BSA TechPost

BSA's Kate Goodloe testifies for the SECURE Data Act hearing on June 3, 2026 BSA urged Congress to move forward with the SECURE Data Act to extend privacy rights from the 21 US state laws on which it is modeled to consumers nationwide.

BSA Managing Director of Policy Kate Goodloe told a subcommittee of the House Energy and Commerce Committee that the SECURE Data Act takes the right approach by clearly recognizing the bedrock distinction between controllers and processors to data in its approach to setting a national privacy standard for the United States.

“The United States needs a national privacy law built for the modern economy — one that pairs strong consumer protections with clear rules that limit how companies can use consumers’ data,” Goodloe told the Subcommittee on Commerce, Manufacturing, and Trade.

A national privacy law would set clear national set of rules that limit how companies collect and use data and raises privacy standards where no state laws exist, Goodloe told committee members of both parties.

The SECURE Data Act represents a new attempt by Congress to pass a national data privacy law after two stalled attempts. When the first such bill was introduced, only one state law had been enacted, but 22 US states have now acted — with 21 of them sharing that same structure.

“The distinction between controllers and processors is longstanding, widespread, found in every state privacy law, and it underpins modern privacy laws worldwide,” Goodloe said in testimony. “The goal of a privacy law should be to minimize how companies review data and not require them to start looking at data that they otherwise would not. That can happen when we conflate these roles. That really goes against the goal of privacy legislation.”

Full witness panel at hearing

BSA has identified how Congress can build on state privacy laws and tracked emerging models of state privacy after a slew of state action in recent years.

“The model that has been widespread throughout the states where it’s had common agreement is this model that has a core set of rights, a core set of obligations for companies to make sure that their data is used responsibly, and it’s regulatory-led enforcement,” Goodloe told the committee. “That’s the model that we see in the SECURE Data Act.”

ABOUT

The Business Software Alliance is the global trade association of the enterprise software industry, representing companies that are leaders in artificial intelligence, cybersecurity, cloud computing, and other cutting-edge technologies. We work in over 20 markets in the US, Europe, and Asia, advocating for policies that build trust in technology so that every industry sector and the public can benefit from innovation. BSA also supports its members and their customers by raising awareness of the risks of unlicensed software use and the benefits of software asset management, driving license compliance and software adoption around the world through sound IT procurement.

BSA TechPost

BSA Testimony: The US Needs a National Privacy Law for the Modern Economy

Europe’s Tech Sovereignty Debate is About More Than Technology

Giving Cyber Defenders First Access to Frontier AI Security Models

What the Magnolia Decision Gets Wrong About Inter Partes Review

BSA Member Roundtable: Digital Trade Policy Must Keep Pace With Innovation