Four senior compliance practitioners share their views on the U.S. data privacy landscape and the actions their companies are taking to keep pace with new state laws set to hit the books in 2023. Today’s question:

Q: What would you like to see most in a U.S. federal data privacy law?

Meet the CCOs

Arthur Kirsten


U.S. Head of Compliance

Years in compliance: 20+



Victoria McKenney


Deputy General Counsel - Regulatory and Compliance and Deputy CCO

United States Steel Corporation

Years in compliance: 15



Kortney Nordrum


VP, Regulatory Counsel & CCO

Deluxe Corporation

Years in compliance: 9



Lisa Norris


Director of Compliance

ABB Optical Group

Years in compliance: 17



DISCLAIMER: The views reflected by the practitioners quoted are theirs alone and do not represent the views of their companies.

ARTHUR KIRSTEN: Where traditional finance evolved to become a broad system of banks and lending services, crypto and decentralized finance emerged outside of these established verticals.

What we’ve seen in response is a patchwork of laws and regulations that make it difficult to supply a unified solution to how crypto can or should function globally. However, establishing a single, clear approach to protecting user data in the digital asset space would ameliorate much of this confusion. believes universally understood and enforced regulations must be considered to ensure a safer, more equitable experience for all current and future market participants.


VICTORIA MCKENNEY: It would be helpful to have a uniform national standard that places the focus on sensitive personal information—the types of data that people would not want collected or shared without their knowledge. Narrowing the scope of covered information would allow companies to target their resources more efficiently, including their IT- and cybersecurity-related resources.



It would be really nice to have a single source for privacy rules, rather than juggling the varied standards of the states. Personally, I hope they base it on the GDPR, which gives individuals insight and control into how their personal data is used, transmitted, and stored.


LISA NORRIS: I would love to see centralized provisions. Currently, there is no one comprehensive federal law that governs data privacy in the U.S. and that, at times, is not just confusing but risky because it creates an opportunity for me to miss something. After all, I’m human.