Photo of Chris Nolen

In addition to being an attorney with McGuireWoods LLP, Chris is an executive vice president in McGuireWoods Consulting. His government affairs practice consists of representing clients before the Virginia legislature, executive branch and state and local agencies.

State legislatures are increasingly legislating in the area of employee and student online privacy. Privacy practitioners should be aware that there is now a proposed uniform law for the states to consider enacting.  At its recent annual meeting in Stowe, Vermont, the Uniform Law Commission adopted a proposed uniform state law titled “Uniform Employee and

Recently, Republican attorneys general from across the nation gathered in Scottsdale, Arizona, for their association’s annual fall conference.  The purpose of the conference was to discuss a variety of issues facing the state attorneys general and businesses in their states.  McGuireWoods attorneys attended the conference’s data privacy panel discussion, led by Attorneys General Pam Bondi (R-FL) and Sam Olen (R-GA).

In many instances, the state attorney general is the “front-line” regulator dealing with companies that have suffered data privacy breach incidents.  Since state attorneys general rank consumer protection as one of their top priorities, how they view such incidents has a direct impact on how a company can expect to be treated should it suffer a data breach.

While very little new ground was broken in the discussion, it is noteworthy that data privacy and companies’ responses to breaches regularly make the agenda of such conferences, whether it is the Republican Attorneys General Association, the Democratic Attorneys General Association or the National Attorneys General Association.

One issue that garnered significant discussion was the myriad of data breach notification laws across the county and the burden this places on businesses in developing comprehensive data breach notification procedures that are compliant across states.  Notwithstanding this burden, the vast majority of state attorneys general, Republican and Democrat, oppose a national data breach notification law that would preempt the various state notification laws.

When a breach occurs, the attorneys general noted, their first course of action would entail a review of the existing data security measures undertaken by a company.  Ensuring that the data security measures are up to date with best practices would go a long way in alleviating concerns that the company was negligent in its security measures and more likely to experience a successful breach.  Often, the difference between the breach being viewed as an isolated incident, as opposed to being a reason to open a broader data security investigation, rests upon the actions taken prior to the breach occurring and the length of time it took to discover the breach.

The attorneys general also discussed the different approaches they take in dealing with a company that has suffered a breach.
Continue Reading State Attorneys General Offer Perspectives on Data Breaches