Proposed Federal Legislation — 119th Congress

SECURE
DATA ACT

The End of the Patchwork.

The Era of Preemption.

A single federal standard which, if passed by Congress, would replace 21 state privacy laws. Your business needs to prepare now.

HR 8413 — Introduced April 22, 2026

What is the SECURE Data Act?

One Federal Standard.
Fifty States.

Monumental architectural columns representing federal law and governance

The Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act (HR 8413), introduced April 22, 2026, represents the first major comprehensive federal privacy bill of the 119th Congress. If enacted, it would establish a single national standard for consumer data privacy — preempting the patchwork of state laws that currently governs how businesses collect, process, and share personal information.

For businesses operating across state lines, this legislation represents both an enormous opportunity for compliance simplification and a significant obligation to prepare for an entirely new regulatory framework. The window for preparation is now.

21
State Laws Preempted
200K
Consumer Threshold
$25M
SMB Exemption

Key Provisions

What the Act Requires

01

Federal Preemption

The Act would nullify any state law that "relates to" its provisions — the broadest possible preemption standard. All 21 existing state privacy laws, including CCPA/CPRA, could be superseded overnight.

02

Consumer Data Rights

Grants rights to access, correct, delete, and port personal data. Consumers may opt out of data sales, targeted advertising, and consequential profiling decisions.

03

Coverage Thresholds

Applies to companies processing data of 200,000+ U.S. consumers or those with 100,000+ consumers deriving 25%+ revenue from data sales. Small business exemption at $25M revenue.

04

Sensitive Data Protections

Requires opt-in consent for sensitive data, including data about minors under 16. Covers biometric, genetic, precise geolocation, financial, health, and racial/ethnic origin data.

05

Enforcement Framework

No private right of action. Enforcement through the FTC and state attorneys general. Companies following approved codes of conduct receive a rebuttable presumption of compliance.

06

Cross-Border Data Flows

Codifies the role of the Secretary of Commerce in facilitating international data transfers while maintaining privacy protections, recognizing existing CBPR frameworks.

The Preemption Landscape

21 State Laws.
One Federal Standard.

The SECURE Data Act's “relates to” preemption clause is the broadest formulation available in federal law. If passed, every state comprehensive privacy statute would be superseded — including those that currently provide stronger protections than the proposed federal floor.

Abstract geometric shadows on marble representing the complexity of overlapping state privacy laws

Hover to preview preemption effect

CaliforniaCCPA / CPRA
PREEMPTED
VirginiaVCDPA
PREEMPTED
ColoradoCPA
PREEMPTED
ConnecticutCTDPA
PREEMPTED
TexasTDPSA
PREEMPTED
OregonOCPA
PREEMPTED
MarylandMODPA
PREEMPTED
DelawareDPDPA
PREEMPTED
MontanaMCDPA
PREEMPTED
TennesseeTIPA
PREEMPTED
IowaICDPA
PREEMPTED
IndianaICDPA
PREEMPTED
WashingtonMHMDA
PREEMPTED
NevadaSB 220
PREEMPTED
FloridaFDBR
PREEMPTED
New HampshireNHPDA
PREEMPTED
New JerseyNJDPA
PREEMPTED
KentuckyKCDPA
PREEMPTED
NebraskaNDPA
PREEMPTED
MinnesotaMNDPA
PREEMPTED
Rhode IslandRIDPA
PREEMPTED

The Implication

Businesses that have invested in state-by-state compliance will need to restructure their entire privacy program. Those that haven't yet built one will face a hard federal deadline.

Federal Readiness Audit

Are You
Prepared?

Four questions to assess your organization's readiness for the proposed SECURE Data Act. This diagnostic is not legal advice — it is a starting point for the conversation you need to have.

Data processing scope and consumer volume

Sensitive data category exposure

Existing privacy program maturity

Organizational readiness posture

“Every company handles some form of personal data, therefore, every company is at some risk of violating the myriad of local, state and international data privacy laws. Without compliant data practices, data privacy violations are not a matter of ‘if’ — but ‘when’.”

— Chris W. Hogue, ReveredLegal

Readiness Assessment

Begin Your Audit

Answer four short questions to receive a preliminary assessment of your organization's exposure under the proposed SECURE Data Act.

Why Act Now

Compliance Doesn't Begin on Enactment Day

01

Data Mapping Takes Time

Understanding what personal data your organization collects, processes, and shares requires a thorough internal audit. This cannot be done overnight — it requires structured discovery and documentation.

02

Infrastructure Must Be Built

Consumer rights fulfillment — access, deletion, correction, portability — requires technical and operational infrastructure. Building it after enactment means you are already non-compliant.

03

Vendor Contracts Need Review

Every data processing agreement with third-party vendors must be reviewed and potentially renegotiated to align with the new federal standard. This is a significant undertaking for any organization.

Principal Consultation

ReveredLegal
Stands Ready.

The SECURE Data Act is not yet law — but the compliance burden it will impose does not begin on the date of enactment. It begins the moment your organization starts building the infrastructure to meet it. ReveredLegal provides the strategic counsel to make that process efficient, defensible, and forward-looking.

Our Approach

  • Comprehensive gap analysis against proposed federal standards
  • Data mapping and processing activity inventory
  • Consumer rights fulfillment infrastructure design
  • Sensitive data handling protocol development
  • Transition roadmap from state to federal compliance
  • Vendor and third-party data processing agreement review
info@reveredlegal.com

Consultations are confidential. No obligation.