What to expect from the SAFE DATA Act
10/30/2020
A new federal privacy law has been introduced to the U.S. Congress which is garnering a lot of excitement. A combination of three previously introduced bills, the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act aims to create a national standard that would preempt state privacy laws.
We’ve rounded up everything you need to know.
What is the SAFE DATA Act?
The SAFE DATA Act encompasses the U.S. Consumer Data Protection Act, the Filter Bubble Transparency Act, and the Deceptive Experiences To Online Users Reduction Act. This new all-one-one privacy law contains several additions relating to sensitive data and regulates the use of “deceptive measures” to obtain customer data.
The SAFE DATA Act grants substantive privacy rights over a number of areas including:
- The right to transparency
- The right to access
- The right to deletion
- The right to correction
- Portability
If passed, the law will be enforced by the Federal Trade Commission and take precedence over state privacy laws such as the CCPA. It is expected to pass through the 117th Congress in January 2021.
Key provisions of the SAFE DATA Act
The SAFE DATA Act follows in the footsteps of the GDPR and CCPA which are considered two of the most stringent privacy laws to date.
Key provisions of the SAFE DATA Act include:
- Entities are required to obtain express consent before processing or transferring an individual’s sensitive data.
- Customers have the right to opt-out of the collection, processing, or transfer of personal data.
- Customers have the right to access, correct, delete, or transfer their sensitive data and cannot be discriminated against for doing so.
- Entities must publish transparent privacy policies prior to collecting sensitive data that discloses the type of data being collected, the purpose for collection, if and to who data is to be transferred, data retention policies, and an outline of customer rights.
- Entities must minimize data collection, processing, and retention to what is reasonably necessary.
- Maintain data security policies and practices to protect sensitive data.
- Entities must appoint a data privacy and security officer.
- Entities may not use deceptive or confusing methods to obtain consent for collecting customer data.
How to prepare
The first step any business should take when a new regulation is about to come into effect is to create a compliance checklist that covers the requirements of that specific law. A compliance officer would be knowledgeable in this process and be able to advise what steps to take and to conduct a risk assessment if necessary.
Adopting best practice risk management practices, such as implementing a tried-and-tested security risk framework will help you roll out the processes and strategies necessary to ensure your business is ready and mobilized for compliance.
Part of maintaining a clean compliance record involves investing in data privacy software to protect sensitive data in your business, whether in your production environments or in databases within your business. GDPR-approved data protection methods such as data masking will help you control who can access sensitive data in your organization and prevent costly insider breaches.
At the end of the day, being compliant with data privacy laws such as the SAFE DATA Act are in your best interest. Not only are you taking the pre-emptive measures necessary to avoid data breaches and cyber threats, but you are also showing your customers that your business can be trusted with their sensitive data. With major data breaches still dominating headlines, the value of consumer trust is priceless.
Book a free product demo with one of our privacy experts today to find the right data protection solution for your business.