Public and Private Gears

Episode 206: What Might A Federal Data Privacy Law Mean In the US?

In this episode of the podcast (#206): with movement towards passage of a federal data privacy law stronger than ever, we invite two experts in to the Security Ledger studio to talk about what that might mean for U.S. residents and businesses.

Data theft and misuse has been an acute problem in the United States for years. And, despite the passage of time, little progress has been made in addressing it. Just this week, for example, SITA, an IT provider for the world’s leading airlines said that a breach had exposed data on potentially millions of travelers – just the latest in a steady drumbeat of breach and hacking revelations affecting nearly every industry. 

In the E.U. the rash of massive data breaches from retail firms, data brokers and more led to the passage of GDPR – the world’s first, comprehensive data privacy regime. In the years since then, other nations have followed suit.

But in the U.S., despite the passage of a hodgepodge of state data privacy laws, no comprehensive federal law exists. That means there is still no clear federal framework covers critical issues such as data ownership, the disclosure of data breaches, private rights of action to sue negligent firms and so on. 

Changes In D.C. Bring Data Privacy Into Focus

But that may be about to change. In a closely divided Washington D.C. data privacy is the rare issue that has bipartisan support. And now, with Democrats in control of Congress and the Whitehouse, the push is on to pass pro-consumer privacy legislation into law. 

Stacey Gray, who is a Senior Counsel at the Future of Privacy Forum
Stacey Gray, who is a Senior Counsel at the Future of Privacy Forum

In this episode of the podcast, we invited two experts on data privacy legislation and policy into the Security Ledger studios to talk. In our first segment, we’re joined by Stacey Gray, who is a Senior Counsel at the Future of Privacy Forum to talk about progress towards a federal data privacy law in the U.S. and what that might mean for businesses and consumers. 

I started out by asking Stacey about the recent movement on privacy legislation, including during the Trump administration, and what 2021 may have in store. 

How Security Boosts Privacy – and Vice Versa

Data privacy and data security are often spoken of in the same breath, but they’re actually discrete topics and discrete problems for organizations. If you want proof of that, look to the healthcare sector in the U.S. Healthcare firms must comply with HIPAA, one of the most stringent data privacy laws in the world. But that hasn’t saved them from a rash of devastating security breaches as hackers preyed on insecure and poorly maintained IP infrastructure to steal sensitive health information on hundreds of millions of Americans. 

Rehan Jalil is the CEO of

In our second segment, we invited Rehan Jalil, the CEO of into the studio to dig deep on the security vs. privacy question. is a firm that sells privacy management and compliance services.  

In this conversation, Rehan and I talk about the evolving thinking on data privacy and security and about the impact on IT  the EU’s GDPR and state laws like CCPA are having on how businesses manage their data. Rehan and I also talk about whether technology might provide a way to bridge the gap between security and privacy: allowing companies to derive the value from data without exposing it to malicious or unscrupulous actors. 

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to to get notified whenever a new podcast is posted. 


  1. Pingback: Episode 206: What Might A Federal Data Privacy Law Mean In the US? | FREE AD BLOCK TEST

  2. Pingback: Episode 211: Scrapin’ ain’t Hackin’. Or is it? – Raymond Tec

  3. “While setting up a security program, companies designate an employee and entrust him/her with cybersecurity responsibilities. That particular employee instigates the process and creates a plan to manage a company’s risk through cybersecurity experts and solutions, audits, and appropriate policies and procedures.”
    information security policy template