The Docketly Blog

Docketly Legal Updates: July 2021

Jul 14, 2021 by Sam Pierce

Proposed Data Protection Act of 2021

Recently, a measure was re-introduced in the United States Senate by Senator Kirsten
Gillibrand (D—NY) which, if enacted, would create an agency akin to the Consumer Financial
Protection Bureau (“CFPB”) for the purpose of “regulatory oversight of data.” The renewed
legislation is entitled the Data Protection Act of 2021, and it would create a federal agency aimed
at protecting consumer privacy and data, and also ensuring data practices are fair to consumers.
The proposed federal agency tasked with accomplishing the goals of the proposed legislation
would be called the “Data Protection Agency” (“DPA”) and said agency would be an
independent federal agency.
Senator Gillibrand explained that the renewed legislation, if enacted, would: (a) provide
“provisions to protect against privacy harms and discrimination,” (b) provide oversight to the
“use of high-risk data practices,” and (c) “examine and propose remedies for the social, ethical,
and economic impacts of data collection.” Important to the debt collection industry, Gillibrand
further explained that the DPA would “have the authority and resources to effectively enforce
data protection rules created either by itself or Congress,” and further that the DPA would be
equipped with a large toolbox for enforcement purposes (including equitable and injunctive
relief, as well as civil penalties).
Gillibrand stated the DPA would develop data protection standards, “guidelines, and
policies for use by the private sector.” According to the Senator:
It’s crucial that we modernize the way we handle technology, which is why I first
introduced the Data Protection Act last year, in order to create an executive
agency whose sole job is to protect data and privacy . . . . The new and improved
DPA of 2021 takes on even bigger and bolder reforms, including provisions to . . .
penalize high-risk data practices, and establish a DPA Office of Civil Rights.
Notably, the U.S. is one of the only democracies that lacks a federal data protection program.
Assuming the Data Protection Act of 2021 becomes law, debt collectors will not only
have to worry about oversight and penalties from the CFPB, but will also be subject to oversight
from the DPA and potentially subject to civil penalties in the event of improper data
dissemination, data breach, and improper or lacking data protection measures, amongst other
things. According to the Chairman of the Senate Committee on Banking, Housing, and Urban
Affairs, the U.S. does “need stronger protections for people’s personal data . . . . [which] means
[the U.S. needs] a robust independent data protection agency like the CFPB, with the tools and
resources to protect people’s data and privacy.” Accordingly, debt collectors should monitor the
proposed legislation and be prepared to adhere to more strict compliance standards regarding
consumer data.

Sam Pierce