I am not an expert bill reader but seems like this loophole is covered as there is another point that says :
"(ii) is not substantially owned, oper
ated, or controlled by a person, partner
ship, or corporation that does not meet the
6 requirements under clause"
Tbh thats still a better outcome than the status quo isn’t it: a single hack is now limited in damage, and multiple are required to do the equivalent of todays scenarios
What if everyone contracts out the data collection to a single party? Only giving the data a larger exposure.
I'm really glad this is coming to light and I hope it passes. It will be very interesting to see how companies try to avoid it, but at first glance, it seems well thought out.
"(ii) is not substantially owned, oper ated, or controlled by a person, partner ship, or corporation that does not meet the 6 requirements under clause"