1. Data Security Requirements

An in-depth comparison between ADPPA (American Data Privacy and Protection Act) and the CALIFORNIA PRIVACY LAWS*
*CCPA (California Consumer Privacy Act) and CPRA (California Privacy Rights Act)

Result of comparison ADPPA California Privacy laws CCPA/CPRA
Quite similar (except for the fact that ADPPA requires the presence of a specific figure for certifying the compliance with ADPPA).
  • Covered entities are required to implement reasonable administrative, technical, and physical data security practices and procedures against unauthorized access and acquisition of covered data.
  • Large data holders must perform specific audits on data protection matters (at least every 2 years) in order to demonstrate the compliance with alle relevant privacy laws. Such reports must be kept available for the FTC upon request.
  • An executive must certify the compliance of the covered entity with the Act.
  • Businesses must implement reasonable security procedures and practices according to the nature of the personal information to protect from unauthorized or illegal access, destruction, use, modification, or disclosure.
  • No specific provisions concerning general assessment on privacy issues but only related to cybersecurity aspects
  • No specific provision on such issue.