Data privacy was a major topic of conversation in 2022, with businesses, individuals and government officials debating how to best keep data confidential and secure. A significant piece of that discussion was the American Data Privacy and Protection Act (ADPPA), introduced by the United States Congress in June 2022.
What is the ADPPA?
The ADPPA seeks to create national standards for data practices by companies, focusing specifically on the collection of personal information. The act would cover a range of areas including child privacy, data breach/security, healthcare and internet privacy, data minimization, transparency standards and anti-discrimination rules, as well as increase oversight for data brokers, and enact new cybersecurity requirements.
Who and What Does the ADPPA Apply to?
The bill applies to most entities including non-profits and common carriers deemed as, “covered entities.” Additionally, those defined as “large data holders” who collect, process or transfer data over certain thresholds, and “service providers” that use data on behalf of other entities, would face different or additional requirements. The bill specifically applies to “covered data” or information that identifies, links or can be reasonably linked to an individual.
If passed, the ADPPA would function similarly to the EU GDPR, implemented in 2016, with three main objectives:
- Establishing a national standard for data protection and enforcement mechanisms, and
- Restricting data collection beyond what is necessary and providing consumers with an opt-out before their data is transferred to a third party, and
- Protecting consumers’ personal information and data, and granting consumers rights over their data.
With the insurgence of new ways to pay, like digital wallets, and the continued popularity of online payments, a payment security plan is more important than ever. The scope of the ADPPA is inclusive of consumer payment data because it is inextricably linked to personal identity. If passed into law, the ADPPA will be the closest the U.S. has come to establishing comprehensive privacy laws and is indicative of a larger shift toward data privacy standards that companies must be prepared to maintain.
How Businesses Can Prepare for the ADPPA
Data privacy is becoming as important to consumers as product price and quality. Building trust with consumers may hinge on a company’s ability to be transparent about its data practices. While new data privacy regulations present a risk of non-compliance, there is also an opportunity for companies to differentiate themselves and establish themselves as a leader in data privacy and security.
Regardless of where the ADPPA stands, business leaders should treat data privacy regulation as inevitable. It may seem daunting, but there are several steps you can take to get ahead of the curve and ensure you’re in compliance when data privacy protections become laws.
Proactive Steps to Ensure Compliance with Data Privacy Legislation
- Understand your own data practices. The ADPPA will restrict data collection unless it is necessary for one of 17 outlined reasons, requiring companies to disclose their data practices, and gives consumers rights over their data. To adequately prepare, it’s important you know how your company collects, stores and uses consumer data.
- Shore up your data defenses. Data security is top of mind for legislators as they look to pass the ADPPA. Taking the time now to ensure personal data is properly secured will give your business an advantage when new regulations come to fruition.
- Adopt a PCI compliance solution. The road to regulatory compliance and robust data security seems complicated but becoming PCI compliant is a good place to start. PCI DSS, Payment Card Industry Data Security Standard, is a global standard for controls around cardholder data to reduce credit card fraud. While PCI DSS is focused on protections for card payment information, being PCI compliant can give companies a critical data protection framework that will help prepare them for privacy legislation that may be incoming this year.
Compliance with new data privacy legislation should be a top priority for business leaders. With state-specific laws and new nationwide policies, it’s important to have a strong foundation that can take the pressure off when facing new regulations. Getting ahead now with existing data protection solutions, like PCI Pal, will set you up for success when these new data protections are officially implemented.