The American Data Dissemination Act (ADD) has been introduced by Senator Marco Rubio (R-Fla.) to target businesses collecting consumer data over the internet. The bill is considered a response to California’s Consumer Privacy Act (CCPA), which placed regulations on how companies collect and share personal data. As there is a lack of federal regulation when it comes to consumer data, the bill has been much anticipated.

While it does not include specific data privacy regulations, within two and a half years of the bill becoming a law federal privacy law would be established in the U.S. – determined by recommendations by the FTC. However, the FTC has been limited in their recommendations as the ADD requires that they be similar to the 1974 Privacy Act. Many are now arguing that the Act is too antiquated to address the privacy concerns today.

Limiting restrictions included in the ADD include:

  • Criteria for exempting certain small, newly formed businesses
  • Criteria for restricting the disclosure of records maintained by covered businesses
  • Criteria for granting individuals access in response to their requests of records and, if a covered business elects, the record may be deleted subject to certain requirements
  • Criteria for consumers to update incomplete and inaccurate records
  • Establishing a dispute resolution process modeled after section 611(a) of the Fair Credit Reporting Act (FCRA)
  • Establishing accepted standards for a code of practices to ensure the secure collection, maintenance, and dissemination of records for covered businesses
  • Establishing a process for accounting records of disclosures for a reasonable period.

Establishing Privacy Regulations

While many are calling for GDPR-like regulations, this level of stringency is unlikely as the ADD proposes a limited scope and provides exemptions for startups and other small businesses.  The FTC will ultimately determine the stringency of the law.

As for its effect on state legislature, the ADD states that its regulations will supersede all provisions of state law subject to the Act.

In the meantime, learn how Gryphon picks up where regulators leave off.

Q4 2022: DNC and TCPA Marketing Compliance Updates

As if uncertain economic conditions weren’t presenting enough of a challenge for organizations going into 2023, risk is also expanding in the form of constantly evolving Do-Not-Call (DNC) and TCPA…

The Comprehensive Marketing Compliance Checklist for 2023

When considering your business outlook for 2023, have you accounted for the laundry list of ever-changing marketing compliance regulations that your sales organization must follow to avoid costly fines and…

The Sales Leader’s Guide to Conversation Intelligence: How to Find the Right Solution for Your Sales Team

As organizations are growing their tech stacks to assist their remote and hybrid teams through the sales process, a conversation intelligence (CI) tool can offer insights into prospect and customer…