The American Data Dissemination Act (ADD) has been introduced by Senator Marco Rubio (R-Fla.) to target businesses collecting consumer data over the internet. The bill is considered a response to California’s Consumer Privacy Act (CCPA), which placed regulations on how companies collect and share personal data. As there is a lack of federal regulation when it comes to consumer data, the bill has been much anticipated.

While it does not include specific data privacy regulations, within two and a half years of the bill becoming a law federal privacy law would be established in the U.S. – determined by recommendations by the FTC. However, the FTC has been limited in their recommendations as the ADD requires that they be similar to the 1974 Privacy Act. Many are now arguing that the Act is too antiquated to address the privacy concerns today.

Limiting restrictions included in the ADD include:

  • Criteria for exempting certain small, newly formed businesses
  • Criteria for restricting the disclosure of records maintained by covered businesses
  • Criteria for granting individuals access in response to their requests of records and, if a covered business elects, the record may be deleted subject to certain requirements
  • Criteria for consumers to update incomplete and inaccurate records
  • Establishing a dispute resolution process modeled after section 611(a) of the Fair Credit Reporting Act (FCRA)
  • Establishing accepted standards for a code of practices to ensure the secure collection, maintenance, and dissemination of records for covered businesses
  • Establishing a process for accounting records of disclosures for a reasonable period.

Establishing Privacy Regulations

While many are calling for GDPR-like regulations, this level of stringency is unlikely as the ADD proposes a limited scope and provides exemptions for startups and other small businesses.  The FTC will ultimately determine the stringency of the law.

As for its effect on state legislature, the ADD states that its regulations will supersede all provisions of state law subject to the Act.

In the meantime, learn how Gryphon picks up where regulators leave off.

How to Comply with the FCC’s Upcoming Consent Revocation Rule

Over the past year, significant legislative and regulatory compliance changes have reshaped how businesses handle consumer communications, especially around consent requirements. One of the most impactful updates is the Federal…

What is collections contact compliance for debt collection communications?

Collections contact compliance is critical to making sure your call centers and outbound telemarketers are adhering to the laws and regulations governing debt collection calls. Consumers have rights that must…

Introducing Powerful New Compliance Features for Gryph for Collections:
Boost Contact Rates, Debt Recovery, and Protection

We’re thrilled to announce new features for Gryph for Collections! This update enhances customization, expands contact points, and strengthens screening controls, providing debt collectors with advanced compliance protection.  What is…