State privacy overview

Indiana Data Privacy: A Plain-Language Overview

Informational summary · Indiana Data Privacy Act (Senate Bill 5)
General information — not legal advice. This overview is provided for general educational purposes only and may not reflect the most recent changes in the law. It is not legal advice and does not create any attorney–client relationship. Verify current requirements with the state's official resources and consult qualified counsel before acting.

Indiana Data Privacy Act (Senate Bill 5)

Status: Effective January 1, 2026

The Indiana Data Privacy Act is a comprehensive law regulating the collection and processing of personal data. It requires covered businesses to implement safeguards, respect consumer rights, and enter into data processing agreements. The law follows a model similar to other state privacy statutes, granting residents control over their information while allowing exemptions for small businesses and certain regulated data.

Rights residents generally have

Who it generally applies to

For-profit entities that conduct business in Indiana or target Indiana residents and meet one of the following: process or control the personal data of at least 100,000 consumers (excluding employees), or derive over 25% of gross revenue from the sale of personal data and process or control the data of at least 25,000 consumers. Lower thresholds exist for data brokers.

What this means for B2B outreach

The law explicitly excludes personal data used in commercial or employment contexts (B2B contact info, employee data) from its requirements. It also largely defers to the federal CAN-SPAM Act for commercial email compliance.

Authoritative source: Indiana Attorney General. Always confirm current requirements there.

Marketing that respects privacy by design

We run permission-based, compliance-minded campaigns with real opt-out handling.

Talk to us

← All state privacy overviews