Storing Sensitive Data Digitally

 

In today’s current digital landscape, storing data securely is more critical than ever before. Regardless of whether you’re managing client information, customer details, or other confidential data, implementing security measures is imperative to protect against data breaches and maintain trust.

While laws and regulations regarding digital data security are still being developed and implemented in most jurisdictions, we should take a look at some of the existing procedures both locally and nationally.

The Indiana Consumer Data Protection Act (INCDPA) was signed in 2023 and will go into effect in 2026 to provide ample time for compliance. The act applies to “controllers” who are the individuals who determine the purposes and methods of processing personal data, and “processors” who are those who handle data on behalf of the controllers.

The INCDPA applies to “personal data” which it defines as “information that is linked or reasonably linkable to an identified or identifiable individual.” One of the key provisions of the INCDPA is that it gives consumers the right to opt out of processing their personal data for sale of said data, targeted advertising, and profiling.

Even though the INCDPA doesn’t take effect until 2026, there are numerous other sources of existing protections for consumer data, including the following federal legislation:

• HIPAA (Health Insurance Portability and Accountability Act): Protects medical information.
• Gramm-Leach-Bliley Act: Safeguards consumers’ financial information.
• FERPA (Family Educational Rights and Privacy Act): Ensures privacy of student education records.
• FISMA (Federal Information Security Modernization Act): Requires federal agencies to implement information security programs.
• CLOUD Act (Clarifying Lawful Overseas Use of Data Act): Addresses cross-border data access and privacy issues.
• CISA (Cybersecurity Information Sharing Act): Promotes information sharing about cybersecurity threats between the private sector and government.

However, it is important to note that the United States lacks comprehensive and robust data privacy laws, which has led states to enact laws that provide varying levels of protection such as the INCDPA. Additionally, many of the existing laws such as HIPPA were enacted prior to the current digital age, and likely would need updates to address the more modern issues.

If you have any questions about data security and privacy policy and how it can be best utilized for you and your business, please contact McNeelyLaw LLP by calling (317) 825-5110.

 

This McNeelyLaw LLP publication should not be construed as legal advice or legal opinion of any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own lawyer on any specific legal questions you may have concerning your situation.