Forty-seven state attorneys general last week renewed a decade-old call for Congress to leave data breach notification requirements to the states, rather than passing a national law.
“As the chief consumer protection officials in our respective states, we have seen first-hand the harm that data breaches and identity theft cause consumers. There are numerous bills pending in Congress that would create federal data breach notification and data security laws. However, any additional protections afforded consumers by a federal law must not diminish the important role states already play protecting consumers from data breaches and identity theft,” noted the attorneys general in a letter to congressional leaders. In 2005, many state attorneys general urged Congress not to preempt the power of states to deal with data breach notification as they saw fit. The earlier letter noted that Congress would not have even considered such measures without the efforts of “innovative” states.
“In the intervening decade since the prior letter, states have further proven these points, as offices of attorneys general have played critical roles investigating and enforcing data security lapses and responding to identity theft and consumer fraud on behalf of constituents. At the same time, state legislatures have continued to pass significant, innovative laws related to data security, identity theft, and privacy,” commented the AGs.
Since 2005, over 5,000 reported data breaches have occurred, affecting 815,842,526 records, according to the AGs and the Privacy Rights Clearinghouse. The letter also noted that data breaches have become commonplace, with consumers and businesses needing the “front line” action of states.
“Toward that end, it is important that any federal legislation ensure that states can continue to enforce breach notification requirements under their own state laws. States should also be assured continued flexibility to adapt their state laws to respond to changes in technology and data collection. As we have seen over the past decade, states are better equipped to quickly adjust to the challenges presented by a data-driven economy. States have been able to amend their laws and focus their enforcement efforts on those areas most affecting consumers,” the AGs concluded.
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
