Compare with different regulatory event:
On 1 May 2023, Senate Bill 5 was signed into law by the Governor of Indiana. The Bill would establish a new article in the Indiana Code concerning consumer data protection, which would apply to private, for-profit entities controlling or processing the personal data of at least 100'000 consumers, or at least 25'000 consumers in case the entity derives more than 50% of its revenue from the sale of their data, excluding institutions of higher education. The article would establish a number of data subject rights, including the rights to confirm whether a controller is processing their personal data, correct inaccuracies, delete data, obtain a copy or representative summary of the data, or opt out of the processing of their data for certain purposes. In addition, the new article will require entities to implement data security practices protecting the confidentiality, integrity, and accessibility of consumer personal data. Such practices will need to be commensurate with the volume and nature of consumer personal data in question. Further, the Bill includes provisions on the roles and responsibilities of data controllers and processors, including observing principles of reasonable necessity in processing, abiding by laws prohibiting unlawful discrimination, and carrying out data protection assessments. The investigation of potential violations and enforcement of this article would fall under the authority of the Indiana Attorney General. The Bill will be effective from 1 January 2026.
Original source