Congressional leaders introduce new legislation for a national data privacy framework

Author

Image of Maxx-Silvan.jpg

Maxx Silvan

Legislative Associate
Image of Seamus-Dowdall.jpg

Seamus Dowdall

Legislative Director, Telecommunications & Technology

Upcoming Events

Related News

County News

MFA drives a county’s cybersecurity victory

US Capitol side

Key Takeaways

On April 7, U.S. House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-Wash.) and U.S. Senate Commerce, Science and Transportation Committee Chair Maria Cantwell (D-Wash.) introduced the American Privacy Rights Act. Unveiled as a discussion draft, this legislation seeks to set a national data privacy framework and define relevant rights and protections of Americans.

What would this legislation do?

If enacted in its current form, the American Privacy Rights Act would enumerate national data privacy rights and set data security standards. In doing so, the bill prohibits covered entities (i.e. for-profit organizations) from:

  • Collecting, processing, retaining or transferring more personal data than is proportionate and necessary to provide or maintain a product or service requested by the consumer
  • Transferring sensitive personal data (i.e. government-issued identifiers, personal health information, financial information, etc.) to a third party without the consent of the consumer

This legislation also requires entities to provide consumers with the ability to:

  • Access its personal data which the entity holds and the name of third parties to whom data has been transferred
  • Correct any inaccuracies or incomplete personal data that has been collected, processed or retained
  • Delete personal data that has been collected, processed or retained (and requires the entity to notify third parties of this action if data has been transferred)
  • Receive exported personal data which the entity collected, processed or retained

Consumers would also have the right to opt-out of targeted advertising that leverages personal data and algorithm-based decision making for housing, employment and health care. It also establishes civil right protections that prohibit entities from employing discriminatory data collection or use practices.

To enhance transparency, entities must publicly provide a privacy policy to its consumers laying out its data collection, processing, retention and transfer activities. In addition, a short-form notice of data practices (of no more than 500 words) must also be made available.

What does this mean for counties?

Generally, these provisions would not apply to county governments or entities that are acting as a service provider to the county. However, this legislation would apply to many entities that county governments regularly interact with, including third-party vendors that counties may interact with to provide services to residents.

 
NACo supports initiatives and systems to ensure that personal and county information is secure from illegitimate actors and hackers. Furthermore, NACo supports ensuring that third party providers conform to county privacy policies and practices that maximize the security of private information. NACo has not yet taken a position on the American Privacy Rights Act, and we encourage feedback from members interested to learn more about the legislation. 
 

Want to learn more?

NACo will continue to monitor developments around The American Privacy Rights Act. To learn more about the bill and ongoing discussions on federal data privacy policy, click here.

Related News

mfa
County News

MFA drives a county’s cybersecurity victory

U.S. Supreme Court
Advocacy

Courts ponder the constitutionality of the Universal Service Fund

The U.S. Fifth Circuit Court of Appeals ruled in Consumer’s Research v. FCC that the mechanism underlying the Federal Communications Commission’s Universal Service Fund is unconstitutional.

computers
County News

Secure our world by protecting county digital assets

Cybersecurity Awareness Month is a good occasion to note that protecting digital assets is a job for the entire county workforce, not just the IT department.