On April 22, 2026, the House Energy & Commerce Committee introduced the Securing and Establishing Consumer Uniform Rights and Enforcement over Data (SECURE) Act, a legislative…
On April 22, 2026, the House Energy & Commerce Committee introduced the Securing and Establishing Consumer Uniform Rights and Enforcement over Data (SECURE) Act, a legislative proposal that could reshape the privacy compliance landscape for businesses operating across the United States. The bill seeks to establish a national consumer privacy framework that would preempt the increasingly fragmented patchwork of state privacy laws that companies have struggled to navigate over the past several years.
For businesses that handle consumer data, the most significant feature of the SECURE Data Act is its preemptive scope. Rather than requiring organizations to reconcile divergent obligations across multiple jurisdictions, the legislation would impose a single federal standard governing how personal information is collected, stored, used, and shared. This shift could substantially reduce the operational complexity and legal exposure associated with maintaining separate compliance programs tailored to each state's regime.
The bill grants consumers a familiar set of substantive rights, including the right to access their personal data, correct inaccuracies, request deletion, and port information to other service providers. Enforcement authority under the proposed framework would be vested jointly in the Federal Trade Commission and state attorneys general, creating a dual-track enforcement structure that businesses would need to account for in their compliance planning. Companies should anticipate that this shared enforcement model may produce varied interpretations and priorities across jurisdictions, even under a uniform statutory text.
The legislative path forward, however, remains uncertain. Following a House subcommittee hearing on June 3, 2026, the bill drew sharply divided responses that broke along party lines, signaling that meaningful negotiation may be required before the legislation can advance. While the introduction of the SECURE Data Act represents the most concrete movement toward comprehensive federal privacy legislation in recent memory, businesses should not assume enactment is imminent.
In the meantime, organizations should continue to comply fully with existing state privacy laws, including those in California, Virginia, Colorado, and other jurisdictions that have enacted consumer privacy statutes. Monitoring the SECURE Data Act's progress will be prudent, but operational compliance with the current state-level regimes remains the immediate priority.
This article is provided for general informational purposes only and does not constitute legal advice. Clients with specific questions regarding privacy compliance obligations should consult counsel for tailored guidance.