In late June, the Energy and Commerce Committee introduced the American Data Privacy and Protection Act (ADPPA) to the U.S. House, taking a huge step forward for congressional negotiations about data privacy. The bipartisan bill is the U.S. equivalent of the GDPR, the European law about data protection and privacy that serves as the gold standard for privacy compliance. While it is uncertain whether the bill will pass, the message to marketers is clear—national privacy regulations are on the horizon and now is the time to get ready.
What the ADPPA Means for Businesses
The ADPPA will regulate organizations that collect, process or transfer “covered data.” Covered data is information that identifies or is linked to an individual or a device and includes a user’s name, address, social security number and email address. Unlike existing U.S. privacy regulations, including the California Consumer Privacy Act, the ADPPA affects nonprofits and small businesses. If the act is approved, these organizations would be required to establish and maintain data-privacy practices that protect covered data against unauthorized access and acquisition. Companies will be required to make all privacy policies public and will not be allowed to deny a service or product based on an individual’s agreement to waive their privacy rights.
What the ADPPA Means for Consumers
For consumers, the ADDPA provides greater control over their data. Americans will have the right to access any personal data that is collected by ADPPA-covered entities. Consumers can also restrict certain uses of their data and even request that businesses delete personal data within 60 days.
What the ADPPA Means for Marketers
Privacy regulations aren’t new. While most organizations already have a basic understanding of what personal data is and how they track it with privacy in mind, the focus will now shift to a privacy-first operation. There is no question about it—complying with ADPPA will be a challenge.
To allow users to access and request deletion of their data, organizations need to know where their customers’ personal data is stored. New technology including cloud applications, customer relationship management (CRM) platforms and data lakes makes it hard to maintain up-to-date personal data records. In fact, customer data is typically scattered across multiple systems within an organization, making it nearly impossible to delete, especially if it has been shared with third parties. To become and stay compliant with ADPPA, marketers will need to adopt new technologies that can automate data deletion requests and protect consumers’ covered data.
Privacy-First Means Customer-Centric
If and when the ADPPA becomes a law, marketers should welcome the new guidelines that will eliminate compliance uncertainty and provide a standard approach to privacy policies. Additionally, marketers should see these regulations as an opportunity to demonstrate transparency and build trust with prospects and customers. When companies are open about how personal data is used and what privacy-protection processes are in place, they can create customer-centric messaging that educates target audiences, builds trust and boosts brand equity. To learn more about how you can create messaging that builds visibility and credibility, schedule a call with one of our experts.