The Indiana Consumer Data Protection Act took effect January 1, 2026. Most people in Indiana have no idea it exists. That tracks. The law only works if you use it, and nobody told you it was there.
What the ICDPA Gives You
The law covers companies doing business in Indiana that process data on 100,000+ consumers, or 25,000+ if more than half their revenue comes from selling data.
Your rights: confirm whether a company has your data, access it, correct it, delete it, get a portable copy, and opt out of targeted advertising, data sales, and profiling. The Indiana Attorney General enforces it. Companies get a 30-day cure period before penalties hit.
Why This Matters Now
Before January 1, 2026, opt-out requests to data brokers in Indiana were voluntary. Companies could ignore them. Now they carry legal weight.
Before 2026, data broker opt-out requests in Indiana were voluntary. The ICDPA turned them into legal demands.
Data brokers hold your name, address, phone, email, employer, property records, vehicle info, estimated income, and family members’ names. All collected and sold without your consent. The ICDPA gives you the right to demand deletion.
Surveillance in Indiana
License plate readers. Flock Safety has contracts across Indianapolis and surrounding areas. Local police search on behalf of federal agencies. Data moves beyond local control.
Facial recognition. Indianapolis Metropolitan Police use it. No statewide restrictions exist on government facial recognition in Indiana.
Data brokers. Indiana’s population and commercial activity make it a prime market. Your information sits on dozens of broker sites right now.
What to Do
1. Use the ICDPA. Submit deletion requests to data brokers and cite the law by name. Start with Spokeo, BeenVerified, WhitePages, Radaris, TruePeopleSearch, FastPeopleSearch.
2. Audit facial recognition exposure. Search yourself on PimEyes, FaceCheck.ID, Google Lens, Yandex, TinEye. Opt out of any database that indexed your face.
3. Check vehicle exposure. Map plate readers via DeFlock.me. Opt out of plate lookup sites. Review connected car data sharing.
4. Kill ad tracking. iPhone: Settings > Privacy > Tracking > off. Android: Settings > Privacy > Ads > Delete advertising ID.
5. Harden everything else. Private profiles. No face tagging. Strip photo metadata. Encrypted messaging. Disconnect linked accounts.
6. Monitor. Brokers re-acquire data constantly. Re-check quarterly or set up ongoing monitoring.
Bottom Line
The ICDPA is weaker than Illinois BIPA or California CCPA. It still gives you legal standing to demand deletion from companies that collected and sold your data without telling you. The law is new. Companies are scrambling to comply. Submit deletion requests now, while compliance pressure is highest.
— J. Daniel, Dark Scrub