Compliance
ICDPA
The Indiana Consumer Data Protection Act (ICDPA) grants Indiana residents certain access and control rights concerning their personal data.
Cassie helps you achieve compliance without you having to compromise your business goals.
What is the Indiana Consumer Data Protection Act?
Indiana Consumer Data Protection Act (ICDPA) is a data privacy law designed to protect the personal information of Indiana residents. Effective from January 1, 2026, it grants consumers rights to access, correct, delete, and opt-out of the sale of their personal data.
The law also imposes obligations on businesses to provide clear privacy notices, implement reasonable data security practices, and limit the collection and use of personal data.
Does your business need ICDPA compliance?
The ICDPA applies to any company targeting Indiana consumers that either:
- Annually controls or processes personal data about at least 100,000 Indiana residents, or
- Annually controls or processes personal data about at least 25,000 Indiana residents and derives over 50% of gross revenue from the sale of personal data.
Many exemptions apply, including (but not limited to):
- Public bodies.
- Financial institutions under the Gramm-Leach-Bliley Act.
The ICDPA also exempts the processing of certain types of personal data, including health information covered by the Health Insurance Portability and Accountability Act (HIPAA).
Consumer rights under Indiana CDPA
The ICDPA provinces consumers with several rights over their personal data, including the right to:
Confirm whether a controller is processing the consumer’s personal data.
Access a copy of their personal data.
Correct any inaccuracies in their personal data.
Delete their personal data.
Obtain a copy of their personal data in a portable, machine-readable format.
Opt out of the sale of their personal data, targeted advertising, profiling “in furtherance of decisions that produce legal or similarly significant effects”.
Controllers have a 45-day deadline for responding to a consumer rights request and can obtain a 45-day extension available when reasonably necessary.
Consumers can make a request once per year, and controllers must not charge a fee unless the request is manifestly unfounded, technically infeasible, excessive, or repetitive.
Why choose Cassie?
Most consent management providers offer templated solutions so that you can ensure compliance. This might sound good and exactly what you’re after, but you’ll have to sacrifice your business goals to achieve this.
With Cassie’s CPM you can be confident in knowing that you’ll be compliant with ICDPA and other relevant regulations without having to jeopardize business aims and objectives. As well as achieving compliance, you’ll be able to build trust and loyalty with your customers by offering transparency.
Protect individual privacy
Allow end users to take control of their preferences with granular consent controls enforced across domains, devices and platforms
Avoid fines and brand damage
Cassie enables organizations to meet the complex requirements of APP and mitigate risk with a robust framework for managing consent, avoiding severe penalties and reputational damage
Pass audit inspections
Be prepared for compliance audits with demonstrable tracking and complete history logs, alongside advanced RoPA and DSAR modules to improve efficiencies and assess risk
Ensure data security
Cassie is SOC 2 certified, assuring organization’s data is safeguarded from unauthorized access or breaches with industry-leading encryption protocols and practices
Centralized source of truth
Use Cassie to honor and enforce consent data via APIs and integrations at high volume, in real-time for APP compliance across your tech stack (CRMs, CMS, marketing automation tools, BI tools)
Complex consent made simple
For every consent captured, Cassie can store unlimited key value pairs of additional information against those consents to unlock scalable, granular consent management
