Dive Brief:

• This week the American Civil Liberties Union launched a bipartisan campaign across 16 states and the District of Columbia to introduce privacy and data security legislation. 
• In the past, President Barack Obama has called for creating a "national standard" for companies informing customers about any compromises of their personal information, according to a Washington Post report. 
• Attempts to pass national legislation to protect consumer's information have failed. Instead, states have worked to set notification standards in case of data breaches.  

Dive Insight:

With chronic Congressional gridlock, the ACLU's effort to pass uniform legislation across states may be the most effective way to create a national approach to data security standards. In the event of data breach, companies in the U.S. must first look at the state level for find rules for notifying consumers. As of October, 47 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands had such notification standards. 

Companies face a potential compliance nightmare if they have locations in multiple states, and each state has its own data and privacy security rules. 

The ACLU's cross-state legislation focuses heavily on personal data privacy, proposing measures requiring law enforcement use warrants to gain access to emails, create limits on location-tracking technology and offer student information better protection, according to a Washington Post report. 

In the event of a data breach, the Federal Trade Commission has sued companies for failing to protect customer data, acting as the principal cybersecurity enforcer for the government. Recently, one CEO has been fighting the FTC over whether chief cybersecurity cop is actually in its job description.