Kansas A.G. Schmidt asks Congress to leave data breach enforcement in states' hands

By Staff Reports
July 08, 2015

Kansas Attorney General Derek Schmidt joined with 46 fellow attorney generals in asking Congressional leaders to leave the enforcement of data privacy laws to the states.

The attorney generals sent a letter to U.S. House and Senate leadership Tuesday, urging leaders not to include language preempting state laws in pending data security legislation.

Congress is considering federal legislation to govern data breaches, and one of the issues is how much authority state law should retain.

“States are the front lines in helping consumers deal with the repercussions of a data breach,” the attorneys general wrote. “Our offices have helped tens of thousands of consumers remove fraudulent charges from their financial accounts and repair bad credit caused by identity theft. … Any federal legislation on data breach notification and data security should recognize this important role and not hinder states that are helping their residents. Preempting state law would make consumers less protected than they are now. Our constituents are continually asking for greater protection. If states are limited by federal legislation, we will be unable to respond to their concerns.”

Schmidt said that while he appreciates federal legislators taking a serious stand against data breaches, the primary enforcement mechanism should remain with the states.

 “Data security is a serious, growing issue,” Schmidt said. “Kansas has had a data breach statute since 2006, and it should be allowed to remain on the books – not undermined by federal authorities.”