Attorney General Asks Congress to Preserve State’s Authority to Enforce Data Breach & Data Security Laws

Attorney General Herbert H. Slatery III has joined a bi-partisan coalition of attorneys general urging Congress not to preempt state data breach and data security laws, including laws that require notice to consumers and state attorneys general of data breaches.

In their letter to congressional leaders, the attorneys general maintain that any federal law must not diminish the important role of states in addressing data breaches and identity theft, especially in states like Tennessee that have laws providing greater protections than the draft federal legislation.

“More and more personal information is being stored and share electronically, creating a target rich environment for hackers and identity thieves.  Therefore, it is more important than ever for Tennessee and other states to be able to use their own laws to protect consumers.  States have proven to be effective and knowledgeable enforcers of their data security laws, especially in light of increasing threats and evolving risks,” said Attorney General Slatery. 

In addition, the attorneys general point out a number of concerns with the proposed Data Acquisition and Technology Accountability and Security Act, including reduced transparency to consumers and a narrow focus on large-scale (5,000 or more consumers) breaches.

Related Links:

• Press Release #18-08:  Attorney General Asks Congress to Preserve State’s Authority to Enforce Data Breach & Data Security Laws
• Data Acquisition and Technology Accountability and Security Act letter (March 19, 2018)