A new report from the Information Technology and Innovation Foundation (ITIF) finds that a growing patchwork of state laws burdens companies with multiple, duplicative compliance costs. State privacy laws could impose out-of-state costs of between $98 billion and $112 billion annually. Over a 10-year period, these out-of-state costs would exceed $1 trillion. What’s more, small businesses would bear $20–23 billion of this out-of-state burden annually.

ITIF’s solution? “Congress should pass federal privacy legislation that preempts states, protects consumers, and promotes innovation.”