As Data Breaches Rise, AGs Emerge as Primary Enforcers

May 6, 2013 – In The News

Scott Vernick was quoted in the Law360 article, "As Data Breaches Rise, AGs Emerge as Primary Enforcers." While the full text can be found in the May 6, 2013, issue of Law360, a synopsis is noted below.

A pair of state attorneys general have requested more information regarding a recent data breach that impacted 50 million users of LivingSocial Inc. Lawyers believe that the inquiry reflects the recent push by state regulators to fill a legislation and enforcement void that exists at the federal level.

Due to the emergence of state breach notification laws that provide state attorneys general with the authority to police data security violations in ways their federal counterparts may not, many attorneys general have become more active in protecting consumer data security. To date, attorneys general have been wielding their statutory power mainly by working behind the scenes with companies that report breaches and forming joint task forces to investigate privacy and breaches.

“There is much more specific legislation for a broader swath of companies on a state-by-state basis that gives real teeth to data security and privacy enforcement, so it makes perfect sense that state attorneys general are taking an active role in enforcing that,” Scott Vernick said.

Since 2002, states have worked to enact their own laws on how companies should best prepare for and respond to the loss or theft of data. Currently, 46 states have notification laws in place. However, federal lawmakers have yet to set a security standard that would apply across all sectors.

“It's consistent with the old saying that 'nature abhors a vacuum,'” Vernick said. “There's been a certain amount of friction in Congress that is preventing it from passing legislation, which leaves a vacuum in enforcement that is being filled by more aggressive state legislation and more aggressive state attorneys general.”