United States of America: Announced American Data Privacy and Protection Act discussion draft including cybersecurity measures

Description

Announced American Data Privacy and Protection Act discussion draft including cybersecurity measures

On 3 June 2022, bipartisan members of the House Committee on Energy and Commerce and the Senate Committee on Commerce, Science, and Transportation released a discussion draft of the American Data Privacy and Protection Act, a data privacy and security framework with bipartisan legislative support. The draft contains rules regarding data security and protection. Specifically, it requires entities collecting, processing or transferring data to implement reasonable data security practices which protect covered data against unauthorised use and acquisition. Whether such practices are reasonable depends on a number of factors, such as the size and complexity of the covered entity, the nature of data collection, the sensitivity of data being collected, and the state of security technology. The draft also sets up specific requirements for security practices, including vulnerability assessments, preventive and corrective action, evaluation, information retention and disposal, training, and designation of employees responsible for security practices. Furthermore, the draft outlines specific requirements for “large data holders” regarding the assessment of privacy risks and reporting to the authorities. Finally, the draft law specifies that it will not preempt the federal and state laws that regulate the data breach notifications or the criminal or civil laws regarding cyberstalking or cyberbullying.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2022-06-03
under deliberation

On 3 June 2022, bipartisan members of the House Committee on Energy and Commerce and the Senate Com…

2022-06-21
under deliberation

On 21 June 2022, the American Data Privacy and Protection Act is introduced in the United States Ho…

2023-01-03
rejected

On 3 January 2023, the American Data Privacy and Protection Act was rejected after failing to pass …

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
3rd party
1
Type Private organisation
Economic activity cross-cutting
Category All
producer / supplier
2
Type Private organisation
Economic activity cross-cutting
Category All
3
Type Private organisation
Economic activity cross-cutting
Category All
4
Type Private organisation
Economic activity cross-cutting
Category All
5
Type Private organisation
Economic activity cross-cutting
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): data collection
personal data (all forms): storage (any form)
personal data (all forms): data processing
personal data (all forms): sale
personal data (all forms): transfer (any destination)

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

personal data (all forms): data collection

personal data (all forms): storage (any form)

personal data (all forms): data processing

personal data (all forms): sale

personal data (all forms): transfer (any destination)