Sen. Wicker, Roger (R-MS) and Sen. Marsha Blackburn (R-TN)
The SAFE DATA Act would require “clear and conspicuous” privacy policies as well as give individual users rights of access, correction, deletion, and portability of data. Data brokers would be required to disclose third parties to whom the users’ data is transferred, as well obtain affirmative express consent for the transfer and processing of “sensitive covered data.” It sets data minimization requirements as well as specific obligations on service providers and third parties. Covered entities must conduct privacy impact assessments. It also extends civil rights protections to data collection or transfer and requires data brokers to register with the FTC. It requires covered entities to establish data security policies and practices and to establish a data privacy officer and a data security officer. Enforcement is given to the FTC and state attorneys general and sets up a safe harbor for approved certification programs.