Why Data Privacy Compliance Matters for Indiana Businesses
The Indiana Consumer Data Protection Act (INCDPA) was signed into law on May 1, 2023. It goes into effect on January 1, 2026.
That means businesses still have time to prepare—but shouldn’t wait. If you process personal data from Indiana residents, this law may apply to you, even if your company is based in another state. Industries most affected include:
-
Retail
-
Health care
-
Financial services
-
Software vendors
-
Manufacturers
If your business falls into one of these categories—or handles customer data at scale—it’s time to start preparing now.
About the Indiana Consumer Data Protection Act (SB 5)
The INCDPA applies to businesses that:
-
Process the data of 100,000+ Indiana residents, or
-
Process data from 25,000+ residents and earn more than 50% of revenue from selling personal information
It grants Indiana residents the following rights:
-
Right to Opt Out – Say no to data being sold or shared
-
Right to Access – See what personal data a company has collected
-
Right to Delete – Request deletion of that data
-
Right to Correct – Fix inaccurate personal information
-
Right to Confirm – Ask if a business is processing their data
Indiana’s law doesn’t introduce major new concepts—it’s similar to other recent state privacy laws. But that doesn't mean compliance is simple. The stakes are high, and the timeline is short.
How Oso Helps You Comply
Deliverable Based Services
Policies, procedures, internal guidelines, and more.
Risk Assessment
We help you identify, assess, and address privacy risks.
Employee Training
Training tailored to your team and your industry.
AI Governance
Ensure ethical and compliant AI use.
At Oso, we offer a full suite of services to help you meet the requirements of the Indiana Consumer Data Protection Act. Whether you're building a privacy program from scratch or improving what you already have, we’ve got you covered. Our services include:
Our Process
Our process starts with a conversation. We get to know your business and understand your current privacy practices.
From there, we may recommend a Risk Management session to identify any compliance gaps. Based on what we find, we’ll create a custom plan that could include:
-
New or updated privacy policies
-
Vendor reviews and third-party agreements
-
Employee training sessions
-
Website cookie and disclosure updates
-
Privacy audits or AI governance setup
Some clients just need a few quick updates. Others need a full program buildout. Either way, we work at your pace and within your scope.
Serving Indiana Businesses with Excellence
Indiana’s law may be new, but data privacy isn’t new to us.
We’ve helped companies navigate similar laws across the U.S.—from California and Colorado to Texas and beyond. That experience gives us a clear edge over firms that are only now starting to learn what these laws mean.
We already know what works, what regulators look for, and how to build a compliant, flexible privacy program. When INCDPA takes effect in 2026, you won’t be scrambling, you’ll be ready.
Common Questions (FAQ)
Do small businesses need to comply?
Yes. Indiana’s law doesn’t include a minimum revenue threshold. If your business processes enough data, you may be required to comply—no matter your size.
Are employee records covered?
No. Employment-related data is not covered under the INCDPA.
Does this apply to out-of-state companies?
Yes. If you handle data from Indiana residents, the law may apply—even if your business is based elsewhere.
When should I start preparing?
As soon as possible. The law goes into effect in January 2026, but compliance takes time. It’s smart to get ahead of it.
CONTACT
Let's Get Started! Schedule a Free Consultation
Fill out this form and we'll be in touch within 48 hours to schedule some time with you.
Oso Privacy Consultants is located in Louisiana, but serving businesses globally.