Brief Summary of the Indiana Consumer Data Protection Act: Part I featured image

Brief Summary of the Indiana Consumer Data Protection Act: Part I

by John DiGiacomo

Partner

Internet Law

The state of Indiana recently passed its own version of a consumer data privacy/protection statute called the Indiana Consumer Data Protection Act (“ICDPA”). The new law becomes effective on January 1, 2026. The ICDPA has many of the same aspects as other similar laws passed in states like California, Texas, Utah, Colorado, Connecticut, etc. As with the newer versions of these laws, the ICDPA adds a focus on targeted advertising. If your company or business is currently in compliance with other U.S. consumer data privacy/protection statutes, it should not be difficult to be in compliance with the ICDPA. That is because the Indiana Consumer Data Protection Act’s regulatory regime is the same as similar laws. In brief, the regulatory regime involves:

  • A focus on consumer data collection and processing by “processors” (a person/entity “that processes personal data on behalf of a controller”) and “controllers” (a person/entity “that, alone or jointly with others, determines the purpose and means of processing personal data”)
  • Giving consumers various rights
  • Requiring that consumers be given notice of their rights including the right to know what data is being processed
  • Requiring that consent be obtained from consumers

Note that, on its surface, the ICDPA may seem to depart from an earlier focus of these statutes on data collection. However, the definition of “processing” includes data collection. So, when the ICDPA gives a consumer the right to opt out of “processing,” that also includes the right to opt out of having their data “collected.”The ICDPA provides no private right of action and is to be enforced by administrative action by the Indiana Attorney General. Here is a brief summary of the ICDPA.

What Consumer Rights are Granted?

Under the ICDPA, consumers have the following rights:

  • To confirm whether or not a controller is processing the consumer’s personal data and to access such personal data (see below)
  • To correct inaccuracies in the consumer’s personal data
  • To delete personal data provided by or obtained about the consumer
  • Once in a 12-month period, the right to obtain either: (A) a copy of; or (B) a representative summary of the consumer’s personal data that the consumer previously provided to the controller — this information provided must be in a portable and, to the extent technically practicable, readily usable format that allows the consumer to transmit the data or summary to another controller without hindrance
  • To opt out of the processing of the consumer’s personal data for purposes of (i) targeted advertising; (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer

What Businesses are Covered by the ICDPA?

Unlike other similar statutes, there is no monetary threshold to the applicability of the ICDPA. Rather, the thresholds relate to doing business in Indiana and to the number of Indiana consumers whose data is collected/processed. More specifically, the ICDPA applies to:

  • Any entity doing business in Indiana or which produces products or services that are targeted to the residents of Indiana AND;
  • Any entity that controls or processes consumer data of at least 100,000 Indiana residents OR does so for 25,000+ Indiana residents AND derives over 50% of its gross revenue from the sale of personal data

Other aspects of the ICDPA will be covered in Part II of this summary.

Contact the Consumer Data Privacy Attorneys at Revision Legal For more information, contact the experienced Consumer Data Privacy Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side

Let's Discuss Your Case