State Attorneys General

The Attorney General Alliance and the Colorado Department of Law’s recent symposium “Colorado Privacy Act: Rights, Obligations, and Next Steps” demonstrates a continued commitment by various state attorneys general to influence and enforce data privacy policies. The panel discussions focused on the Colorado Privacy Act (CPA), one of only three comprehensive data privacy laws in

In a recent Q&A with Colorado Attorney General (AG) Phil Weiser, the first term AG discusses how he makes data privacy and cybersecurity accessible and interesting to his Colorado constituents. AG Weiser also explains the role of Colorado’s interdisciplinary Data Privacy and Security Impact Team and how its implementation has benefitted the state. Lastly, AG

Notwithstanding potential changes to privacy regulation at the federal level, state attorneys general (AGs) will continue to be robust and influential privacy policymakers and enforcers in the United States – that was the key takeaway of an interview by University of Maryland Law Professor Danielle Citron of Connecticut Attorney General George Jepsen at the IAPP Privacy Bar Section Forum today in Washington, D.C.


Citron’s scholarship has focused on privacy and the key role of the states, culminating in a law review article, THE PRIVACY POLICYMAKING OF STATE ATTORNEYS GENERAL, published this past December in the Notre Dame Law Review. She interviewed Jepsen, and many other AGs, for her article, and the two discussed her findings and recommendations to a sold-out crowd of the IAPP Privacy Bar Section. 
Continue Reading Importance of State AGs in Privacy in the United States – Interview of CT AG George Jepsen by Professor Danielle Citron at IAPP Privacy Bar Section Forum

State attorneys general (AGs) continue to emerge as major regulators of privacy, and increasingly, with respect to compromises of health-related data.

Businesses concerned with U.S. customer or employee data have long known of the importance of the roles of the Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services, among other federal agencies, in privacy regulation and enforcement; but the keen interest by state attorneys general in the area of privacy, and increasingly private health information, has received less attention.

That tide appears to be turning. In an international data privacy conference taking place this week in Washington, D.C., sponsored by the International Association of Privacy Professionals, both federal and state privacy regulators emphasized the importance of state AGs in privacy regulation and enforcement.
Continue Reading State AGs Upping the Ante on Health (and Other) Information Data Incidents – Expect Increased Enforcement Actions

Mississippi Attorney General (AG) Jim Hood is the president of the National Association of Attorneys General (NAAG), the professional association for the AGs of all 50 states, DC and the U.S. territories. As NAAG president, Hood has selected cybersecurity and digital privacy, as well as counterfeiting and IP theft, as topics of policy focus for NAAG. He also recently presided over NAAG’s National Presidential Initiative Conference, “Protecting Our Digital Lives: New Challenges for Attorneys General,” in Biloxi last April, which brought together more than a dozen AGs and their staffs to focus on these issues. In this spotlight, Hood discusses his NAAG presidential initiative, his interest in cybersecurity and digital privacy and what we can expect to come from his work in these areas.
Continue Reading Mississippi AG: Best To Notify Us Quickly of A Breach

Reed Smith has been closely following the interest and activities of State AGs in the areas of privacy and cybersecurity, and recently blogged on a major NAAG (National Association of Attorneys General) conference in April on these topics. That conference, which was sponsored by the Mississippi AG, was meant to educate AGs – most of whom are the elected consumer protectors-in-chief in their states – on the complex issues of data loss and misuse, as well as evolving privacy standards. A key takeaway from the conference was that AGs were likely to double-down on privacy enforcement and regulatory change.

Earlier this week, and following closely on the heels of that conference, NAAG held a privacy conference for Consumer Protection Assistant AGs (AAGs). Consumer Protection AAGs are the major enforcement attorneys in AG offices and are the tip-of-the-spear people in charge of privacy enforcement actions and investigations in their states.  AAGs attending this session came from far and wide (39 states, plus D.C.) – Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, D.C., Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Louisiana, Maine, Maryland, Massachusetts, Mississippi, Missouri, Montana, Nebraska, Nevada, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington, and Wisconsin.Continue Reading State AGs’ Interest in Privacy and Cybersecurity – No End in Sight – REDUX (or, if you prefer, we told you so…)

On April 13, the Washington State Senate unanimously passed an amendment to the state’s data breach notification law. The amendment, which was requested by Washington Attorney General Bob Ferguson, and which we discussed in this previous post, passed the state house of representatives in March and is now awaiting the governor’s signature. The law

On November 24, the FCC released a wide-ranging public notice seeking comment on a September 9, 2014, letter from the National Association of Attorneys General (NAAG), purportedly written “on behalf of the millions of Americans regularly receiving unwanted and harassing telemarketing calls.” The letter, signed by a bipartisan group of 39 AGs led by Chris