Will ADPPA Become Privacy Law of the Land?

We follow trends and issues associated with data security and privacy closely. It is important to our customers and so it is important to us. Coviant Software has many customers for whom these things are central to their business operations. Whether it is a large healthcare network transferring files filled with sensitive data that must comply with the Health Insurance Portability and Accountability Act (HIPAA), retailers following standards established by the Payment Card Industry Digital Security Standard (PCI-DSS), financial services firms operating under the auspices of the Gramm-Leach-Bliley Act (GLBA), or any of the many other laws and regulations dictating how personal and sensitive information is to be secured, moved, and managed.

And so, we are watching as a new bill works its way through Congress. Known as the American Data Privacy and Protection Act (ADPPA), the bill was introduced in June by House members Frank Pallone, Jr. and Cathy McMorris Rogers. A version of the bill has already been passed by the Senate and sent back to the House where the Committee on Energy and Commerce recommended it be sent to the floor for a full vote.

Anyone who has paid attention to past efforts to pass federal privacy legislation has every right to be skeptical of ADPPA’s chances of adoption. Many privacy advocates have pushed for an omnibus federal privacy law for many years, only to watch efforts fail year after year. But, despite the many criticisms of ADPPA—both from within Congress and among privacy advocates—this time feels different, and the speed with which the bill is moving through Washington’s legislative machinery has filled the bill’s supporters with optimism.

We are not experts on privacy (nor on Capitol Hill skullduggery beyond what we learned by watching School House Rock), and so will refer you to others for the insider view on what is contained in the bill as currently constituted, and its strengths and weaknesses. The International Association of Privacy Professionals (IAPP) is a good resource to follow for that.

What we do know is that, should the bill pass and ADPPA become law of the land, there will be a number of issues requiring the attention of organizations needing to achieve compliance relative to the way applicable data is moved, stored, and managed. And that is were Coviant Software will be able to help. These include things like:

  • Securing data at rest and in motion – we do that with full PGP encryption and support for the SFTP secure transport protocol.
  • Documenting actions for compliance audits – by recording all activity within our Diplomat MFT platform, we provide the means to demonstrate compliance through documentation.
  • Automating processes related to security – Data encryption, file delivery confirmation, trouble notification, recipient authorization, and other essential processes are automated, minimizing the risk of non-compliance and data breach through human error.
  • Conducting due diligence when working with third-parties – data owners and stewards are required to ensure their partners in data management are themselves secure and compliant. We are transparent in our operations as a third-party, and our managed file transfer platform, Diplomat MFT, supports customers in their role as a trusted third-party partner.

We will continue to follow the progress of ADPPA and, whether or not the bill passes, we stand ready to support your organization in its effort to keep data safe and to achieve compliance with any and all applicable information security and data privacy laws, standards, and regulations. Check out Diplomat MFT for free as you consider your options for maintaining a solid compliance program.