Consumer News

AG Schmidt to Congress: Preserve states’ ability to enforce data privacy laws

Release Date: Jul 07, 2015

TOPEKA – (July 7, 2015) – Kansas Attorney General Derek Schmidt today asked Congressional leaders to preserve the ability of states to enforce state data privacy laws.

 In a letter sent today to U.S. House and Senate leadership, Schmidt, along with 46 other state attorneys general, urged leaders not to include language preempting state laws in pending data security legislation. Congress is considering federal legislation to govern data breaches, and one of the issues is how much authority state law should retain.

 “States are the front lines in helping consumers deal with the repercussions of a data breach,” the attorneys general wrote. “Our offices have helped tens of thousands of consumers remove fraudulent charges from their financial accounts and repair bad credit caused by identity theft. … Any federal legislation on data breach notification and data security should recognize this important role and not hinder states that are helping their residents. Preempting state law would make consumers less protected than they are now. Our constituents are continually asking for greater protection. If states are limited by federal legislation, we will be unable to respond to their concerns.”

 Schmidt said that while he appreciates federal legislators taking a serious stand against data breaches, the primary enforcement mechanism should remain with the states.

 “Data security is a serious, growing issue,” Schmidt said. “Kansas has had a data breach statute since 2006, and it should be allowed to remain on the books – not undermined by federal authorities.”

 A copy of the attorneys general letter is available at

 Kansas consumers can learn more about how to protect their identities –as well as what to do if their information is compromised in a data breach – by visiting the attorney general’s consumer protection website at