Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

NAAG Urging Congress to Refrain From Passing Federal Data Breach Legislation Preempting State Authority

State Attorney General U.S. Senate U.S. House Privacy/Cyber Risk & Data Security

Privacy, Cyber Risk & Data Security

On July 7, as Congress considers proposed legislation on data breach notification and security, the National Association of Attorneys General (NAAG) sent a letter to leaders of both houses of Congress urging them to refrain from passing federal data breach and identity theft laws that would preempt states’ authority to enforce their own legislation, or pass legislation that exceeds federal standards. The 47 state attorneys general argued that “preempting state law would make consumers less protected than they are right now” because (i) states are closer to people affected consumers and can better respond to their concerns; (ii) states are “better equipped to quickly adjust to the challenges presented by a data-driven economy”; (iii) although helpful for a national data breach, a single federal agency would be unable to “respond effectively” to the large number of smaller data breaches that “have a large impact in a particular state or region”; and (iv) “with the increasing speed rate of technological developments,” states need the ability to surpass minimal and continually obsolete federal requirements.  Accordingly, the state attorneys general asserted it was “crucial” that they “maintain their enforcement authority under their states’ laws, and that any legislation be tailored to ensure complementary enforcement authority.”