An in-depth comparison between ADPPA (American Data Privacy and Protection Act) and the CALIFORNIA PRIVACY LAWS*
*CCPA (California Consumer Privacy Act) and CPRA (California Privacy Rights Act)
| Result of comparison |
ADPPA |
California Privacy laws CCPA/CPRA |
| Quite similar (except for the fact that ADPPA requires the presence of a specific figure for certifying the compliance with ADPPA). |
- Covered entities are required to implement reasonable administrative, technical, and physical data security practices and procedures against unauthorized access and acquisition of covered data.
- Large data holders must perform specific audits on data protection matters (at least every 2 years) in order to demonstrate the compliance with alle relevant privacy laws. Such reports must be kept available for the FTC upon request.
- An executive must certify the compliance of the covered entity with the Act.
|
- Businesses must implement reasonable security procedures and practices according to the nature of the personal information to protect from unauthorized or illegal access, destruction, use, modification, or disclosure.
- No specific provisions concerning general assessment on privacy issues but only related to cybersecurity aspects
- No specific provision on such issue.
|
