Indiana has become the seventh U.S. state to pass its own data privacy law. Like the other state laws (with the exception of California’s CCPA), it is closely modeled on the Virginia Consumer Data Protection Act. However, like other state laws, it is not quite identical to any its counterparts.
Here is a quick introduction to the major components of Indiana’s privacy law.
Indiana’s privacy law will go into effect on January 1, 2026, giving businesses plenty of time to prepare.
For-profit businesses must comply with the Indiana law if they do business in the state (or target Indiana residents for their products/services), and meet at least one of the following conditions:
Indiana consumers now have the following privacy rights:
Indiana’s definition of personal data mirrors that of other privacy laws, and includes all information that is “linked or reasonably linkable to an identified or identifiable individual.” This covers everything from IP addresses to shopping habits.
Personal data does not include: de-identified data, aggregate data, and publicly available information.
As is the case with several other states, Indiana’s privacy law requires businesses to perform data protection impact assessments for certain types of processing activities. A DPIA is required for:
These assessments must weigh the benefits of a particular processing activity against any potential risks to the consumer, and consider any mitigating safeguards that might be employed.
Each violation of the Indiana privacy law is punishable by civil penalties of up to $7,500, plus payment of the Attorney General’s expenses in investigating and prosecuting the case.
The Indiana privacy law does not grant a private right of action to consumers, meaning they cannot sue a business over alleged violations.
The pace of state privacy legislation is picking up, with many states likely to pass their own laws in the near future. With each new law, compliance becomes a little more complicated to manage, especially for businesses without in-house privacy experts.
TrueVault US helps businesses of all sizes get compliant on their own with privacy laws from across the country with one unified platform. Designed by attorneys, TrueVault US is a software solution that guides you at every step of the way, from onboarding vendors to responding to consumer privacy requests.
To learn more about how TrueVault US can help your business, contact our team today.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal advice. This content is not a substitute for obtaining legal advice from a licensed attorney. The information on this page may be changed without notice and is not guaranteed to be complete, correct or up-to-date, and may not reflect the most current legal developments.