This analysis describes what ADP's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Individual notification is conditional on a high-risk-of-harm determination, meaning individuals assessed as lower risk may not receive direct breach notification.
Interpretive note: The excerpt ends with condition (a), implying there may be additional conditions (b), (c), etc. that govern individual notification obligations but are not present in the quoted text. Only condition (a) is stated in the canonical claim.
ADP deleted the cookie preference management tool that previously allowed users to understand and control which cookies were placed on their devices, including functional, analytics, and advertising cookies. The removal eliminates the transparency mechanism through which users could consent to or opt out of different cookie categories. The practical effect depends on whether ADP has replaced this functionality elsewhere or whether cookies continue to be placed without equivalent granular user control.
View change record →If you are determined to be at a high risk of harm following a Data Security Breach, ADP must notify you within a reasonable period of time after making that determination.
How other platforms handle this
If you would like to submit a legally binding request to demand someone else's Personal Data (for example, if you have a subpoena or court order), please review our Guidelines for Legal Requests.
Data Reporting
You will include a date/time stamp adjacent to your display of pricing or availability information on your application if you obtain Product Advertising Content from Data Feeds, or if you call Creators API, PA API or refresh the Product Advertising Content...less frequently than hourly.
Monitoring
ADP has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"ADP shall notify Individuals of a Data Security Breach within a reasonable period of time following determination of such Data Security Breach if (a) the Individual is at a high risk of harm...— Excerpt from ADP's ADP Privacy Statement
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Individual notification is conditional on a high-risk-of-harm determination, meaning individuals assessed as lower risk may not receive direct breach notification.
If you are determined to be at a high risk of harm following a Data Security Breach, ADP must notify you within a reasonable period of time after making that determination.
ConductAtlas has identified this type of provision across 275 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by ADP.