Partner Joseph Jacquot was quoted in an article in
The Recorder, “
Why Becerra and Other State AGs Are Panning Proposed Federal Breach Notification Law,” about some states’ fear that proposed federal legislation would restrict their ability to pursue enterprises that keep data security breaches hidden.
Since the bill would only require companies to notify consumers of a data breach that poses a “reasonable risk” of injury, states would no longer be able to go after companies in federal court solely on the basis of them keeping breaches secret, Jacquot said. Under current law, state attorneys general have the ability to prosecute breached companies “even if a consumer is not harmed or injured,” he added.
Jacquot cited the $18.5 million settlement Target paid to 47 states and the District of Columbia in 2017 over a 2013 data breach, which was used to pay for attorney’s fees, investigative costs and the enforcement of state consumer protection laws. Under the proposed act, states would not be able to band together to obtain such a settlement.