This analysis describes what ADP's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The obligation to notify without undue delay limits ADP's ability to delay disclosure of breaches to the client, but a law enforcement or supervisory authority carve-out can suspend that obligation.
ADP deleted the cookie preference management tool that previously allowed users to understand and control which cookies were placed on their devices, including functional, analytics, and advertising cookies. The removal eliminates the transparency mechanism through which users could consent to or opt out of different cookie categories. The practical effect depends on whether ADP has replaced this functionality elsewhere or whether cookies continue to be placed without equivalent granular user control.
View change record →Clients can expect prompt notification of a data security breach, subject to a law enforcement or supervisory authority exception that may delay or prevent that notification.
How other platforms handle this
In the event that any information under our custody and control is compromised as a result of a breach of our security, we will take steps to investigate and remediate the situation and, in accordance with applicable laws and regulations, may notify...
If you would like to submit a legally binding request to demand someone else's Personal Data (for example, if you have a subpoena or court order), please review our Guidelines for Legal Requests.
Data Reporting
Monitoring
ADP has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"ADP shall notify the client of a data security breach without undue delay after becoming aware that such a breach has occurred, unless a law enforcement official or supervisory authority determines that notification would impede...— Excerpt from ADP's ADP Privacy Statement
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The obligation to notify without undue delay limits ADP's ability to delay disclosure of breaches to the client, but a law enforcement or supervisory authority carve-out can suspend that obligation.
Clients can expect prompt notification of a data security breach, subject to a law enforcement or supervisory authority exception that may delay or prevent that notification.
ConductAtlas has identified this type of provision across 275 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by ADP.