The National Association of Attorneys General (NAAG) sent a letter today to congressional leaders urging them to ensure that federal data breach legislation preserves states’ ability to enforce state laws in order to protect consumers from data breaches and identity theft. Most of the federal bills related to data security and data breach notification pending in Congress preempts the states.
“Preempting state law would make consumers less protected than they are right now,” reads the letter signed by 47 state and territorial attorneys general. “Our constituents are continually asking for greater protection. If states are limited by federal legislation, we will be unable to respond to their concerns.”
States are on the front lines in helping consumers deal with the repercussions of a data breach. In addition, attorneys general regularly investigate the causes of data breaches to determine whether data collectors who experience a breach used reasonable data security practices and notified consumers of the breaches according to the requirements of state law. States began adopting data breach notification laws in 2003, and some have since required data collectors experiencing breaches to directly notify the attorney general in order to respond more quickly to concerned consumers.
The NAAG letter addresses several points:
· It is important that any federal legislation ensure that states can continue to enforce breach notification requirements under their own state laws. States should also be assured continued flexibility to adapt their state laws to respond to changes in technology and data collection.
· States should also be able to maintain their ability to place requirements on data collectors that go beyond those required at the federal level.
Federal law works best when it is supplemented by state enforcement and innovative state law.
The NAAG letter can be found here.
SOURCE: National Association of Attorneys General