{"id":173644,"date":"2023-01-29T21:58:54","date_gmt":"2023-01-30T04:58:54","guid":{"rendered":"https:\/\/inbusinessphx.com\/?p=173644"},"modified":"2023-01-29T21:58:54","modified_gmt":"2023-01-30T04:58:54","slug":"data-privacy-change-is-coming","status":"publish","type":"post","link":"https:\/\/staging.inbusinessphx.com\/?p=173644","title":{"rendered":"Data Privacy: Change Is Coming\u00a0"},"content":{"rendered":"<p><span class=\"Apple-converted-space\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-large wp-image-173645\" src=\"http:\/\/inbusinessphx.com\/wp-content\/uploads\/2023\/01\/Data-Privacy-1024x597.jpg\" alt=\"\" width=\"610\" height=\"356\" \/><\/span>Introduced to Congress in June, the American Data Privacy and Protection Act advanced toward a floor vote in the House of Representatives in July. If passed, it will be the first comprehensive federal data privacy law in the U.S. \u2014 our equivalent to the European Union\u2019s General Data Protection Regulation.<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<p>The proposed legislation was considered the biggest breakthrough to date for efforts to pass a long-overdue federal data privacy law. However, some California officials have pushed back on the bill recently, taking issue with the provision that preempts state law. They want a carve-out for California\u2019s consumer data privacy law, which they claim is stronger than the ADPPA.<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<p>At this point, the future of the ADPPA is unknown and many businesses, especially those with a national footprint, are left trying to sort through and comply with a patchwork of federal and state privacy laws.<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<h3><b>What Would Change<\/b><\/h3>\n<p>Up until recently, many U.S. companies have not been regulated in terms of their collection, maintenance, use and disclosure of consumer data. As of now, five states have passed comprehensive consumer data privacy laws (California, Colorado, Connecticut, Utah and Virginia), but each law is unique in its scope. The ADPPA \u2014 if passed \u2014 would set a national baseline for consumer data privacy practices and bring U.S. requirements closer in line with other international privacy laws.<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<p>Most significantly, the ADPPA focuses on data minimization and only allows companies covered by the Act to collect, process or transfer individually identifiable data to \u201cwhat is reasonably necessary and proportionate\u201d to provide a product or service requested by an individual or for other purposes that are enumerated in the bill.<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<p>Generally, the current state laws do not limit what companies can collect and maintain; rather, they require companies to notify individuals of what information they collect and for what purposes they use it, and to use the information as reasonably necessary and proportionate for the operational purpose for which it was collected or processed. The ADPPA also:<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<ul>\n<li>Sets baseline standards for transparency, accountability, security and consumer privacy rights;<\/li>\n<li>Specially protects sensitive personal data, including limiting the use of sensitive personal data to what is \u201cstrictly necessary\u201d to provide requested goods and services for such purposes and get consent to share the data with third parties; and<span class=\"Apple-converted-space\">\u00a0<\/span><\/li>\n<li>Uses federal civil rights protections to guard against discrimination in the processing of personal information.<span class=\"Apple-converted-space\">\u00a0<\/span><\/li>\n<\/ul>\n<h3><b>Who and What Is Affected<\/b><\/h3>\n<p>The current draft of the ADPPA applies more broadly than any existing state laws. The ADPPA applies to a \u201ccovered entity,\u201d which means a company that meets certain revenue and data thresholds and collects, processes or transfers \u201ccovered data,\u201d which generally means individually identifiable information.<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<p>At this time, \u201ccovered data\u201d does not include:<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<ul>\n<li>Deidentified data (does not contain individual identifiers),<\/li>\n<li>Employee data (defined broadly to include hiring data), and<span class=\"Apple-converted-space\">\u00a0<\/span><\/li>\n<li>Publicly available information.<span class=\"Apple-converted-space\">\u00a0<\/span><\/li>\n<\/ul>\n<p>Even if a company does not meet the definition of a \u201ccovered entity\u201d under the ADPPA, it could meet the definition of a \u201cservice provider\u201d if it processes \u201ccovered data\u201d on behalf of a \u201ccovered entity.\u201d However, there are a number of exceptions under the current draft of the ADPPA, including a small data exception, exceptions for certain financial institutions\/financial data and exceptions for certain healthcare organizations\/healthcare data. If the ADPPA is passed, applicability will be a threshold question for companies.<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<h3><b>How to Prepare<\/b><\/h3>\n<p>Although the future of the ADPPA may be unknown, data privacy should remain at the forefront for any organization that is collecting, using, maintaining, processing or disclosing consumer data. It is prudent for companies to understand and actually map out their current data practices, e.g., especially if they are collecting or tracking consumer data or use it through websites and mobile applications. Some version of the ADPPA may gain more traction in the coming months and more states will likely pass consumer data privacy laws in 2023.<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<p>Now is a good time for companies to implement or assess privacy-by-design;, follow certain privacy rules as a matter of best practice; put a team in place to monitor this rapidly changing landscape and assure compliance with any applicable laws; and to identify, assess and mitigate privacy risks.<span class=\"Apple-converted-space\">\u00a0 \u00a0<\/span><\/p>\n<p><em><img decoding=\"async\" class=\"alignleft size-thumbnail wp-image-173646\" src=\"http:\/\/inbusinessphx.com\/wp-content\/uploads\/2023\/01\/Erin-Dunlap-150x150.jpg\" alt=\"\" width=\"150\" height=\"150\" \/>An attorney at Phoenix law firm <a href=\"http:\/\/cblawyers.com\" target=\"_blank\" rel=\"noopener\">Coppersmith Brockelman<\/a>, Erin Dunlap regularly advises clients working in the healthcare industry on a variety of data privacy and security-related issues, offering practical advice and recommendations for compliance.<\/em><\/p>\n<p><strong>Did You Know:<\/strong> According to Learning Experience Alliance, nearly 70% of Americans will walk away from a company that requires them to provide highly personal information, including phone numbers and email addresses, to conduct business with them. Additionally, PwC reports 60% of Americans blame the company instead of the hackers when a data breach occurs.<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduced to Congress in June, the American Data Privacy and Protection Act advanced toward a floor vote in the House of Representatives in July. If passed, it will be the first comprehensive federal data privacy law in the U.S. \u2014 our equivalent to the European Union\u2019s General Data Protection Regulation.\u00a0 The proposed legislation was considered [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":173645,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","footnotes":""},"categories":[14],"tags":[],"class_list":["post-173644","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-legal-regulations"],"_links":{"self":[{"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=\/wp\/v2\/posts\/173644","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=173644"}],"version-history":[{"count":0,"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=\/wp\/v2\/posts\/173644\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=173644"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=173644"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=173644"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}