Indiana security and surveillance regulations: what businesses must know

Indiana is a one-party consent state for audio recording under Ind. Code 35-33.5 (Wiretap Act). Alarm system contractors are licensed by the Indiana Professional Licensing Agency under IC 25-10.5 and overseen by the Indiana Alarm and Security Systems Board. The Indiana Disclosure of Security Breach Act (Ind. Code 24-4.9) requires notice when personal information, including biometric data, is compromised. Indiana has no recreational cannabis program; CBD and hemp are regulated separately.

Camera-related state law

The governing audio statute is Ind. Code 35-33.5, the Indiana Wiretap Act. The Act prohibits interception of telephonic or telegraphic communications without the consent of a party to the communication, making it a felony in most circumstances. Because consent of one party is sufficient, Indiana is a one-party consent state for audio recording.

Video-only surveillance of common areas with posted notice is generally lawful. Ind. Code 35-46-8.5 makes voyeurism a criminal offense and reaches hidden cameras in places where privacy is reasonably expected (restrooms, dressing rooms, hotel guest rooms). Posted notice at the entrance is the industry standard for any commercial property.

Practical translation. Commercial IN camera installs default to video-only on the cameras and route audio capture through a separate documented intercom or call-recording workflow.

Alarm and security contractor licensing

Indiana licenses alarm system contractors at the state level. The Indiana Professional Licensing Agency (PLA), through the Indiana Alarm and Security Systems Board, administers the program under IC 25-10.5. Companies installing burglar, fire, or electronic security alarm systems for compensation must hold a current state license, and individual installers must meet the board's qualification rules.

For commercial buyers, the practical takeaway is that any vendor installing alarm or electronic security in Indiana should provide a current PLA license number on the proposal. Buyers can verify the license at in.gov/pla. Counties and cities (Indianapolis, Fort Wayne, Evansville, South Bend, Bloomington) often require local alarm permits on top of state licensure.

Biometric data and breach notification

Indiana has not enacted a comprehensive consumer privacy law on the model of CCPA or VCDPA as of early 2026. The Indiana Disclosure of Security Breach Act, Ind. Code 24-4.9, is the primary regulatory anchor for biometric records held by businesses. The Act requires notice to Indiana residents and the Indiana Attorney General following discovery of a breach affecting unencrypted personal information, which expressly includes biometric data used for unique identification.

For commercial security buyers, the practical reach is fingerprint and facial-recognition access control and any AI camera that builds a faceprint template. Operators document consent at enrollment, retain biometric templates only as long as the operational purpose requires, and apply reasonable physical and technical safeguards under the breach-act standard.

Privacy in the workplace

Indiana does not have a single workplace electronic-monitoring statute. Pure video surveillance of common work areas with posted notice is the routine pattern. Cameras in employee-only spaces with a reasonable expectation of privacy (restrooms, locker rooms, lactation rooms) are off-limits.

Most IN employers issue a single workplace surveillance notice in the employee handbook covering cameras, badge access, computer monitoring, and call recording. Audio capture is regulated by Ind. Code 35-33.5 (one-party consent). Manufacturing employers in the Indianapolis-Fort Wayne-Elkhart manufacturing corridor commonly add badge-tied access control to production zones and document the data-handling workflow alongside the surveillance notice.

Video retention requirements

Healthcare. HIPAA Security Rule (45 CFR Part 164) governs PHI-touching footage. Retention is typically 30 to 90 days at the facility.
Retail and hospitality. PCI-DSS Requirement 9 specifies camera coverage of the cardholder data environment with 90-day retention.
Federal contractors. NDAA Section 889 controls vendor selection. Retention is contractor-driven through the SSP.
Schools. FERPA reach for K-12 districts and higher education. Indiana Secured School Safety Grant projects follow grant-award terms.
Hemp and CBD. Indiana has no recreational cannabis program. Hemp operators follow USDA and Indiana State Department of Agriculture rules.

Default retention for IN commercial systems with no specific industry rule is 30 days. Operators in higher-risk industries set longer retention with explicit written retention policies.

What Tec-Tel does to comply with Indiana regulations

Video-only on cameras unless audio is documented with one-party consent under Ind. Code 35-33.5.
Posted surveillance notice at every public entrance.
No cameras in restrooms, locker rooms, dressing rooms, hotel guest rooms, or any space where privacy is reasonably expected.
Biometric capture documented at enrollment with a written retention and destruction schedule.
Retention configured to the regime that governs the industry (HIPAA, PCI, NDAA), with the facility's written retention policy attached.
NDAA Section 889-compliant vendor selection on federal-touching installs.
PLA-licensed alarm contractor work where the install scope triggers IC 25-10.5.

This is a buyer-facing reference, not legal advice. For a specific Indiana regulatory question, work with your privacy counsel.

Security service in Indiana

Tec-Tel deploys AI-era security across Indiana with one accountable project manager owning design, install, and service to one standard. The cities below have local service detail, deal sizing, and a free consultation. Don't see yours? We cover the whole state.

Or browse the full city directory and nationwide coverage map.

Frequent buyer questions

Is Indiana a one-party or two-party consent state for audio recording?

Indiana is a one-party consent state. Ind. Code 35-33.5 (the Indiana Wiretap Act) makes interception of telephonic or telegraphic communications a felony unless a party consents. A participant in the conversation can lawfully record. Ind. Code 35-46-8.5 also addresses unlawful surveillance with hidden cameras in places of privacy. Most IN commercial camera installs go video-only on the cameras to keep audio out of scope.

Does Indiana license alarm and security installers?

Yes. The Indiana Professional Licensing Agency (PLA) and the Indiana Alarm and Security Systems Board regulate alarm system contractors under IC 25-10.5. Companies installing burglar, fire, or electronic security alarm systems for compensation must hold a current state license, and individual installers performing covered work must meet the qualification rules. Buyers can verify a company's license at the PLA website (in.gov/pla).

What's the data breach notification rule in Indiana?

Ind. Code 24-4.9 requires data base owners to notify Indiana residents and the Indiana Attorney General without unreasonable delay following discovery of a breach affecting unencrypted personal information. Personal information under the statute includes name combined with Social Security number, driver's license number, financial account information, and biometric data. The IN AG publishes received breach notifications.

Do I have to give Indiana employees notice before monitoring them?

Indiana does not have a statute as specific as New York Civil Rights Law 52-c that requires written employee notice before electronic monitoring. The general rule is posted notice for common-area camera surveillance, no cameras in restrooms or other private spaces, and one-party consent on any audio capture under Ind. Code 35-33.5. Most IN employers issue a single workplace surveillance notice in the handbook covering cameras, badge access, computer monitoring, and call recording.

Does Indiana have a biometric privacy law like Illinois BIPA?

Not as a standalone BIPA-style statute with a private right of action. Coverage in Indiana runs through Ind. Code 24-4.9 (breach notification) for biometric records and through general consumer protection statutes enforced by the Indiana Attorney General. Indiana has not enacted comprehensive consumer privacy legislation similar to the VCDPA or CCPA as of early 2026. Operators using fingerprint or facial recognition document consent and retention as a defensive practice.

Are there special rules for cameras in Indiana schools?

Indiana public schools follow federal FERPA (20 U.S.C. 1232g) for identifiable student footage. Indiana also operates the Indiana Secured School Safety Grant program, which has funded camera, access control, and intercom upgrades at K-12 districts. Grant-funded projects must follow procurement standards including NDAA Section 889 where federal pass-through funding applies. Most Indiana districts publish a board-adopted camera policy with retention and access rules.

What's a reasonable video retention default for an Indiana commercial system?

Default retention for IN commercial systems with no specific industry rule is 30 days. PCI-DSS Requirement 9 sets 90-day retention for cardholder data environments at retail and hospitality. HIPAA Security Rule (45 CFR Part 164) governs PHI-touching footage at healthcare facilities, typically 30 to 90 days. NDAA Section 889 controls vendor selection on federal-touching installs. Operators in higher-risk industries set longer retention with explicit written retention policies.

Start with a free consultation.

Tell us what you're protecting and what's already in place. The Tec-Tel team reviews it and comes back with a written plan.

Tell us how many sites you run and what's already in place. We'll show you what a build or upgrade looks like.

Straight answers from the team that does the work. We're platform-agnostic, so you get the system that fits your sites, not one brand's catalog.

Since 2010 · 1,000+ deployments nationwide · ISN-accredited

Book a free consultation 855-577-0400

Indiana security and surveillance regulations: what businesses must know

Camera-related state law

Alarm and security contractor licensing

Biometric data and breach notification

Privacy in the workplace

Video retention requirements

What Tec-Tel does to comply with Indiana regulations

Security service in Indiana

Frequent buyer questions

NDAA Section 889

Illinois regulations

Ohio regulations

Michigan regulations

Kentucky regulations

Start with a free consultation.

How can we help?