As reported in a June 3, 2022 press release from the House Committee on Energy and Commerce, U.S. Representatives Frank Pallone, Cathy McMorris Rodgers, and Senator Roger Wicker released a “discussion draft” of a federal data privacy bill entitled the “American Data Privacy and Protection Act” (the “Draft Bill”), which would impact the data privacy and cybersecurity practices of virtually every business and not-for-profit organization in the United States.
As further described below, the Draft Bill’s highlights include: (i) a comprehensive nationwide data privacy framework; (ii) preemption of state data privacy laws, with some exceptions; (iii) a private right of action after four (4) years, subject to the individual’s prior notice to the Federal Trade Commission (“FTC”) and applicable state attorney general before commencement of lawsuit; (iv) exemptions for covered entities that are in compliance with other federal privacy regimes such as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and Gramm-Leach Bliley Act (“GLBA”) solely with respect to data covered by those statutes; (v) exclusions from Act’s requirements for certain “employee data”; and (vi) a requirement for implementation of reasonable administrative, technical and physical safeguards to protect covered data. The Draft Bill would be enforced by the FTC, and violations treated as unfair or deceptive trade practices under the Federal Trade Commission Act, as well as by state attorneys general.
Employers’ engagement and use of various types of vendors has expanded recently, to include vendors who assist with office re-entry screening and contact tracing as employees return to work during the COVID-19 pandemic. The service agreements that are negotiated and executed for this purpose should sufficiently address data privacy and security considerations related to employee personally identifiable information (PII). This is necessary for any service provider or vendor agreement. In the absence of a federal law governing data security and breach notification of ...
The recently proposed amendment to the California Consumer Privacy Act (CCPA) should be a wake up call to those employers who are not already actively planning for the January 1, 2020 compliance deadline.
The amendment reaffirms that employers must (i) provide employees with notice of the categories of personal information collected and the purposes for which the information shall be used at or before collection; and (ii) implement reasonable cybersecurity safeguards to protect certain employee personal information or risk employee lawsuits, including class actions seeking ...
Blog Editors
Recent Updates
- States Ring in the New Year with Proposed AI Legislation
- Video: PAGA in California, NLRB Authority, New Employment Laws in 2025 - Employment Law This Week
- New York’s Reproductive Health Handbook Notice Requirement Reinstated
- Video: Employment Law in 2025: A Look Ahead - Employment Law This Week
- Two New Laws Provide Employer Relief for ACA Reporting