Chapter 7: State Data Breach Notification, Data Security, and Data Destruction Laws

The Absence of a Federal Breach Law

Calls for a uniform federal breach law go back to 2003, but no comprehensive federal data breach notification law has been enacted. The deadlock turns on preemption: businesses want fewer requirements plus preemption of stricter state laws, while privacy advocates want federal law matched to the strictest states.

National discussions began in 2003 when Senator Dianne Feinstein of California introduced the first federal breach notification bill. Many comprehensive federal bills have since been considered, but none has passed.

The preemption fault line

Privacy advocates want federal law set to the strictest state standards. Businesses want fewer requirements plus preemption of stricter state laws. This disagreement is why consensus has been hard to reach.

Key terms - quick answers

What is “Federal preemption”?

The displacement of state law by federal law; a contested issue in proposed federal breach legislation, where businesses favor preempting stricter state laws.

← State Breach, Security, and Destruction Laws: The Landscape Common Structure of State Breach Laws →