Cadwalader allows sharing content.
Email to a friend or colleague:
In the wake of last month’s historic cyber breach of Equifax, which resulted in the theft of sensitive personal information belonging to over 140 million Americans, states have wasted no time in seeking a greater role in regulating cybersecurity risk. Historically, while state consumer agencies and attorneys general have enforced notification requirements for victims of cyberattacks where consumer data was compromised, significant enforcement actions have been the purview of federal agencies such as the Federal Trade Commission, the U.S. Department of Justice, the Securities and Exchange Commission, and the Commodity Futures Trading Commission. However, given the scope of recent breaches and the sensitivity of the information that was stolen, states have recently stepped up and launched their own investigations and enforcement actions, and have imposed new data protection standards on various types of businesses