On February 27, 2019, the U.S. Senate Committee on Commerce, Science and Transportation will convene a hearing titled “Privacy Principles for a Federal Data Privacy Framework in the United States.” Committee members will focus on potential Congressional action to “address risks to consumers and implement data privacy protections for all Americans.” Committee Chairman Sen. Roger Wicker of Mississippi described the hearing as an opportunity to “help set the stage for meaningful bipartisan legislation.”

The hearing comes in the midst of calls from policymakers, advocates and industry for law that would protect individuals, foster trust, and promote innovation. Several lawmakers introduced legislation in the last Congress, and bills are expected this year. Until now, the EU’s General Data Protection Regulation has taken center stage, prompting a shift in how companies manage and protect data, and regulators’ expectations and EU citizens’ understanding of their rights with respect to data. But the Cambridge Analytica story and growing concerns about social media have also raised the profile of privacy and data protection. And the California Consumer Privacy Act, which comes into effect in 2020, has implications for companies across the U.S. and raises the possibility of state-by-state regulation of information privacy.

Current proposals vary in focus and approach, but the interest in legislation is bipartisan: Republican Senator Wicker has voiced support for “a federal law on the books by the end of 2019.” Democrat Frank Pallone of New Jersey endorsed “comprehensive legislation” and shortly after the election in November announced that information privacy and security will be part of the Democratic agenda.

In addition to bills introduced by members of Congress, trade associations, think tanks and advocacy groups have released their own proposals in the form of frameworks, high level principles and draft legislation. Intel Corporation released a draft bill and engaged in a public, online consultation about specific provisions.

Achieved Compliance will watch developments closely and keep you informed. But what is clear now is that growing interest of regulators and citizens on both sides of the Atlantic make data protection a top priority for companies, wherever they do business.


Through its software guided review and remediation process, education tools and representation services, Achieved Compliance makes it possible for companies to take all the steps needed for meaningful compliance that meets regulators’ expectations.

For more information as to how we can help your organization be GDPR compliant please contact info@achievedcompliance.com.