Proposed Data Protection Act of 2021
Recently, a measure was re-introduced in the United States Senate by Senator Kirsten Gillibrand (D—NY) which, if enacted, would create an agency akin to the Consumer Financial Protection Bureau (“CFPB”) for the purpose of “regulatory oversight of data.” The renewed legislation is entitled the Data Protection Act of 2021, and it would create a federal agency aimed at protecting consumer privacy and data, and also ensuring data practices are fair to consumers. The proposed federal agency tasked with accomplishing the goals of the proposed legislation would be called the “Data Protection Agency” (“DPA”) and said agency would be an independent federal agency.
Senator Gillibrand explained that the renewed legislation, if enacted, would: (a) provide “provisions to protect against privacy harms and discrimination,” (b) provide oversight to the “use of high-risk data practices,” and (c) “examine and propose remedies for the social, ethical, and economic impacts of data collection.” Important to the debt collection industry, Gillibrand further explained that the DPA would “have the authority and resources to effectively enforce data protection rules created either by itself or Congress,” and further that the DPA would be equipped with a large toolbox for enforcement purposes (including equitable and injunctive relief, as well as civil penalties).
Gillibrand stated the DPA would develop data protection standards, “guidelines, and policies for use by the private sector.” According to the Senator: It’s crucial that we modernize the way we handle technology, which is why I first introduced the Data Protection Act last year, in order to create an executive agency whose sole job is to protect data and privacy . . . . The new and improved DPA of 2021 takes on even bigger and bolder reforms, including provisions to . . . penalize high-risk data practices, and establish a DPA Office of Civil Rights. Notably, the U.S. is one of the only democracies that lacks a federal data protection program. Assuming the Data Protection Act of 2021 becomes law, debt collectors will not only have to worry about oversight and penalties from the CFPB, but will also be subject to oversight from the DPA and potentially subject to civil penalties in the event of improper data dissemination, data breach, and improper or lacking data protection measures, amongst other things. According to the Chairman of the Senate Committee on Banking, Housing, and Urban Affairs, the U.S. does “need stronger protections for people’s personal data . . . . [which] means [the U.S. needs] a robust independent data protection agency like the CFPB, with the tools and resources to protect people’s data and privacy.” Accordingly, debt collectors should monitor the proposed legislation and be prepared to adhere to more strict compliance standards regarding consumer data.