Indiana Consumer Data Protection Act (INCDPA) Awareness Course
Indiana's privacy law takes a business-friendly approach with a narrow definition of "sale" and broad federal law exemptions. If your organisation already complies with HIPAA, GLBA, or other federal privacy regulations, you may benefit from significant exemptions under the INCDPA.
This course gives your team practical guidance on the Indiana Consumer Data Protection Act. We cover who the law applies to, what rights Indiana residents have, the narrower definition of sale (monetary only), and how federal law exemptions work.
The INCDPA also provides a permanent 30-day cure period, giving organisations time to address any alleged violations before enforcement action. Understanding these provisions helps you build an efficient compliance strategy. No technical background required - just focused, practical training your team can apply immediately.
Why learn about the INCDPA?
- Understand Indiana's narrow definition of "sale" (monetary only)
- Know how federal law exemptions (HIPAA, GLBA) may reduce your compliance burden
- Handle consumer data requests correctly within required timeframes
- Leverage the permanent 30-day cure period effectively
- Build an efficient multi-state privacy compliance strategy
Course features
Indiana-specific
Focused entirely on the INCDPA with Indiana-specific requirements, thresholds, and the narrower definition of sale.
Practical scenarios
Real-world examples and case studies showing how the INCDPA applies in everyday business situations.
Exemptions explained
Clear guidance on federal law exemptions and how they may reduce your compliance obligations.
Official sources
Built from the Indiana Code and official guidance, with references to authoritative documentation.
Learning with us
Course information
Learning outcomes
- Understand when and how the INCDPA applies to your organisation
- Know the rights Indiana residents have over their personal data
- Recognise sensitive data and understand the opt-in consent requirement
- Understand how federal law exemptions may affect your compliance
- Understand the cure period, penalties, and enforcement mechanisms
Training recommendations
- All employees who handle customer data should complete this training.
- Annual refresher training is recommended to stay current with any amendments and enforcement developments.
- Teams handling sensitive data or consumer requests may benefit from additional role-specific training.
This course is recommended for
Employees who handle customer data at organisations that conduct business in Indiana or target Indiana residents. This includes marketing, sales, customer service, HR, IT, and compliance teams.
Prerequisites
There are no prerequisites for this course. No legal or technical background is required.
What do I need for this course?
This course is 100% online and delivered through our online learning platform. Organisations can also access this content via their own LMS on request (SCORM format available).
Course content
In this section we introduce the Indiana Consumer Data Protection Act and explain why it matters for your organisation. We cover when the law applies, who it protects, and the key definitions you need to understand.
Lessons
- Introduction to the INCDPA
- Who the law applies to
- Key definitions explained
- Indiana residents and their rights
Indiana residents have specific rights over their personal data. In this section we cover what those rights are, how to recognise a valid request, and what your obligations are when you receive one.
Lessons
- The right to confirm and access
- The right to correction and deletion
- The right to data portability
- The right to opt out of sales and targeted advertising
- Handling consumer requests
The INCDPA requires opt-in consent before processing sensitive data. We explain what counts as sensitive data under Indiana law and how to handle it correctly.
Lessons
- What is sensitive data under INCDPA?
- The opt-in consent requirement
- Children's data protections
- Biometric and health data considerations
This section covers the operational requirements of the INCDPA including data minimisation, purpose limitation, security obligations, and working with third-party processors.
Lessons
- Data minimisation principles
- Purpose limitation requirements
- Security obligations
- Processor contracts and responsibilities
- Data protection assessments
Indiana has a narrow definition of "sale" and broad exemptions. We explain what these mean and how they affect your compliance obligations.
Lessons
- Sale defined as monetary exchange only
- Federal law exemptions (HIPAA, GLBA, etc.)
- Entity-level vs. data-level exemptions
- Impact on compliance strategy
Understand the enforcement landscape, the permanent 30-day cure period, and what penalties look like. We also cover how to respond if you receive an investigation notice.
Lessons
- Attorney General enforcement
- The permanent 30-day cure period
- Civil penalties
- No private right of action
- Responding to investigations
Test your knowledge with scenario-based questions covering all the key INCDPA concepts from the course.
Lessons
- Knowledge check (10 questions)
How it works
Get notified
Sign up to be notified when this course launches. You'll be among the first to know and can start training your team immediately.
Start learning
Each team member will have access to the learning materials and assessment. On completion of the course, team members will be issued with a certificate.
Stay compliant
As the INCDPA evolves and guidance is issued, we'll update the course. Trainees can review updated materials to stay current.
What's included
Training
- Distraction-free online learning platform
- Scenario-based end of course assessment
Updates
- Access to all course material updates and enhancements for the length of your access period
Certification
- Certificate on completion
Course FAQs
Yes, on completion of the course you will be issued with a digital certificate. It will be issued by our team shortly after completion of the course including the end of course assessment. You can add this to your LinkedIn profile.
This course is designed for employees who handle customer data at organisations that may be subject to Indiana's privacy law. This includes marketing, sales, customer service, HR, and IT teams at organisations that process data of Indiana residents.
Indiana's INCDPA is one of the more business-friendly state privacy laws. It has a narrow definition of "sale" (monetary exchange only, not "valuable consideration"), a permanent 30-day cure period, and broad exemptions for entities already regulated under federal laws like HIPAA and GLBA. This makes it simpler to comply with than some other state laws.
INCDPA applies to organisations that conduct business in Indiana or produce products or services targeted to Indiana residents and meet certain data processing thresholds. The law has specific criteria for the number of consumers whose data you process and whether you derive revenue from selling personal data.
Unlike some state privacy laws that define "sale" broadly to include any exchange of personal data for "valuable consideration" (which could include non-monetary benefits), Indiana defines sale as exchange for monetary consideration only. This means data sharing arrangements that don't involve direct payment are less likely to trigger sale-related requirements.
Yes, we offer a 14-day 100% money-back guarantee. If you are not satisfied with the course for any reason, simply contact us within 14 days of purchase for a full refund.
The course typically takes 30-35 minutes to complete. You can pause and resume at any time, and your progress is automatically saved.
Get notified when this course launches
Sign up to our newsletter to be the first to know when this course is available.
This course will be included in Measured Collective Plus
Get access to all our courses with one subscription from £236/year.
Learn About MC Plus
