On 21 June 2022, the American Data Privacy and Protection Act is introduced in the United States House of Representatives. The Bill contains rules regarding data security and protection. Specifically, it requires entities collecting, processing or transferring data to implement reasonable data security practices which protect covered data against unauthorised use and acquisition. Whether such practices are reasonable depends on a number of factors, such as the size and complexity of the covered entity, the nature of data collection, the sensitivity of data being collected, and the state of security technology. The Bill also sets up specific requirements for security practices, including vulnerability assessments, preventive and corrective action, evaluation, information retention and disposal, training, and designation of employees responsible for security practices. Furthermore, the Bill outlines specific requirements for “large data holders” regarding the assessment of privacy risks and reporting to the authorities. Finally, the Bill specifies that it will not preempt the federal and state laws that regulate the data breach notifications or the criminal or civil laws regarding cyberstalking or cyberbullying.
Original source