Iowa Consumer Data Protection Act (ICDPA) Awareness Course

Coming Soon: March 2026 Delivery: 100% online Duration: 30-35 minutes Certificate on Completion

0:00

15,000+ learners across our course collection. Immediate access on launch. 14 day 100% money-back guarantee.

Iowa takes a streamlined approach to consumer privacy. The ICDPA provides consumers with a more limited set of rights compared to other states, includes a generous 90-day response window, and features a permanent cure period - making it one of the more business-friendly state privacy laws.

This course gives your team practical guidance on the Iowa Consumer Data Protection Act. We cover who the law applies to, what rights Iowa residents have, how Iowa differs from other state laws, and what the permanent 90-day cure period means for compliance.

The ICDPA became effective January 1, 2025, making it one of the newer comprehensive state privacy laws. No technical background required - just focused, practical training your team can apply immediately.

Why learn about the ICDPA?

Understand Iowa's streamlined approach to privacy compliance
Know the specific consumer rights that apply in Iowa
Work within the 90-day response timeframe for consumer requests
Leverage the permanent 90-day cure period for compliance flexibility
Avoid penalties of up to $7,500 per violation

Course features

Iowa-specific

Focused entirely on the ICDPA with Iowa-specific requirements, thresholds, and enforcement context.

Practical scenarios

Real-world examples showing how the ICDPA applies in everyday business situations.

Comparison insights

Understand how Iowa differs from other state privacy laws to streamline multi-state compliance.

Official sources

Built from Iowa statutes and official guidance, with references to official documentation.

Learning with us

Course information

Learning outcomes

Understand when and how the ICDPA applies to your organisation
Know the rights Iowa residents have over their personal data
Understand what makes Iowa different from other state privacy laws
Handle consumer requests correctly within the 90-day timeframe
Leverage the permanent cure period for compliance flexibility

Training recommendations

All employees who handle customer data should complete this training.
Annual refresher training is recommended to stay current with any regulatory changes.
Teams handling consumer requests may benefit from additional role-specific training.

This course is recommended for

Employees who handle customer data at organisations that conduct business in Iowa or target Iowa residents. This includes marketing, sales, customer service, HR, IT, and compliance teams.

Prerequisites

There are no prerequisites for this course. No legal or technical background is required.

What do I need for this course?

This course is 100% online and delivered through our online learning platform. Organisations can also access this content via their own LMS on request (SCORM format available).

Course content

Section 1: Understanding Iowa's Privacy Framework

In this section we introduce the Iowa Consumer Data Protection Act and explain its place in the US state privacy landscape. Iowa takes a streamlined approach with limited consumer rights compared to other states.

Lessons

Introduction to the ICDPA
Who the law applies to
Key definitions explained
Iowa residents and their rights

Section 2: Consumer Rights Under the ICDPA

Iowa provides consumers with a more limited set of rights compared to states like California or Colorado. This section covers what rights Iowa residents have and what your obligations are when handling requests.

Lessons

The right to know
The right to access
The right to delete
The right to opt out of sales and targeted advertising
No right to correct - understanding Iowa's approach
Handling consumer requests within 90 days

Section 3: Sensitive Data and Consent

Iowa requires opt-in consent before processing sensitive data. We explain what counts as sensitive data under Iowa law and how to handle consent requirements.

Lessons

What is sensitive data under ICDPA?
The opt-in consent requirement
Children's data protections
Practical consent workflows

Section 4: Operational Requirements

This section covers the operational requirements of the ICDPA including privacy notice requirements, security obligations, and working with processors.

Lessons

Data minimisation principles
Purpose limitation
Security requirements
Processor contracts and obligations
Privacy notice requirements

Section 5: What Makes Iowa Different

Iowa's approach differs from other state privacy laws in several key ways. This section covers the unique aspects including the permanent cure period and limited consumer rights.

Lessons

Higher response timeframes (90 days)
No data protection assessment requirement
No universal opt-out mechanism requirement
Limited consumer rights
Permanent 90-day cure period

Section 6: Enforcement and Compliance

Understand the enforcement landscape, the permanent 90-day cure period, and what penalties look like under Iowa law.

Lessons

Attorney General enforcement
The permanent 90-day cure period
Consumer complaints process
Penalties and remedies
No private right of action

Section 7: Assessment

Test your knowledge with scenario-based questions covering all the key ICDPA concepts from the course.

Lessons

Knowledge check (10 questions)

How it works

Step 1

Get notified

Sign up to be notified when this course launches. You'll be among the first to know and can start training your team immediately.

Step 2

Start learning

Each team member will have access to the learning materials and assessment. On completion of the course, team members will be issued with a certificate.

Step 3

Stay compliant

As the ICDPA evolves, we'll update the course. Trainees can review updated materials to stay current with any changes.

What's included

Training

Distraction-free online learning platform
Scenario-based end of course assessment

Updates

Access to all course material updates and enhancements for the length of your access period

Certification

Certificate on completion

Course FAQs

Will I get a certificate?

Yes, on completion of the course you will be issued with a digital certificate. It will be issued by our team shortly after completion of the course including the end of course assessment. You can add this to your LinkedIn profile.

Who should take this course?

This course is designed for employees who handle customer data at organisations that may be subject to Iowa's privacy law. This includes marketing, sales, customer service, HR, and IT teams.

How is the ICDPA different from other US state privacy laws?

The ICDPA takes a streamlined approach with limited consumer rights. Key differences include: no right to correct data, 90-day response timeframe (longer than most states), no data protection assessment requirement, no universal opt-out mechanism requirement, and a permanent 90-day cure period that never expires.

Does the ICDPA apply to my organisation?

The ICDPA applies to organisations that conduct business in Iowa or target Iowa residents, AND either: (a) control or process personal data of 100,000+ Iowa consumers, or (b) control or process data of 25,000+ Iowa consumers and derive more than 50% of gross revenue from selling personal data.

What are the penalties for non-compliance?

The Iowa Attorney General can impose civil penalties of up to $7,500 per violation. Importantly, Iowa provides a permanent 90-day cure period - if you fix the violation within 90 days of notice, no penalty applies. This cure period does not expire.

Is there a money back guarantee?

Yes, we offer a 14-day 100% money-back guarantee. If you are not satisfied with the course for any reason, simply contact us within 14 days of purchase for a full refund.

How long does the course take?

The course typically takes 30-35 minutes to complete. You can pause and resume at any time, and your progress is automatically saved.