Thursday, February 27, 2020

Proposed U.S. Data Protection Act Creates New Federal Data Protection Agency

If it passes, the new law takes aim at medium-to-large businesses. MSSPs should be prepared to assist with compliance.

U.S. laws on data privacy protections are a jumbled mess of chaos. Filling the void created by a lack of a single, principal federal law are hundreds of federal and state laws causing compliance and enforcement confusion through overlapping conflicting legislation and a plethora of untended gaps.

Sen. Kirsten Gillibrand (D-NY) is looking to change that through a new bill she introduced this month called the Data Protection Act. If passed, the new law would create a Data Protection Agency as a consumer data privacy watchdog.

“Senator Gillibrand’s Data Protection Act of 2020 has numerous hurdles to cross before enactment but it is a powerful step in the right direction that not only affirms the powerful value of data and our innate right to privacy but also acknowledges what everyone knows — the U.S. has lagged in data security and is woefully unprepared to protect privacy,” said Warren Poschman, senior solutions architect at comforte AG.

If the Data Protection Act becomes law, Sen Gillibrand says the newly created federal Data Protection Agency would be empowered to do the following:

  • Enforce privacy statues and rules pertaining to data privacy as authorized by the agency itself or by Congress.
  • Receive complaints, conduct investigations and inform the public on data protection matters.
    Comforte's Warren Poschman

    Comforte’s Warren Poschman

  • Promote data protection and privacy innovation across all sectors, “developing and providing resources such as Privacy Enhancing Technologies (PETs) that minimize or even eliminate the collection of personal data.”
  • Ensure equal access to privacy protection and protect against “pay-for-privacy” or “take-it-or-leave-it” provisions in terms of service (ToS) contracts.
  • Advise Congress on emerging privacy and technology issues, such as Deepfakes and encryption.
  • Represent the United States at international forums on data privacy issues and inform future treaty agreements regarding data use and protections.

However, the bill is not without flaws.

“What remains to be seen is the funding, implementation and overall effectiveness of such a huge undertaking at the federal level. Similarly to any IT implementation, without careful attention to architecture, there will be substantial post-implementation challenges to success which may come in the form of unfunded mandates to already-strapped state governments, the endless bureaucracy that stymies many federal programs and the courts already, or simply the inability to react and cause change quickly enough to make a difference,” Poschman said.

Even so, an umbrella federal agency overseeing the complexities of consumer data privacy protections is a good step toward making serious headway in the runaway “data gold rush” where abuses are bountiful and increasing daily.

“In today’s data-driven economy, there is perhaps no greater reason for action at the federal level than data privacy. Although the bill as it stands today would seemingly apply only to medium and large businesses (either more than $25 million in revenue or more than 50,000 records), the key takeaway is that the U.S. government cannot continue to hide behind the 10th Amendment by leaving data security and privacy to state and local governments,” Poschman said.

From https://mymarketlogic.com/blog/proposed-u-s-data-protection-act-creates-new-federal-data-protection-agency/

from
https://marketlogic0.wordpress.com/2020/02/27/proposed-u-s-data-protection-act-creates-new-federal-data-protection-agency/

From https://managedservicesmarketing.blogspot.com/2020/02/proposed-us-data-protection-act-creates.html



from
https://managedservicesmarketing.wordpress.com/2020/02/27/proposed-u-s-data-protection-act-creates-new-federal-data-protection-agency/

No comments:

Post a Comment