Attivo Networks Blogs

Attorneys General Stress Need for State Data Breach Laws

It would be greatly detrimental to have federal regulations that preempt state data security and state data breach laws, according to a group of 32 attorneys general, led by Illinois Attorney General Lisa Madigan.

The letter explains concerns that have arisen with the proposed Data Acquisition and Technology Accountability and Security Act, a draft bill released on February 16, 2018. The proposed legislation would preempt necessary state laws that require consumers and attorneys general be notified about data breaches, the group explained.

Additionally, the bill “appears to place Equifax and other consumer reporting agencies and financial institutions out of states’ enforcement reach,” the letter stated.

“We know first-hand how alarmed and frustrated consumers are when they learn a company they trusted to protect their sensitive personal data has suffered a breach,” the attorneys general explained. “We regularly hear from our consumers after a data breach, including scores of concerned consumers who reached out to our offices for help after the recent Equifax data breach that put over 145 million Americans at a life-time risk of identity theft.”

State data breach notification requirements have helped to increase transparency about data breaches that have taken place in the last 10 years, the letter maintained. Attorneys general have taken the information about where organizations have failed in their security measures to create stronger requirements for companies.

“We urge you to avoid limiting our ability to learn about data breaches and to require companies to improve their data security measures going forward,” the attorneys general wrote.

The bill would allow companies to determine whether to notify consumers of a breach based on their own judgment. This reduced transparency will likely result in fewer data breach notifications being sent out to consumers who may be at the risk of harm, the group explained.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Ready to find out what’s lurking in your network?

Scroll to Top