New Consumer Privacy Requirements Under the Indiana Consumer Data Protection Act Are Here

Summary

John Williams and Asha Cermak break down Indiana’s new Consumer Data Protection Act, which takes effect on Jan. 1, 2026, outlining the consumer rights to access, correct, delete, and port personal data, as well as opt‑out of selling, targeted ads, and AI profiling. They explain the key business obligations—including updated privacy policies, data‑minimization, cybersecurity safeguards, consent‑management tools, and Data Protection Impact Assessments—while clarifying the law’s exemptions and enforcement mechanics, such as a 30‑day cure period and $7,500 per‑violation fines. The hosts stress the importance of mapping data flows, preparing response processes for consumer requests, and documenting exemption claims to avoid regulatory scrutiny.