It’s National Small Business Week! Small businesses are the engine of our economy—leading the way in American innovation and ingenuity. In fact, small businesses are responsible for 70 percent of American jobs. To win the future and lead the global economy, we must advance policies to help America’s small businesses be successful. One way to do this is with a national data privacy and security standard, like the bipartisan American Privacy Rights Act. 

Right now, growing small businesses and startups are forced to navigate a patchwork of state data privacy laws. 16 states have privacy laws that regulate the commercial collection and use of people’s data.  Ensuring compliance with multiple state laws can be costly and time consuming—forcing companies to divert valuable resources that could be used to improve or grow their business. It’s estimated that, without a national data privacy standard, U.S. small businesses could pay upwards of $20-23 billion annually trying to comply with a patchwork of state laws.

Startups and small businesses simply cannot afford to comply with 50 different versions of rules. That’s why we’re leading on the American Privacy Rights Act to create a clear and consistent data privacy standard across all 50 states. Our bipartisan draft legislation strikes the right balance by giving Americans more control over where their personal information goes and who can sell it, while making sure small businesses and entrepreneurs are able to continue thriving and innovating in the U.S.

137 of the world’s 194 countries have national privacy laws. The United States does not. If we wait any longer, the larger the patchwork of state laws will grow and hurt American businesses, deter companies from operating and innovating in America, and undermine our ability to influence global standards to benefit the U.S. The American Privacy Rights Act ensures businesses have one clear set of rules to operate under—so a business will have the same standards in California as it does in Washington or Virginia.

To further support small businesses and entrepreneurs, the American Privacy Rights Act exempts those that do not sell their customer’s data for profit, those with an annual revenue of $40 million or less, and those that do not collect, process, retain, or transfer the data of 200,000 customers or fewer from the requirements of the bill. The American Privacy Rights Act is focused on the business of data, not Main Street business.

It’s past time for the United States to have one uniform, comprehensive data privacy standard that empowers small businesses to grow and thrive. Congress has been searching for a solution on this issue for decades, and now we have it with the American Privacy Rights Act.