This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

INDIANAPOLIS – Indiana lawmakers are considering a bill that would give Hoosiers more control over how some companies use their data.

Senate Bill 358 unanimously passed the Senate and is now in the House for consideration.

“We may be the only fourth state in the country that’s done this,” said State Sen. Liz Brown (R-Fort Wayne), one of the bill’s authors.

Brown’s bill would allow Hoosiers to find out what data companies are keeping. Consumers could also ask companies to delete their data or not use it for purposes like targeted advertising.

“It also makes companies have to do a data protection assessment every year to make sure they actually are protecting our data,” Brown said.

The bill would apply to companies that conduct business in Indiana that control or process data of at least 100,000 people. It also applies to businesses that collect data for 25,000 people and make at least half of their gross revenue by selling personal information.

There are some exemptions, including financial institutions, facilities regulated by the U.S. Department of Health and Human Services and non-profit organizations. 

“A lot of businesses are involved in the personal data game today, and there’s big money in that game,” said attorney Ray Biederman, a founding partner at Mattingly Burke Cohen & Biederman.

The legislation would help consumers better understand what’s happening with their information, Biederman said.

Under the bill, enforcement would be left to the state attorney general, so Hoosiers themselves would not be able to sue companies who don’t comply, Biederman explained.

“On an aggregate basis, the attorney general can harness pretty severe powers to get compliance out of larger companies,” he said.

If Senate Bill 358 becomes law, it would take effect January 1, 2025.