Everything Businesses Must Know About the American Data Privacy and Protection Act

American Data Privacy and Protection Act (ADPPA) is the US equivalent of the General Data Protection Regulation (GDPR) in Europe. The privacy law made its way into all 50 US states marking it a significant success.

Brands, particularly those that handle personal and sensitive data, should familiarize themselves with this set of requirements. As an IT compliance services provider, we have briefly explained what this law entails and how you can assure compliance.

For more details, you can consult with us here.

Data Protection Act of the US

ADPPA is a comprehensive framework that aims to unify privacy protection across the US. Remember that 5 US states already have their own data privacy regulations. In that vein, ADPPA seeks to harmonize US privacy laws with international privacy frameworks.

ADPPA provides a minimum baseline, whereas individual states can further maximize consumer privacy protection.

ADPPA: What Does it Cover?

The law governs that business entities, including non-profit organizations, may not transfer, collect or process data unless it’s limited to reasonable and proportionate use.

Essentially, ADPPA aims to focus on data minimization. Thus, it limits targeted advertising, including:

  • Misleading tricks to get customers to opt for targeted advertising
  • Targeted advertising to minors
  • Targeted advertisements based on sensitive data and other information that identifies a user’s online activities across 3rdparty online services

However, the law does allow a certain level of targeted ads, such as 1st party advertising. For instance, a brand can use your sales information after purchase to advertise other similar products – a “recommended for you” or “you may also like” section covers that sort of advertising.

That said, brands cannot advertise unrelated ads based on users’ phone and web browsing history. Data-collecting companies such as Facebook and Google cannot use trackers to create customer profiles and sell them to advertisers.

The law also enacts more transparency by requiring data collectors to explain the type and use of data collected and how long they will retain it.

Why Should You Concern Yourself with ADPPA?

ADPPA applies to every business and organization that processes, collects, and stores American consumer data. If your web audience is the US population, then this law will apply to your business.

Nonetheless, some small and medium-sized enterprises are exempted to some extent. The law also entitles consumers to the right to injunctive relief, compensatory damages and attorney fees.

An image of a fingerprint

If you want to comply with ADPPA and other industry regulations, reach out to SunRiver IT. We’re an IT security consulting and IT compliance services firm in Nashville. We help small and medium-sized businesses as well as those operating in the financial, construction and healthcare sector.

Get in touch with us today to become IT compliant!