The Indiana Consumer Data Protection Act grants Indiana residents comprehensive rights over their personal data, including the right to access, correct, delete, and obtain portable copies of personal data, as well as the right to opt out of data sales, targeted advertising, and profiling. Controllers must provide clear privacy notices, practice data minimization, conduct data protection assessments for high-risk processing, and establish reasonable data security practices. The law applies to entities conducting business in Indiana that process personal data of 100,000 or more residents, or 25,000 or more residents while deriving over 50 percent of revenue from data sales. Enforcement is exclusively through the Indiana Attorney General with a 30-day cure period.
ConductAtlas maps governance language to potentially relevant regulatory frameworks. Regulatory applicability and enforceability may vary by jurisdiction, enforcement context, and individual circumstances. This page is informational and does not constitute legal advice. Methodology
Showing 30 of 5787 provisions. View all →
Get alerted when platforms change their policies — including -relevant provisions.
Subscribe to Monitor — $19/moConductAtlas tracks -relevant provisions across 100 platforms. Each platform's specific provisions are classified by severity and mapped to requirements.
ConductAtlas captures policy documents daily, classifies provisions by regulatory framework, and flags changes that affect obligations. Every change is archived with cryptographic verification.