Attorneys General Stress Need for State Data Breach Laws
It would be greatly detrimental to have federal regulations that preempt state data security and state data breach laws, according to a group of 32 attorneys general, led by Illinois Attorney General Lisa Madigan.
The letter explains concerns that have arisen with the proposed Data Acquisition and Technology Accountability and Security Act, a draft bill released on February 16, 2018. The proposed legislation would preempt necessary state laws that require consumers and attorneys general be notified about data breaches, the group explained.
Additionally, the bill “appears to place Equifax and other consumer reporting agencies and financial institutions out of states’ enforcement reach,” the letter stated.
“We know first-hand how alarmed and frustrated consumers are when they learn a company they trusted to protect their sensitive personal data has suffered a breach,” the attorneys general explained. “We regularly hear from our consumers after a data breach, including scores of concerned consumers who reached out to our offices for help after the recent Equifax data breach that put over 145 million Americans at a life-time risk of identity theft.”
State data breach notification requirements have helped to increase transparency about data breaches that have taken place in the last 10 years, the letter maintained. Attorneys general have taken the information about where organizations have failed in their security measures to create stronger requirements for companies.
“We urge you to avoid limiting our ability to learn about data breaches and to require companies to improve their data security measures going forward,” the attorneys general wrote.
The bill would allow companies to determine whether to notify consumers of a breach based on their own judgment. This reduced transparency will likely result in fewer data breach notifications being sent out to consumers who may be at the risk of harm, the group explained.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise