News & Resources

How close are we to a national data privacy law?

In Thought Leadership, GDPR

Current Landscape

The General Data Protection Regulation (GDPR) went into effect on May 25, 2018. GDPR was adopted because the European Union (EU) recognized that the 1995 Data Protection laws were outdated and weren’t keeping up with the pace of the digital age and technological advancements. A little over a month later, on June 28, 2018 the California Consumer Privacy Act (CCPA) was signed into law by Governor Jerry Brown. CCPA is the first comprehensive state sanctioned data privacy law and will become effective on January 1, 2020. Other states like Maryland, New York and Connecticut are also working to pass comprehensive data privacy laws, while other states have passed or modified their data breach policies. The number of privacy law proposals in state legislatures continues to increase every day.


Why is a Comprehensive National Data Privacy Law needed?

Is it practical to expect businesses to comply to the privacy laws of 50 different states? Each state law will have a certain level of complexity and ambiguity. To make matters worse state laws may include overlapping or contradicting guidelines. It will be costly for businesses to try and comprehend and implement practices to comply to the various state laws and in some cases, they may not be able to comply.

GDPR has established the data privacy benchmark and for the last year has become the primary focus of data protection discussions throughout the world. Other countries like Brazil, China, India, Japan, South Korea and Thailand are using GDPR as a benchmark to adopt new data protection laws, develop new laws, or making revisions to their existing data protection laws.

The U.S. has segmented data protection laws to protect specific types of information. For example, the Health Insurance Portability and Accountability Act (HIPPA) protects health records; the Family Educational Rights and Privacy Act (FERPA) is a law that protects the privacy of student education records; and the Children's Online Privacy Protection Act (COPPA) is a law created to protect the privacy of children under 13. However, the U.S. doesn’t have a comprehensive federal privacy law that regulates the collection and use of personal data. The longer it takes the U.S. to enact a National Data Privacy Law the more the U.S. falls behind the data protection curve.

The U.S. currently relies on businesses regulating themselves. This basically means that consumers are forced to agree with the ways companies collect and use their personal data. U.S. individuals are left with no recourse to protect their personal data even though data breaches and inadequate data protection practices are mainstream in many companies.


What steps has the U.S. Government taken toward a National Privacy law?

In January 2019 the U.S. Government Accountability Office (GAO) provided a report to Congress recommending the development of internet data privacy legislation to enhance consumer protection. From February 2019 to May 2019 there were a series of U.S. Senate Committee hearings held to discuss the risks to consumers and implement data privacy protections for all Americans, discuss the pros and cons of data protection laws from various perspectives, examine consumers’ expectation for data privacy, and discuss data privacy rights, controls and protections that should be available to consumers.

U.S Senators also received feedback from Helen Dixon, Ireland’s data protection commissioner, who shared lessons and advice on data privacy policies.



It’s time for the U.S. to have a comprehensive federal privacy law. Congress realizes the time is now and the goal of Congress is to draft a bipartisan U.S. federal privacy bill. The bill appears to have strong bipartisan congressional support and the support of several large companies. The good news is the U.S. is working towards a solution to the U.S. data protection challenge. The bad news is, like most things in the government, it will most likely take several months of negotiations for Congress to agree on the federal law. Will we see a federal data protection law in 2019? I’m guessing the answer is no.

Are you having challenges implementing GDPR? Crayon has the GDPR services that can assist you to work towards GDPR compliance. Contact your Crayon Account Manager or contact at

Contact your Crayon Account Manager or contact at

Tony Musielak - BDM