Embracing consumer data privacy

Indiana recently became the seventh state to enact a comprehensive data privacy law. The General Assembly passed the legislation unanimously, and it has now been signed into law by the Governor.

It may come as a surprise that the CEO of a data capture company is involved in aggressively and ambitiously working to support data privacy laws. But for me it makes perfect sense, and it should for other companies, too.

For businesses across a variety of industries, it is already costly to comply with existing consumer privacy regulations advanced at the global, federal, state and industry levels. My company, for example, already complies with the EU’s General Data Protection Rule (GDPR), HIPAA and a handful of early state regulations that have taken effect, including California’s and Virginia’s data privacy laws.

I prefer to tweak our software using small screw drivers instead of big ones. Our company can make the big compliance changes one time, like with GDPR, and then comply with additional regulations by making small tweaks. At some point, the federal government will get smart and create one law, eliminating the need for individual states to act. But until that happens, it is in the best interest of impacted companies to encourage states to pass similar regulations that will result in the fewest amount of tweaks needed to comply.

That’s why I advocated for this data privacy law in Indiana. My company is a member of the Indiana Technology & Innovation Association (ITIA) which gave us a platform to engage in this legislation and work with other stakeholders to advance our shared goals for the law. The version of the law that passed is much more palatable than the version that was first introduced last year.

The final bill is modeled after Virginia’s law, which was written to protect the consumer while making it much easier for companies to comply. Indiana’s law includes giving consumers various rights over their personal data, such as the ability to confirm whether a company is processing their data, correct inaccuracies, have their personal data deleted, obtain a copy of their data, and opt out of data processing. The new law takes effect January 1, 2026, giving companies time to make needed adjustments to their software and operating procedures.

Because of stakeholder engagement, input and collaboration with the bill author Senator Liz Brown, the Legislature passed a consumer protection law that technology companies can help implement, gladly.

I was a member of the front line when the Do Not Call list was initiated and passed by the U.S. Congress – quickly, unanimously and enthusiastically. The measure that passed gave the Federal Trade Commission (FTC) the jurisdiction to manage and prosecute, and it blew through Congress faster than a pay raise.

Had you told me a bill that restricted a $60 billion industry was being signed on the South Lawn of the White House by a Republican President, I would have insisted on taking your temperature. That happened in 1991. It was hailed by some as sounding the death bell for the teleservices industry and even had a shot at a hearing in the Supreme Court.

But, interestingly enough, it ended up preempting many states to the point where instead of having 50 different sets of regulations, there are only 12 states that currently manage their own Do Not Call list. Hopefully that’s what ultimately happens with data privacy, and we can meaningfully protect consumers without stifling innovation and business.

Instead of sitting back and hoping, I will continue to stay fully engaged and do what I can, as the CEO of a data capture company, to get ahead of any regulations and do my part to protect consumers. I encourage others to join me.

Formed and organized in 1999, Mobius VP LLC is a business process design, management and performance improvement firm, which later became focused on data feedback, interpretation and analysis.