On Tuesday, June 14, the U.S. House Committee on Energy and Commerce held a hearing on the American Data Privacy and Protection Act discussion draft — a leading contender for a comprehensive federal privacy framework. The famed sticking points of individual redress mechanisms, preemption of state laws and the role of the U.S. Federal Trade Commission — the law’s likely federal enforcer — were among the slew of debated aspects. However, the cybersecurity provisions and data security requirements necessary to create a bill that not only guarantees a right to privacy but also creates a safer place for all Americans were not discussed extensively.
While these issues were not discussed at length, the bill addresses how to handle data security and cybersecurity directly and indirectly.
Laying a security foundation
Data privacy cannot exist without a robust cybersecurity foundation. This draft would be the first comprehensive federal bill to require data security and the protection of covered data for most entities, including data security policies and reasonable administrative, technical, and physical practices and procedures with at least six specific requirements. The FTC would be responsible for providing compliance guidance, which must consider the entity size, sensitivity of data and the cost of tools because not all entities are the same. The bill would also establish corporate accountability for lost or stolen data with specific obligations for large data holders.
Increasing competitiveness and international security
The bill improves cybersecurity through stronger and more secure ties to our international ..
Support the originator by clicking the read the rest link below.
