WASHINGTON — Attorneys general in 47 states have asked Congress not to pre-empt their ability to enforce data breach and security laws.
That request came in a letter to members of Congress this week, according to Maryland Attorney General Brian Frosh.
“Maryland has passed laws to protect consumers from data breaches and identity theft, and it would be ill-advised if Congress passed a law that prevented the state from continuing to protect its residents,” Frosh said. “We have seen in recent years how widespread data breaches have become, which is why our enforcement efforts cannot be constrained in any way.”
The AGs said Congress can enact new laws to respond to threats, but allow states to enforce their existing laws.
Data-breach bills were introduced in both the House and Senate this past spring that would create a national data breach standard, including a House bill that would preempt the current "patchwork" of laws with a single, national protection and notification standard.
Pre-emption of state laws has divided Democrats, with some saying it is necessary and others say pre-emption could weaken protections, given a national standard they said does not sufficiently protect personal information.