WASHINGTON (June 14, 2021)— Cybersecurity is a vital part of national security. Recently, states like Colorado have passed new data privacy laws. While it is good to see states taking the issue seriously, our current patchwork of data security and data privacy legislation is costly, confusing and uneven, which leaves the United States and the data security of its citizens vulnerable in numerous ways. To remedy this issue, we need a federal law.

In a new policy study, Matt Gimovsky, Harry Krejsa and Cory Simpson examine how America’s adversaries are eager to steal and exploit our data, and suggest pathways for Congress to eliminate the threat.

Gimovsky, Krejsa, and Simpson note that, if Congress wants to protect American’s data, it needs to pass a federal data security and data privacy law to create a federal floor. A unique opportunity awaits Congress, as the authors point out that previous bills have set the groundwork for future legislation, and that consensus may be more achievable than previously thought. Settling issues around preemption, private right of action and agency enforcement will be difficult, but it is achievable.

“Our adversaries have repeatedly demonstrated a willingness to steal our data and commit resources or incur risks to push their visions of a less-secure, less-private, more malleable and more controllable internet onto the world. Congress must demonstrate a similar pragmatism, but one rooted in American values. If the internet is to remain open and interoperable—if it is to be used as a medium over which information freely flows uncensored by government—then Congress must act to ensure the digital realization of our American values,” state Gimovsky, Krejsa and Simpson.

Read the full policy study here.