Beshear Opposes Federal Legislation Allowing Companies to Avoid Notifying Customers of Certain Data Breaches

Andy Beshear

Attorney General Andy Beshear is joining a coalition of AGs to stop federal legislation that would do away with state laws providing safeguards for Kentuckians during many data breaches.

The Data Acquisition and Technology Accountability and Security Act aims to chip away at Kentucky’s consumer protection laws that provide Kentuckians data security protections, Beshear said.

“With the increasing threat and ever-evolving nature of data security risks, Kentucky’s consumer protection laws, which our office enforces, provide vital flexibility and a vehicle to rapidly and effectively respond to protect Kentuckians,” Beshear said. “We cannot allow any federal action to negate our authority.”

Beshear said the proposed federal legislation would also severely affect the ability of states to obtain consumer data security protections in settlements with companies.

For instance, Beshear’s office joined multistate settlements in 2016 and 2017 against Target, Adobe and Nationwide Mutual Insurance Company, requiring those companies to maintain data security protections affecting thousands of Kentuckians.

In September, Beshear joined with other attorneys general to send a letter demanding that Equifax take immediate steps to strengthen customer protections and improve services to the nearly 143 million people impacted by its massive data breach.

This proposed legislation would protect companies like Equifax and other credit agencies from the effective enforcement efforts of state attorneys general, Beshear said.

The federal bill allows entities suffering data breaches to determine whether to notify consumers of a breach based on their own judgment as to whether consumers have suffered harm, which would result in fewer notices and then only after the harm has occurred, Beshear said.

The bill also fails to acknowledge that most breaches are either local or regional in nature.

“This measure only addresses large, national breaches affecting 5,000 or more consumers and prevents state attorneys general from learning of or addressing breaches that are smaller but still cause great harm to consumers,” he said.

Missouri Congressman Blaine Luetkemeyer and New York Congresswoman Carolyn Maloney are sponsoring the Data Acquisition and Technology Accountability and Security Act.

Neighboring state attorneys general joining Beshear to oppose the legislation include Illinois and Tennessee.

Beshear asks Kentuckians to take immediate steps to closely monitor their credit and report any suspicious credit activity to his office’s Security Breach hotline at 855-813-6508.

Leave a Reply