Skip to main content
Find a Lawyer

Indiana Code Title 24. Trade Regulation § 24-15-4-1

Current as of January 02, 2024 | Updated by Findlaw Staff

<Section effective January 1, 2026.>

Sec. 1. Except as provided in IC 24-15-7-2, a controller has the following responsibilities:

(1) A controller shall limit the collection of personal data to what is adequate, relevant, and reasonably necessary in relation to the purposes for which such data is processed, as disclosed to the consumer.

(2) Except as otherwise provided in this article, a controller shall not process personal data for purposes that are neither reasonably necessary for nor compatible with the disclosed purposes for which the personal data is processed, unless the controller obtains the consumer's consent.

(3) A controller shall establish, implement, and maintain reasonable administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of personal data.  The data security practices required under this subdivision must be appropriate to the volume and nature of the personal data at issue.

(4) A controller shall not process personal data in violation of state and federal laws that prohibit unlawful discrimination against consumers.  A controller shall not discriminate against a consumer for exercising any of the consumer rights set forth in this article, including by denying goods or services to the consumer, charging different prices or rates for goods and services, or providing a different level or quality of goods or services to the consumer.  However, nothing in this subdivision shall be construed to:

(A) require a controller to provide a product or service that requires the personal data of a consumer that the controller does not collect or maintain;  or

(B) prohibit a controller from offering a different price, rate, level, quality, or selection of goods or services to a consumer, including offering goods or services for no fee, if the consumer has exercised the consumer's right to opt out under IC 24-15-3-1(b)(5) or if the offer is related to a consumer's voluntary participation in a bona fide loyalty, rewards, premium features, discount, or club card program.

(5) A controller shall not process sensitive data concerning a consumer without obtaining the consumer's consent, or, in the case of the processing of sensitive data concerning a known child, without processing such data in accordance with the federal Children's Online Privacy Protection Act (15 U.S.C. 6501 et seq.).

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Indiana Code Title 24. Trade Regulation § 24-15-4-1 - last updated January 02, 2024 | https://codes.findlaw.com/in/title-24-trade-regulation/in-code-sect-24-15-4-1/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard