With no federal law on data breaches, most states created their own rules to ensure companies alert residents when hackers seize their personal information, reports Politico. As massive breaches at Target and Neiman Marcus revive congressional interest in a national notification standard, states are warning Washington: Don't trample on our turf. “States have been the leaders, the cops on the beat defining what is reasonable and not reasonable for their own states and heading up investigations on data breach cases for as long as there have been such things,” said Maryland Attorney General Doug Gansler. “It's almost always a local issue. … We actually get things done.”
All sides agree a federal standard that requires companies inform consumers about breaches would enhance the current patchwork of state laws. The consensus ends there. State attorneys general, especially in places with strong data breach regulations, see a federal law as the baseline. They want to keep their own rules in place, especially if a national standard is weaker. And they'd like to preserve their authority to enforce any data breach regulations — state or federal — in their own jurisdictions. Retailers, banks and tech firms argue that all the state rules burden companies and make it difficult to do business. They view a single, national standard as the goal.