Twenty-two states have enacted their own privacy laws, but there remains no uniform federal law to safeguard consumers’ personal data nationwide. A federal privacy law would bring consistency to existing protections, create broad and long-lasting privacy safeguards for consumers, and advance US leadership.

Twenty-two states have enacted comprehensive consumer privacy laws that create new rights for consumers, impose obligations on businesses that handle consumers’ personal data, and create new mechanisms to enforce those laws. Twenty-one of those states adopt the same basic structural model to protect consumer privacy. Some of those states have added greater substantive protections to that basic structural model while other states have adapted the same model to create narrower substantive protections, as reflected in the chart below. In contrast, California adopted a legislative model that creates a new state privacy agency charged with issuing regulations on more than 20 topics, including on issues addressed by statute in other states.

BSA supports adaptable, forward-looking controls that keep pace with technological change, reinforce US technology leadership, and promote clear, consistent, fact-based decision-making.

Congressional leadership can ensure the federal government modernizes securely, strengthens resilience, and maintains US technological leadership by focusing on smart IT modernization, risk-based security, and policies that enable trusted cloud adoption.