Certified Banking Data Privacy Law and Regulation - Module 5.pptx
trevor501353
8 views
28 slides
Feb 26, 2025
Slide 1 of 28
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
About This Presentation
Certified Banking Data Privacy Law and Regulation - Module 5.pptx
Slide Content
Data Privacy Law and Regulation Certification Dr. Kevin F. Streff Founder and Managing Partner 1
2 Testified to Congress several times on behalf of banking and cyber Author of Data Privacy textbook Conducted training and education for examiners Done cybersecurity work in almost all states in the U.S. banking system for over 20 years Published in both banking and academic magazines and journals Regular speaker at banking conferences Leading technology, cyber, and privacy educator at Dakota State University and the ASP Academy™ Dr. Kevin Streff
Dr. Streff is not an attorney and is not providing legal advice 3
Agenda 4
Module 5 State data privacy laws 5
U.S. Privacy Laws American Data Privacy and Protection Act (ADPPA) of 2022. FAILED American Data Privacy Rights Act of 2024. FAILED 6
ADPPA of 2022 Covered Entities. The bill would apply to most entities, including nonprofits and common carriers. Some entities, such as those defined as large data holders that meet certain thresholds and service providers that use data on behalf of other entities (including covered entities, government entities, and other service providers), would face different or additional requirements. 7
ADPPA of 2022 Covered Data. The bill would apply to info that “identifies or is linked or reasonably linkable” to a person. Duties of Loyalty. The bill would prohibit covered entities from collecting, using, or transferring covered data beyond what is reasonably necessary and proportionate to provide a service requested by the individual 8
ADPPA of 2022 Transparency. The bill would require covered entities to disclose, among other things, the type of data they collect, what they use it for, how long they retain it, and whether they make the data accessible to the People’s Republic of China, Russia, Iran, or North Korea. 9
ADPPA of 2022 Consumer Control and Consent. The bill would give consumers various rights over covered data, including the right to access, correct, and delete their data held by a particular covered entity. It would further require covered entities to give consumers an opportunity to object before the entity transfers their data to a third party or targets advertising toward them. 10
ADPPA of 2022 Youth Protections. The bill would create additional data protections for individuals under age 17, including a prohibition on targeted advertising, and it would establish a Youth Privacy and Marketing Division at the Federal Trade Commission (FTC). 11
ADPPA of 2022 Third-Party Collecting Entities. The bill would create specific obligations for third-party collecting entities, which are entities whose main source of revenue comes from processing or transferring data that they do not directly collect from consumers (e.g., data brokers, systems developers, cloud providers, etc.). 12
ADPPA of 2022 Data Security. The bill would require a covered entity to adopt data security practices and procedures that are reasonable in light of the entity’s size and activities. It would authorize the FTC to issue regulations elaborating on these data security requirements. 13
ADPPA of 2022 Enforcement. FTC, under the agency’s existing enforcement authorities, and by state attorneys general and state privacy authorities in Congressional Research Service 3 civil actions. The bill also would give the California Privacy Protection Agency authority to enforce the ADPPA in the “same manner it would otherwise enforce” California’s privacy law, the California Consumer Privacy Act. 14
ADPPA of 2022 Private right of action. The bill would create a delayed private right of action starting two years after the law’s enactment. Injured individuals, or classes of individuals, would be able to sue covered entities in federal court for damages, injunctions, litigation costs, and attorneys’ fees. Individuals would have to notify the FTC or their state attorney general before bringing suit. 15
ADPPA of 2022 Before bringing a suit for injunctive relief or a suit against a small- or medium-size business, individuals would be required to give the violator an opportunity to address the violation. 16
American Privacy Rights Act of 2024 17
American Privacy Rights Act of 2024 18 Focused on data brokers and large/medium-sized businesses. Not targeting Mainstreet businesses Have $40m in annual revenue Have lots of data/transactions Due significant data sharing/selling Preempts the state laws (with exceptions)
U.S. State Privacy Laws – Early 2024 19
U.S. State Privacy Laws – Early 2025 20
CCPA and CPRA 21
State Law – California CCPA 22
State Law – California CPRA 23
Colorado Privacy Act https://coag.gov/resources/colorado-privacy-act/ 24
Texas Data Privacy and Security Act 25
Texas Data Privacy and Security Act Consumer Rights: Confirm that the data controller is processing their data. Access their personal data. Correct inaccuracies in their personal data. Delete their personal data. Obtain a copy of their data in a portable and readily usable format. Opt out of having their data processed for the purpose of targeted advertising, the sale of their data, or profiling that produces a legal or significant effect on the consumer. 26
U.S. lacks a federal law Many states have enacted state privacy laws because it is good policy Patchwork is confusing until a federal law is passed 27
Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com [email protected] 605.270.4427 www.drstreff.com 28 ASP Academy ™
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8
- Slides 28
- Age 280 days
Related Slideshows
22
FM I Chapter 3: Time Value of Money .ppt
belaywube
24 views
40
Financial Management I Chapter Three.pdf
belaywube
24 views
![Md. Sirajuddwla Vs. The State and Ors. [2016] 1LNJ(HCD)177.](https://slidepub.com/thumb/2184/284012184.jpg)
9
Md. Sirajuddwla Vs. The State and Ors. [2016] 1LNJ(HCD)177.
SMAlamgirHossain3
23 views
26
business finance-2nd quarter week 1.pptx
DianaPingol2
23 views
37
bank-reconciliation-2-240226133520-7f66bb8a.pptx
NaizeJann
21 views
25
Create_a_Portfolio_Website_Showcasing_Projects_Skills_and_Contact_Info_Presentation.pdf.pdf
AluminicompSRESCoeKo
20 views