Indiana Consumer Data Protection Act

What is INCDPA?


The Indiana Consumer Data Protection Act (INCDPA) is Indiana’s response to the trend of state privacy laws in the United States. It becomes enforceable in 2026 and contains provisions very similar to those of other consumer privacy laws.

The legislation provides Indiana residents with multiple rights regarding their personal data. These include the ability to access and amend their personal data, request deletion of their data under specific conditions, opt out of the sale of their personal data, refuse targeted advertising, and receive a portable copy of their personal data.

The law places several duties on businesses, such as establishing and upholding adequate security measures to safeguard personal data, securing opt-in consent before processing sensitive information, addressing consumer inquiries promptly, and transparently outlining data collection and processing activities in an easily understandable privacy notice.


MergeBase and INCDPA


Despite the ICDPA’s non-applicability to MergeBase upon its enactment, our existing data protection and security measures surpass the standards mandated by this legislation. Consequently, adherence would have been seamlessly achieved if the law had been applicable to us.


How Can MergeBase Help You Comply with the INCDPA?


After you choose the best security steps for your company, MergeBase is ready to help by constantly checking your systems. This active approach allows your company spot and quickly deal with any security threats, showing your strong commitment to keeping data safe.

MergeBase is also great at finding and sorting out weak spots in the parts of your apps that use open-source code and handle personal data. If these weak spots are exploited, they could lead to unauthorized use, sharing, or changing of data, breaking the security rules set by the law.

Plus, our reports are made to work smoothly with your patch management tools. This makes fixing these weak spots quicker, reducing the time your personal data is at risk.

While this way of doing things might not cover every rule you need to follow, it greatly strengthens how secure your data is.