On July 7, 47 state attorneys general signed onto a multistate letter to the U.S. Congress emphasizing the importance of maintaining states’ authority to enforce data breach and data security laws, and their ability to enact laws to address future data security risks.
The letter to Senate Majority and Minority Leaders, Mitch McConnell and Harry Reid, and Speaker of the House and House Minority Leader, John Boehner and Nancy Pelosi, comes on the heels of a number of federal data breach bills that would create a federal breach notification and data security law. Eight bills are currently pending before Congress relating to data security and data breach notification. All but one of the bills would preempt state laws and enforcement efforts.
The letter by the state attorneys general called on the leaders of Congress to “not diminish the important role states already play protecting consumers from data breaches and identity theft.” State attorneys general have played a significant role in investigating data breaches and ensuring that state notification requirements are met in the event of a data breach. The 47 state attorneys general argue that states are better equipped than the federal government to “quickly adjust to the challenges presented by a data-driven economy,” and that states “have been able to amend their laws and focus their enforcement efforts on those areas most affecting consumers.” Many companies, however, believe that the differing individual state notification standards are unwieldy to navigate in the event of a data breach.
According to Connecticut Attorney General George Jepsen, “It would be a serious error for the federal government to preempt states from investigating and enforcing data privacy and security laws. … To suggest that federal law enforcement officials would have the resources and ability to follow up on every single breach notification in order to protect consumers in the same manner in which attorneys general now operate is, I believe, misguided,” Jepsen stated in a press release.
You can follow the Consumer Financial Services Law Monitor for continued updates on this and other news stories.