WASHINGTON—Federal cyber risk and privacy legislation is needed, many observers agree.

Properly crafted legislation “would simplify some of the challenges that we currently have dealing with dozens of state laws,” said John F. Mullen, a partner with Nelson Levine DeLuca & Hamilton L.L.C. in Blue Bell, Pa.

The standards, duties and even definitions of personally identifiable information differ among the states. There also are a variety of ways to read state laws, Mr. Mullen said. “Those are some of the issues that should probably be addressed in a well thought-out (federal) law,” he said.

“Business would appreciate any bill that gives it some predictability,” said Celeste King, a founding partner with Walker Wilcox Matousek L.L.P., in Chicago. “That is the problem we have now with the patchwork of state laws. It's becoming increasingly difficult, really impossible, for some businesses to conduct business across states,” she said.

While there is a need for a federal privacy law, there also is the need to harmonize U.S. privacy law with the rest of the world, said Daren M. Orzechowski, a partner with law firm White & Case L.L.P. in New York. “There's a need to harmonize the different state laws that have arisen over the past few years with respect to privacy, and I think there's a general desire within the American culture to have a better set of ground rules between the consumers and the companies that collect their information.”

That being said, “I don't dispute that there's a legitimate need to assist the government in addressing cyber security threats, both to the government and American business,” he said. “The trick is: How do you balance these competing interests?”

Nathan David Taylor, an associate with Morrison Forester L.L.P. in Washington, said while cyber risk “is an issue that everyone cares about,” people “are struggling, trying to think about what's the best way to address it.”

As a financial services attorney, “we think we're already covered” by existing regulations, Mr. Taylor said. “I think it's an issue that probably needs greater and continued debate about how to do it right without adverse and unintended consequences.”