New Data Protection Agency to Address Growing Privacy Crisis in the United States

Last week US Senator Kirsten Gillibrand (D-NY) published a bill which, if passed, would create a US federal data protection agency designed to protect the privacy of Americans and with the authority to enforce data practices across the country. The bill, which Gillibrand calls the Data Protection Act, will address a “growing data privacy crisis” in the US, the senator said. This marks a significant step forward for the United States. Not only will the new Act create new data protection rules, but it will also establish an independent federal agency to regulate and enforce those rules. 

This new data protection agency will have specialist knowledge in technology, data protection, civil rights, law and business and will have the power to impose civil penalties for data breaches across the public and private sectors. The US is one of only a few countries without a data protection law (along with Venezuela, Libya, Sudan and Syria). Gillibrand said the US is “vastly behind” other countries on data protection.

In a Medium post Gillibrand wrote Americans “deserve to be in control of their own data.” Gillibrand’s bill lands just a month after California’s consumer privacy law took effect, more than a year after it was signed into law. The law extended much of Europe’s revised privacy laws (GDPR), to the state.

So, what does this new bill mean for schools?

Having guided schools worldwide through a similar journey with the introduction of the EU General Data Protection Act, there are a number of things that schools should start doing now to prepare for the changes that the new Data Protection Act may bring.

  1. Understand what data you are processing, consider what you are collecting, why you are collecting it, how long you need to keep it for and what measures you have in place to protect it.
  2. Raise awareness within your school community about the new Act and consider what working practices might need to change in order to create a culture of data protection. 
  3. Start to make enquiries with your school’s third party suppliers about how they protect the personal data the school shares with them. Prioritise those that carry the most risk with personal data so that these can be considered when the new law is introduced.
  4. Start to identify any roles within your school leadership team that might have scope to take on board additional functions to manage data protection compliance across your school.
  5. Make your friends before you need them! Now is a good time to start building a community of trusted advisers. Make time at industry conferences to talk to consultants such as 9ine so that you can find the right solutions for your school’s specific challenges well ahead of time.

About the Author: 

Illustrations of faces-09Heidi-Anne O’Neill is 9ine’s in-house Data Protection Solicitor. She has been qualified for fourteen years and has spent the last eight years advising in the area of information law. As a result of many years spent in local government, she holds both a Data Protection Practitioner and a Freedom of Information Practitioner Certificate. She is pleased to be part of the team at 9ine and looks forward to assisting clients on their journey towards data privacy compliance.

Talk to us call to action



Let’s Stay in Touch

Subscribe to our newsletter to receive product announcements & other updates.