The Industry’s Only SaaS-Delivered Enterprise DLP
Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.
No-Compromise Data Protection is:
- Cross Platform
- Flexible Controls
There’s been countless data privacy acts introduced over the years but the American Data Privacy and Protection Act, introduced Friday, is the first with bipartisan promise.
The proverb "If at first you don't succeed, try, try again" has been kicking around since the 1800s but it's also an apt summation of Congress’ attempts over the years to pass comprehensive federal data privacy legislation.
A bill introduced last week that has bipartisan support - a first for these type of bills - is giving hope for those seeking a national standard for what companies can and can't do with Americans' data.
A discussion draft of the data privacy bill, simply titled the American Data Privacy and Protection Act - touted as ADPPA in some circles - was introduced by U.S. Representatives Frank Pallone, Jr. (D-NJ), Cathy McMorris Rodgers (R-Wash.) and U.S. Senator Roger Wicker (R-Miss) on Friday.
As part of the legislation’s requirements, companies would have to limit the data they collect on consumers. While the details still need to be ironed out, under the act, organizations would only be able to collect data that's “reasonably necessary, proportionate, and limited” in relation to the products or services they offer.
Like other data privacy bills of late, it would also empower individuals by giving Americans the ability to access their own data, request that it be deleted or corrected, and to export that data.
Save for two states, California and Illinois, the bill would also preempt data privacy state laws already on the books, something that's proven to be a sticking point for both parties to agree on.
"State laws covered by the provisions of the Act are preempted, subject to a list of specified state laws to be preserved," reads the act's draft summary.
The list is lengthy but includes consumer protection laws, civil rights laws, and data breach notification laws to name a few. It also includes the Illinois Biometric and Genetic Information Privacy Acts and part of the California Consumer Privacy Act (Civil Code Section 1798.150) that says California residents whose non-encrypted or non-redacted personal information is breached can sue organizations for damages.
Like California’s landmark data privacy law, if it’s passed, the American Data Privacy and Protection Act would also grant a private right of action, giving people the power to sue companies for violations, something tech companies have long fought against.
If there’s any consolation here for them, it's that if passed, it won’t happen for a while.
In its current iteration, the bill will require four years to pass after the act takes effect for consumers (or groups of consumers) to bring a civil action seeking compensatory damages. Individuals will still need to notify the Federal Trade Commission - violations of the Act will be treated as violations of a rule defining an unfair or deceptive act or practice under the FTC Act -and their attorney general to do so.
It’s of course too early to know what the actual outcome of the bill and the effort behind it will be but the fact that there’s a bipartisan push behind it could mean it may see movement sooner than later.
Still, there will be hurdles. The private right of action will continue to be a thorn in the side of tech companies and some politicians, Sen. Brian Schatz (D-Hawaii) and Sen. Maria Cantwell (D-Wash.) in particular, seem less keen on the bill. That's in addition to the fact that it's an election year, something stereotypically can pose a challenge to laws getting passed.
While we're not exactly closer to seeing a comprehensive data privacy bill get passed, it certainly feels like more of a possibility than it did last week at this time.