Skip to main content

State Attorneys General Fight Preemption Of Data Breach Laws

Attorneys general in 47 states have asked Congress not to preempt their ability to enforce data breach and security laws.

That came in a letter to members of Congress this week, according to Maryland AG Brian Frosh.

“Maryland has passed laws to protect consumers from data breaches and identity theft, and it would be ill-advised if Congress passed a law that prevented the state from continuing to protect its residents,” said Frosh. “We have seen in recent years how widespread data breaches have become, which is why our enforcement efforts cannot be constrained in any way.”

The AGs say Congress can enact new laws to respond to threats, but allow states to enforce their existing laws.

Data breach bills were introduced in both the House and Senate this past spring that would create a national data breach standard, including a House bill that would preempt the current "patchwork" of laws with a single, national protection/notification standard.

Preemption of state laws has divided Democrats, with some saying it is necessary and others claiming that the new bills could wind up weakening protections, especially given a national standard, which they say does not sufficiently protect personal information.