Indiana's Breach Law
Indiana’s breach notification law went into effect on July 1, 2006. An excerpt relevant the “lost laptop” phenomenon:
Sec. 2. (a) As used in this chapter, "breach of the security of the system" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a state or local agency. (b) The term does not include the following: (1) Good faith acquisition of personal information by an agency or employee of the agency for purposes of the agency, if the personal information is not used or subject to further unauthorized disclosure. (2) Unauthorized acquisition of a portable electronic device on which personal information is stored if access to the device is protected by a password that has not been disclosed.
If I read this right, according to point (2) an undisclosed Windows password is considered sufficient protection?
If so, Knoppix and F.I.R.E say hello.