MADIGAN URGES CONGRESS TO PRESERVE STATE’S AUTHORITY TO ENFORCE DATA BREACH & DATA SECURITY LAWS
Attorneys General Oppose Federal Preemption of States’ Ability to Legislate & Enforce Laws that Protect Consumers from Data Breaches & Identity Theft
Chicago — Attorney General Lisa Madigan today urged Congress to pass a federal data security law that allows states to continue to enforce their own state data breach and data security laws in the interest of better protections for consumers across the country.
Citing recent efforts in Congress to pass a national law on data breach notification and data security, Madigan argued that any federal law must not diminish the important role of states in addressing data breaches and identity theft, especially in states like Illinois that has laws that provide greater protections than federal counterparts.
“Data breaches are increasingly threatening our financial security,” Attorney General Madigan said. “States absolutely must maintain their authority to serve as a frontline responder to assist residents in the wake of data breaches to help minimize the threat of identity theft.”
The letter, which was joined by 44 other states and the attorney generals of the District of Columbia and the Northern Mariana Islands, urged Congress to preserve existing protections in state law, ensure that states can continue to enforce breach notification requirements under their own state laws and enact new laws to respond to new data security threats.
The attorneys general point out a number of concerns with federal preemption of state data breach and security laws, including:
In Illinois, Attorney General Madigan recently drafted legislation to strengthen the state’s Personal Information Protection Act (PIPA). Originally passed in 2005 at Attorney General Madigan’s direction, PIPA made Illinois among the first states in the country to require entities that suffer a data breach to notify Illinois residents if the breached information included residents’ drivers’ license numbers, social security numbers, or financial account information. Since the law’s enactment, the extent of sensitive information collected about consumers has expanded and the threat of data breaches has increased significantly, necessitating the need to update and strengthen the state’s law.
To help Illinois residents, Madigan’s office has an Identity Theft Unit and Hotline (1-866-999-5630), run by a team of experts who provide one-on-one assistance to victims of identity theft and data breaches. Since the creation of the hotline, the Attorney General’s office has helped over 38,000 Illinois residents remove more than $27 million worth of unauthorized charges on their accounts.