Iowa legislature proposes requiring orgs to report breaches within 45 days

Iowa is proposing an update to its breach notification act, which would require organizations to report data breaches within 45 days. The proposed bill also adds new reporting requirements for categories such as medical records, expands the definition of personal information, and requires increased encryption of data for exemption from reporting. The proposal comes after the Equifax breach and is part of a trend of states tightening data security laws.