Could You Comply With New ADPPA Privacy Regulations?

The US federal privacy bill, the American Data Privacy and Protection Act (ADPPA), was approved by the House Energy and Commerce Committee in July 2022. However, the bill has come up against numerous roadblocks that are halting its progress. 

With the US on track for a record number of data breaches this year, there is increasing pressure on the current administration to ratify legislation that protects individuals’ privacy rights. 

Progress of the ADPPA 

Although the ADPPA hasn’t yet been presented to the House of Representatives, the House Energy and Commerce Committee has continued its work to bring the ADPPA into law. Its Subcommittee on Innovation, Data and Commerce has held multiple meetings to debate the new legislation and address the criticism it has received. 

It’s likely that the wording of the bill will be modified from the version that was approved in July 2022. 

Roadblocks to the ADPPA

Due to the lack of federal privacy legislation, many US states have established state-level laws. One of the main roadblocks to the ADPPA is the perceived contradiction between the proposed bill and state-level laws that are already in force. 

California in particular claims that there are gaps in the proposed legislation that its own law, the CPRA, address. Ten states including Virginia, Connecticut, Colorado, Utah and Texas have privacy laws in place. A further 16 states have legislation on the way, including Illinois, Massachusetts, Minnesota, New York and Pennsylvania. 

Despite these challenges, the new bill is expected to be reintroduced to Congress in the current session. If it passes, this will help to provide some much-needed consistency across the US for businesses and individuals alike. 

Preparing for the ADPPA

The ADPPA shares many similarities with other US state privacy laws and global data protection legislation. The bill “requires most companies to limit the collection, processing, and transfer of personal data to that which is reasonably necessary to provide a requested product or service.” Like similar legislation, the bill established consumer data protections and grants individuals’ rights over their data and places a responsibility on organizations to protect and secure data from unauthorized access.

Organizations already working toward compliance with laws including California’s CCPA/CPRA, and non-US privacy legislation such as the EU’s GDPR and Canada’s PIPEDA are already well on the way toward being able to comply with the ADPPA. 

For those looking to start their compliance journey, evidence-based data discovery delivers a comprehensive inventory of personal data across the organization. This process forms the foundation of privacy compliance with state, federal and cross-border legislation.