Privacy and data security professionals have been closely monitoring the ongoing battle regarding a new proposed federal law, the American Data Privacy and Protection Act ( ADPPA), which in July made it out of committee with surprising bipartisan support, and which could change the privacy landscape throughout the country, preempting multiple state laws and setting a uniform standard for privacy and data security compliance. But while the ADPPA has been re-negotiated and revised over and over again, the Federal Trade Commission (FTC) has been brewing up its own set of privacy and security rules. On August 11, 2022, the FTC issued an Advance Notice of Proposed Rulemaking (ANPRM), which asks for public comment on 95 questions on a variety of privacy and data security topics, touching almost every industry in the nation. Comments are due within 60 days of publication of the ANPRM in the Federal Register, and a virtual forum will be held on September 8, allowing members of the public to speak for two minutes.
Some commentators have speculated that the FTC’s ANPRM is a reaction to the ADPPA losing some steam in Congress – the FTC might be attempting to pressure lawmakers to find a workable solution and pass a federal law before the midterm elections, which will likely cause additional setbacks in legislation. If the FTC is planning on pushing forward its new rulemaking at the same time as Congress is finalizing – and hopefully passing – the ADPPA, the potential conflicts could be significant, and cause headaches to businesses spanning multiple industries and business models.
Rulemaking of this type can be a lengthy procedure, often taking five years or more. It is possible that the FTC is indeed signaling that, should Congress fail to pass an umbrella federal statute governing privacy and data security, it will fill that federal void on its own. Either way, the message is clear: legislative changes are forthcoming in the near future, and it is the responsibility of every potentially-affected business to stay up to date on the newest requirements.
- EU-U.S. Data Privacy Framework Advances to the Next Stage
- Changes to GLBA Safeguards Rule Affect More Than Traditional Financial Institutions
- Ransomware and Phishing Dangers On the Rise
- FTC to Embark on New Privacy Rulemaking
- Hackers are Leveraging Fear during the COVID-19 Pandemic
- No Trespassing: Can Public Websites Ever Be Off Limits?
- Cybersecurity – Global Ransomware Attack is Top of Mind with U.S. Securities Regulator
- Cybersecurity - a Top Operational Risk in FINRA’s 2017 Regulatory and Examination Priorities Letter
- Following Intense Industry Criticism, New York Overhauls Cybersecurity Requirements for Financial Services Companies
- FINRA Imposes Fines Against 12 Firms for Cybersecurity Violations