Every day we see another news alert or story about a privacy breach, hack or loss of personal information. There are also times when we have been victims of our data being collected and illegally sold without us even knowing about it.

Data collection of individuals has skyrocketed in recent years. The city of Seattle has a contract with a company that collects individuals’ Wi-Fi signals at traffic intersections to help the city manage traffic patterns, reduce delay and prioritize road maintenance. Anyone who passes by one of their 300 sensors will have their unique digital thumbprint collected from their car or cellphone. According to Seattle’s Department of Transportation, the PII of individuals tracked is encrypted and the information is not available to “the SDOT, the vendor, or the public.”

But still, there are questions. How exactly are they storing the data and are they storing it properly? What state or federal laws are in place to protect each of us passing by those sensors?

There are, of course, other organizations collecting data in similar ways that have put data security at the forefront of their businesses — with transparent data collection processes, and the option for individuals to opt out of data collection. Missing from the news is a path to a federal privacy standard with the force of law. Instead, a patchwork of state laws has started to develop. Beginning in 2016, Utah, one of the most conservative states in the nation, passed HB369 to protect the public by limiting data collection practices.

California, which would have the world’s fifth-largest economy if it were a country, currently has the nation’s most aggressive privacy protections in place. The California Consumer Privacy Act (CCPA) regulates some of the most fundamental parts of privacy, including “Do not sell my personal information” requirements; clarity to consumers on which data is collected about them; and transparency in the process of what a company may do with that information. What the CCPA also adds is an enforcement mechanism giving the California attorney general the authority to enforce the law.

Following in the footsteps of these new legislations are more privacy protection attempts across the nation, including Virginia’s Consumer Data Privacy Act, Utah’s appointment of a state data privacy officer, and New York’s SHIELD Act to improve electronic data security. It’s incredible to see this mix of red and blue states unifying around protecting privacy. Polls show 75% of Americans want privacy regulation, leaving an open door for participation from the federal government.

Many new technologies rely on collecting, aggregating and synthesizing massive amounts of data. The intention of these laws is not to inhibit these technologies from helping make progress in various industries but to provide a secure and more standardized framework for how we handle data.

While states are taking up the cause of data privacy, it’s a piecemeal approach, making it difficult for businesses to respond, leading to higher costs and consumer confusion. Many states still lack some or meaningful data privacy protections. The only way to achieve a national standard is for the federal government to act.

While the FCC and FTC have enforcement powers, and existing laws such as the Children’s Online Privacy Act provide some means of federal regulation, what’s missing is a uniform federal privacy law that gives consumers the right to opt out, the right to understand what information is being collected on them, and the ability to appeal or seek enforcement against an entity that may be abusing that information or failing to comply.

Concerns with federal privacy law run into your standard issues with federal overreach and, of course, they run into the common problem facing the federal lobbying powers of big tech that push back on privacy restrictions. Of course, like auto emission standards, federal privacy can be written in a way that allows states to go further but requires standard foundational privacy protections at the federal level.

Every day brings a new risk, a new technology and further risks to our data privacy. It’s time to act.