On July 7, in response to Congressional efforts to pass a national law on data breach notification and data security, 47 state attorneys general sent a letter to Congress stressing the importance of maintaining their enforcement authority under their states’ laws in order to protect consumers in data breaches.

“Through our work on data breach investigations we understand the complexity of these issues and want to ensure that the progress made at the state level is not lost,” the letter said.

joeJacquotJoe Jacquot at Foley & Lardner LLP, who spoke on the panel “Federal Notification Law and the States” at the NetDiligence Cyber Risk & Privacy Liability Forum in June, said that, interestingly, the letter gives an opening for a federal notification standard on large data breaches, even as the state AGs staunchly argue for their role on smaller, regional breaches.

“Unless Congress passes a workable federal notification law, state AGs will continue to lead a patchwork of enforcement against companies suffering a data breach,” Jacquot said.