Consumer data in the United States is protected by a scattershot of local laws that are inconsistently enforced. The U.S. is also the only country in the Organisation for Economic Co-operation and Development (OECD) that does not have a data protection agency. This needs to change.
Centralizing data privacy lawmaking and enforcement at the federal level would provide far more stability than the current fractured approach of states and other localities making their own laws and using their own enforcement mechanisms. A national data protection act, or DPA, is important not just for the consumers, but also for companies who handle data and are responsible for implementing compliance controls. With a coherent national approach developed with input from all industry players and consumer and privacy groups, companies will be able to better understand their obligations and related enforcement, and therefore will be able to more effectively and efficiently protect their customers’ data.
Having a single federal data privacy law would allow companies to focus their efforts on compliance and protection of individuals’ rights, and not on a complex and shifting set of requirements that would differ depending on the jurisdiction(s) at play for each individual or piece of data. The more complex the tapestry of laws that apply to personal data, the harder compliance will be. Europe learned this lesson and has implemented General Data Protection Regulation as an European Union-wide privacy law. We should do the same.
In February, Se. Kirsten Gillibrand, D-NY, proposed legislation for a federal DPA. More recently, Sen. Sherrod Brown, D-Ohio, introduced a unified protection
