We Need a Federal Privacy Law

Written by Dom Kirby

Former MSP Owner, CyberSec Practitioner, Modern Work Pro, Evangelist, Husband & Father

May 1, 2022

I was perusing one of my favorite cyber news spots, The Record, and stumbled on this article: Connecticut inches closer to becoming fifth state with data privacy law – The Record by Recorded Future. Privacy laws are a good and crucial step forward, especially because I personally believe that the whole “Web 3.0” thing is a fantasy that simply won’t be realized.

That said, we’re doing it wrong in the US. Connecticut being on track to become the fifth state with a privacy law is actually a bad thing. Before you bring your pitch forks, let’s talk about it!

Compliance will become impossible!

Now more than ever, small businesses conduct business across state lines. The explosion of e-commerce and digital services means that a lot of companies do business in all fifty states in fact. With the path we’re on, it won’t be long before those businesses are expected to comply with fifty unique sets of regulations. Let’s be real here, privacy doesn’t require a snowflake approach. The concept isn’t complicated: build regulation around the handling and transacting of data. In the current model, some states will go absurdly overboard, and some laws will simply be ineffective.

More importantly, it will create a landscape in which smaller businesses simply cannot comply. Keeping track of 50 different privacy laws, in addition to other compliance needs, is an extremely difficult and expensive task. Companies like Amazon can spend the money to make it happen. Smaller companies will be left behind like never before.

Why take the federal approach?

We can lean on the success of GDPR here. GDPR is a comprehensive law that covers an entire economic area. This means that GDPR can be comprehensive and effective, without making the barrier to entry unreachable. All businesses are held to the same set of practices, and service providers & consultants can align on that.

If the United States passes a federal privacy law, technology and legal services can step in to provide unified solutions that are attainable for all businesses, maintaining the critical competitive landscape we need. Further, it’s only one set of policies that are subject to change and amending. It also creates a level playing field across the states and prevents the use of exemptions like a tax break. Overall, something as important as this needs consistency. It needs to be easy for businesses of all shapes and sizes, doing business anywhere in the US, to adopt and abide by the new regulation.

You May Also Like…

Data Classification for All

Data Classification for All

I figured I would expand on my Purview Information Protection information by creating a general guide around...