Indiana’s Privacy Law Just Kicked In. Here’s What It Means for You.

On January 1, 2026, Indiana became one of the newest states to give residents the right to control their personal data. The Indiana Consumer Data Protection Act (ICDPA) is now in effect, and most Hoosiers have no idea it exists.

That’s a problem, because the law only works if people use it.

What the ICDPA Gives You

The ICDPA applies to companies that conduct business in Indiana or produce products consumed by Indiana residents and that process the personal data of at least 100,000 consumers, or 25,000 consumers if they derive more than 50% of revenue from data sales.

Your rights under the law: the right to confirm whether a company is processing your data, the right to access it, the right to correct inaccuracies, the right to delete data you’ve provided, the right to obtain a portable copy, and the right to opt out of targeted advertising, data sales, and profiling.

The Indiana Attorney General enforces the law. Companies get a 30-day cure period to fix violations before penalties apply.

Why This Matters Now

Before January 1, 2026, Indiana residents had no comprehensive legal mechanism to demand companies delete their personal data. Opt-out requests to data brokers were entirely voluntary. Now they carry legal weight.

Data brokers have your name, address, phone number, email, employment history, property records, vehicle registration, estimated income, family members’ names, and more. All of it has been collected, aggregated, and sold without your consent. The ICDPA gives you the right to demand its deletion.

The Surveillance Landscape in Indiana

License plate readers. Indianapolis and surrounding communities have deployed automated license plate readers. Flock Safety has contracts throughout the state. The same concerns that led Oregon and Arizona communities to cancel Flock contracts apply in Indiana — local police searching on behalf of federal agencies, data accessible beyond local control.

Facial recognition. Indianapolis Metropolitan Police Department has used facial recognition technology. There are no statewide restrictions on government use of facial recognition in Indiana.

Data brokers. Indiana’s large population and commercial activity make it a significant market for data brokers. Your information is almost certainly available on dozens of broker sites.

What Indiana Residents Should Do

Step 1: Exercise your new ICDPA rights. Submit deletion requests to data brokers and cite the Indiana Consumer Data Protection Act by name. This is new legal leverage you didn’t have before January 1. Start with Spokeo, BeenVerified, WhitePages, Radaris, TruePeopleSearch, and FastPeopleSearch.

Step 2: Run a facial recognition audit. Search yourself on PimEyes, FaceCheck.ID, Google Lens, Yandex, and TinEye. Submit opt-out requests for any databases that have indexed your face.

Step 3: Check your vehicle exposure. Use DeFlock.me to map license plate readers in your area. Check plate lookup sites and opt out. Review connected car data sharing settings.

Step 4: Disable ad tracking. On iPhone: Settings > Privacy & Security > Tracking > toggle off. On Android: Settings > Privacy > Ads > Delete advertising ID.

Step 5: Harden your digital footprint. Private social media profiles. Disable face tagging. Strip photo metadata. Use encrypted messaging. Disconnect linked accounts.

Step 6: Monitor for re-listing. Data brokers re-acquire information continuously. Plan to re-check quarterly or set up ongoing monitoring.

The Bottom Line

Indiana residents now have real privacy rights. The ICDPA isn’t as strong as Illinois’s BIPA or California’s CCPA, but it gives you legal standing to demand deletion of your personal data from companies that have been collecting and selling it without your knowledge.

The law is brand new. Most companies are still adjusting to compliance requirements. That means right now — in the first months of the law’s existence — is the best time to submit deletion requests while companies are most motivated to demonstrate compliance.