United States of America: Rejected Consumer Data Protection Bill (HB 1554) including cybersecurity regulation

On 28 April 2023, the Indiana Consumer Data Protection Bill (HB 1554) was rejected after failing to pass before the legislature session adjourned. The Bill would have introduced a new article in the Indiana Code concerning consumer data protection, which would have applied to private, for-profit entities controlling or processing the personal data of at least 100'000 consumers, or at least 25'000 consumers in case the entity derives more than 50% of its revenue from the sale of their data (unless they are institutions of higher education). The Bill would have also required entities to implement data security practices protecting the confidentiality, integrity, and accessibility of consumer personal data.