Please note that the ADPPA has only passed its first subcommittee and is likely to undergo further amendment as it proceeds through the legislative process. This blog is based on the requirements set forth in the most current version of the ADPPA available at the time of posting.
- The categories of information that the business collects;
- The length of time that the business will keep each category of collected data or disclose the criteria it uses to determine when to delete that data;
- The names of any third parties to whom the business transfers data;
- The categories of data that the business transfers to third parties;
- The purpose of any such transfers to third parties; and
- A description of how a consumer may exercise her/his privacy rights.
While the ADPPA is just a bill, it nonetheless represents the strongest effort in years to codify a federal privacy law. With a truncated legislative calendar and some notable skepticism from certain senators, the bill has a long road ahead. Still, this framework–similar to the coming privacy laws in Colorado, Connecticut, and Virginia–is the most likely to command bipartisan agreement. Accordingly, businesses should take note and use the opportunity to take a fresh look at their consumer data collection, use, and sharing policies.
If you need assistance with updating your privacy policies, please email us at firstname.lastname@example.org or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice nor is it a substitute for seeking legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Photo by Lodewijk Hertog on Unsplash
Similar Blog Posts:
Legislature Finalizes Virginia Privacy Law for 2023 Debut
UCPA Compliance: Using CCPA Compliance Efforts to Prepare for the Utah Consumer Privacy Act