We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!
When a bipartisan draft bill of the American Data Privacy and Protection Act (ADPPA) was released earlier this month, speculation was rife that the new data privacy requirements would affect enterprises in the U.S. and beyond.
One of the most significant changes is the need to reduce the collection, processing and transfer of “covered data” to “covered entities” – which are widely referred to in the bill as any entity subject to the FTC Act. ADPPA defines covered data as “identifying or linking to a person or information that can be reasonably linked or a device that identifies or links to one or more persons or information that can be reasonably linked, including derived data And unique identifiers. “
In practice, the data covered may be as simple as a government ID number or Social Security Numbers (SSN) in private communications, or any information pertaining to subjects under 17 years of age.
What does ADPPA mean for ventures?
Like the General Data Protection Regulation (GDPR), ADPPA will impose new data security requirements on enterprises, forcing them to implement policies to protect access to data covered by unauthorized persons.
Certified Information Systems Security Professional (CISSP) Victor Platt said, “The ADPPA, if enacted, is a big deal – both for individual privacy rights and for how the enterprise collaborates in the world’s largest digital ecosystem. Will represent the necessary action. ” )) And head of security and privacy at integrate.ai,
However, ADPPA can significantly increase data security responsibilities, as the definition of the data covered is broad, and there is a lot of data that could potentially link to a person or device.
As Plate explains, “it codifies the broad definition and consent of the covered data, the objective bar and the high bar for disliking, high-level vague privacy policies will no longer suffice and the things you think are personally identifiable information (PII) ) No. Today, like the unique ID, will be in the future. ”
In addition, Platt noted that the enterprise will be bound to demonstrate how they minimize the data they collect, how they protect it, and ensure the transfer of covered data to third-parties. Opt-out and subject to enhanced requirements.
How ADPPA can protect a person’s data
ADPPA will also give individuals new data privacy rights over their data.
For example, “the bill would give individuals across the United States broad rights to modify, delete, access and port personal data,” said Alex Eftimi, co-chair of Morrison Forrester, partner and firm at Global Risk and Crisis Management Group.
At the same time, it will give individuals the right to take civil action against violations.
“One of the controversial aspects of this bill is that it gives U.S. residents the private right to sue organizations covered for violations, which would allow private parties to enforce the provisions of the law through civil litigation,” Iftimi said.
More broadly, the Federal Trade Commission (FTC) will also be responsible for imposing penalties on non-compliant entities. Given how comprehensive the law is in the current draft, the FTC will have many opportunities to decide what is and what is not.
How can an enterprise prepare
While ADPPA is still just a bill, and would require a bilateral agreement to pass, it is important for the enterprise to consider what restrictions they will need to meet these potential data security obligations.
One of the new requirements is that the enterprise needs to know how much data to collect about individuals is proportional, and make sure they have a process to reduce its collection so that they can limit it to what is reasonably needed.
Similarly, organizations will need to be prepared to disable targeted ads, and offer more data protection support to ensure that children or minors have their data protected.
For now, the enterprise will have to wait and see and, as the FTM has pointed out, the decision may take some time, especially with most of the congressional holidays in August and midterm elections starting in the fall.
Venturebeat’s mission Digital Town Square is set to become a place for technical decision makers to gain knowledge about the changing enterprise technology and practices. Learn more about membership.