The current patchwork of state and federal privacy regulation and laws, including breach laws, creates compliance challenges for many businesses. While there has been discussion of potential harmonization of state breach laws, which could involve streamlining compliance requirements across the states, regulators appear to be tackling a uniform enforcement buffer first.
During a meeting of the Conference of Western Attorneys General (CWAG) this month, the Utah attorney general announced that he and a working group of his fellow AGs are in the process of creating a cybersecurity safe harbor that would give businesses predictability and certain protections from investigation or enforcement following a data breach. Several safe harbor standards have been proposed, including standards that follow the National Institute of Standards and Technology (NIST) guidelines.
Simultaneously, the group is drafting model legislation to codify the safe harbor protections. A white paper and other proposals will be ready for public review and comment by the end of the year, if not sooner. AGs will be looking for business input on how a safe harbor can provide predictability in exchange for responsible preparation; interested parties will have the opportunity to weigh in.
About our state attorneys general practice
Reed Smith’s state attorneys general practice advises clients on a wide range of legal matters, with a particular focus on legal and policy matters involving state attorneys general. The team has extensive experience counseling corporations through government investigations and litigation, as well as private litigation that may have a state policy component. We regularly represent Fortune 500 companies on high-stakes legal matters involving state AGs, and work with clients in a wide array of industries to anticipate, and, if possible, avoid litigation altogether. With a particular focus interest in privacy and data-loss issues, the team helps clients develop policies and strategies for complying with data privacy laws and implementing industry best practices.
Client Alert 2018-111