ICDPA · Effective 2025-01-01

Iowa Data Removal Guide (2026)

Iowa's Consumer Data Protection Act took effect January 2025. ICDPA is the weakest comprehensive state privacy law by consumer standards, it has a longer 90-day response window, no right to correct, and no profiling opt-out. Still, the core deletion right exists.

At a glance

Comprehensive state privacy law: Yes, ICDPA
Broker response deadline: 90 days from verifiable request
Enforcement: Iowa Attorney General. Consumer Protection Division
Residents: 3.2M (approx.)

Iowa Consumer Data Protection Act (ICDPA)

ICDPA applies to controllers processing data of 100,000+ Iowa consumers or 25,000+ while selling data. Consumer rights are limited to access, delete, port, and opt-out of sale and targeted ads. There is no right to correct and no profiling opt-out, making ICDPA more business-friendly than peer laws. Enforcement is exclusive to the AG with a 90-day cure period.

Read the full ICDPA explainer →Thresholds, penalties, cure period, private right of action, enforcement history.

What rights do Iowa residents have?

→Delete, access, port, opt-out of sale and targeted ads
→No right to correct (unusual gap)
→No profiling opt-out
→90-day response window (longer than peers)

Where does your data leak from in Iowa?

Data brokers don’t guess your address — they scrape specific public-record sources. The ones most relevant in Iowa:

Iowa Courts Online case search
Polk, Linn, Scott County assessor records
Iowa DOT driver records

Ready to remove

Opt out of 500+ brokers for $7

OfflistMe drafts a legally compliant deletion email citing ICDPA for every broker. You send from your own inbox. No account, no ID upload.

Start for $7 →

What if a broker ignores your request?

If a broker does not respond within 90 days, file a complaint with the Iowa Attorney General. Consumer Protection Division. The enforcement authority can assess civil penalties and compel compliance.

File a complaint with Iowa Attorney General. Consumer Protection Division ↗

FAQ: Iowa data removal

Why is Iowa's ICDPA weaker than other state laws?+

Drafted with significant industry input, ICDPA omits correction rights and profiling opt-out, extends the response window to 90 days, and applies a long cure period. It still provides the core deletion right, which is what most data-broker opt-out work relies on, but consumers have fewer remedies for denied requests.

Related resources

What is ICDPA?Plain-English breakdown of Iowa's law Free broker scanInstantly see which brokers have your info One-time data removalPay once, no subscription needed All 50 statesBrowse every state privacy guide US privacy laws matrixEvery state law side-by-side State privacy bills trackerLegislative activity April 2026 California DROP platformUniversal deletion launching Aug 2026 Privacy enforcement trackerCCPA, GDPR, BIPA fines Address Confidentiality Programs44 states + DC directory Full manual guideDIY deletion walkthrough 500+ broker directoryFind and opt out of every broker Start for $7Generate opt-out emails now

Other state guides

California Texas Florida Virginia Colorado Connecticut Oregon Utah New Jersey Minnesota Tennessee Maryland Delaware New Hampshire Indiana Montana Nebraska Kentucky Rhode Island New York