Effective 1-1-2026. Sec. 2. (a) The attorney general may request, pursuant to a civil investigative demand, that a controller disclose any data protection impact assessment that is relevant to an investigation conducted by the attorney general. Upon receipt of such a request, the controller shall make the data protection impact assessment available to the attorney general. Subject to subsection (b), the attorney general may evaluate the data protection impact assessment for a controller's compliance with the responsibilities set forth in IC 24-15-4 . (b) Data protection impact assessments are confidential and exempt from public inspection and copying under IC 5-14-3-4 . The disclosure of a data protection impact assessment pursuant to a request from the attorney general does not constitute a waiver of attorney-client privilege or work product protection with respect to the assessment and any information contained in the assessment. IC 24-15-7 Chapter 7. Processing De-identified Data or Pseudonymous Data; Exemptions 24-15-7-1 Duties of controller possessing de-identified data 24-15-7-2 Pseudonymous data; technical and organizational controls 24-15-7-3 Controller's disclosure of de-identified or pseudonymous data; compliance with contractual commitments Effective 1-1-2026.
‹ Prev All Indiana sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.