Description

Introduced American Data Privacy and Protection Act including cybersecurity measures

On 21 June 2022, the American Data Privacy and Protection Act is introduced in the United States House of Representatives. The Bill contains rules regarding data security and protection. Specifically, it requires entities collecting, processing or transferring data to implement reasonable data security practices which protect covered data against unauthorised use and acquisition. Whether such practices are reasonable depends on a number of factors, such as the size and complexity of the covered entity, the nature of data collection, the sensitivity of data being collected, and the state of security technology. The Bill also sets up specific requirements for security practices, including vulnerability assessments, preventive and corrective action, evaluation, information retention and disposal, training, and designation of employees responsible for security practices. Furthermore, the Bill outlines specific requirements for “large data holders” regarding the assessment of privacy risks and reporting to the authorities. Finally, the Bill specifies that it will not preempt the federal and state laws that regulate the data breach notifications or the criminal or civil laws regarding cyberstalking or cyberbullying.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2022-06-03
under deliberation

On 3 June 2022, bipartisan members of the House Committee on Energy and Commerce and the Senate Com…

2022-06-21
under deliberation

On 21 June 2022, the American Data Privacy and Protection Act is introduced in the United States Ho…

2023-01-03
rejected

On 3 January 2023, the American Data Privacy and Protection Act was rejected after failing to pass …