President Biden may soon announce an Executive Order that will include mandatory breach notification for software vendors that sell to the federal government.
Most U.S. states are developing privacy laws inspired by CCPA/CPRA or GDPR. At the federal level, different laws, such as HIPAA, FCRA and GLBA, selectively cover privacy and data protection in specific industries.
A federal privacy law in the United States will probably alleviate compliance only if it preempts state privacy laws in a comprehensive manner. the future federal privacy law should carefully balance individual privacy rights and economic interests of American enterprises, while considering the international landscape of emerging privacy regulations indoctrinated by GDPR. To minimize further conflicts with the EU legislation and its foreign siblings, the federal law should be consonant with the doctrinal privacy values of GDPR.