breach. The new law states that any person required to make a disclosure or notification under Indiana’s data security breach statute must do so without “unreasonably delay”, but not more than 45 days after the discovery of the breach. Arizona already has an existing 45-day notice requirement.