By Ted Cotterill – Indiana Chief Privacy Officer and Tracy Barnes – State of Indiana Chief Information Officer

When it comes to being a resource for cybersecurity and specifically, privacy and the responsible use of data, the State of Indiana’s strategy is to provide information that’s free, comes from trusted sources and knowledgeable experts, and most importantly, is accurate.

What’s more, the State’s cybersecurity resources are available to all Hoosiers, businesses, and local government – including our schools – on the Indiana Cyber Hub website. And that includes the newly launched PII Guidebook 2.0.

First developed in 2021 by a subcommittee of the Indiana Executive Council on Cybersecurity (IECC), whose membership is comprised of private and public sector leaders in privacy and cybersecurity, the PII Guidebook has been updated to reflect the rapidly changing regulatory landscape in the space. These updates are now being used by organizations and companies in Indiana to protect the personally identifiable information (PII) and data assets that they leverage as an important part of their day-to-day operations.

Intended as a free, “how to” resource, the release of this updated guidebook comes at a critical time when more than 52 percent of all data breach incidents in global organizations involved a customer’s PII, making it the most frequently breached type of data.

Beginning with the definition of the term PII, the guidebook includes a list of sources and definitions, along with a summary of the categories of PII that must be protected. Throughout the guide, there is a great deal of helpful information intended to provide greater context and understanding of privacy, as it can be difficult for small and midsized organizations to maintain that proficiency in-house.

The Subcommittee has also included a section that provides an overview of the “current state of PII,” which encompasses a selection of important privacy developments that have occurred during the last decade, including the adoption of a new article in the Indiana Code concerning consumer data protection that was enacted by the Indiana General Assembly in 2023 and takes effect on January 1, 2026. Looking ahead, there are also a number of “future developments” that are being considered that could impact how sensitive data and, for that matter, our personal information may be protected in the years to come.

In our roles as the State of Indiana’s Chief Privacy Officer and Chief Information Officer, respectively, we are pleased to help share the PII Guidebook 2.0 with all Hoosiers. Indiana is making great strides in cybersecurity, privacy, and responsible data. For more information about the state’s data strategy – including a newly-adopted policy involving artificial intelligence (AI) systems, be sure to visit the website of the Office of the Indiana Chief Data Officer, and for the latest information on all things privacy and cybersecurity, check out the Indiana Cyber Hub website and be sure to take a look at the all-new Indiana Privacy Toolkit.

Protecting someone’s personal information is not always easy, even if you have a lot of resources or the personnel to sort through the regulations and make sense of it all. It’s our hope that the PII Guidebook 2.0 and the Indiana Privacy Toolkit will help Indiana organizations do just that.