Skip to content
National Association of Attorneys General
  • Issues
    • Issues
      • Anticorruption
      • Antitrust
      • Bankruptcy
      • Charities
      • Civil Law
    • Issues
      • Consumer Protection
      • Criminal Law
      • Cyber and Technology
      • Disaster Preparedness & Response
      • Elder Justice
    • Issues
      • Ethics
      • Human Trafficking
      • Medicaid Fraud
      • Opioids
      • Powers & Duties
    • Issues
      • Public Health
      • The U.S. Supreme Court
      • Tobacco
      • Veterans & Military
  • Our Work
    • Training & Research
    • Centers
      • NAAG Center on Cyber and Technology
      • NAAG Center for Excellence in Governance
      • NAAG Center for Supreme Court Advocacy
      • NAAG Center for Tobacco & Public Health
      • NAGTRI Center for Consumer Protection
      • NAGTRI Center for Ethics & Public Integrity
      • NAGTRI Center for International Partnerships & Strategic Collaboration
      • NAGTRI Center for Leadership Development
      • NAGTRI Center for Legal Advocacy & Faculty Development
    • Committees
    • Initiatives
      • Presidential Initiative
      • Strategic Partnerships
      • ConsumerResources.org
      • International Fellows
      • COVID-19
    • Bankruptcy
    • Policy & Advocacy
  • Events & Training
    • Event Calendar
    • Attorney General Symposium
    • Presidential Summit
    • Capital Forum
    • Region Meetings
    • CLE Credit
    • NAGTRI Trainings
    • Online Learning
    • NAGTRI Faculty
    • Video Library
  • News & Resources
    • Attorney General Journal
    • Reports & Publications
    • Newsroom
    • NAAG Policy Letters
    • Podcasts
    • Online Learning
    • Research & Data
    • Member Directory
  • Attorneys General
    • What Attorneys General Do
    • Who is my Attorney General?
    • Research & Data
    • Awards & Recognition
    • Careers in Attorney General Offices
  • About NAAG
    • NAAG Staff
    • NAGTRI
    • NAAG Leadership
    • NAAG Member Services
    • NAAG Regions
    • NAAG FAQs
    • SAGE
    • NAMFCU
    • Newsroom
    • Careers at NAAG
  • Find my AG
  • NAGTRI
  • Contact Us
National Association of Attorneys General
  • Find My AG
  • NAGTRI
  • Member Benefits
  • Consumer Complaints
  • Contact Us
Log In
  • Issues
    • Issues
      • Anticorruption
      • Antitrust
      • Bankruptcy
      • Charities
      • Civil Law
    • Issues
      • Consumer Protection
      • Criminal Law
      • Cyber and Technology
      • Disaster Preparedness & Response
      • Elder Justice
    • Issues
      • Ethics
      • Human Trafficking
      • Medicaid Fraud
      • Opioids
      • Powers & Duties
    • Issues
      • Public Health
      • The U.S. Supreme Court
      • Tobacco
      • Veterans & Military
  • Our Work
    • Training & Research
    • Centers
      • NAAG Center on Cyber and Technology
      • NAAG Center for Excellence in Governance
      • NAAG Center for Supreme Court Advocacy
      • NAAG Center for Tobacco & Public Health
      • NAGTRI Center for Consumer Protection
      • NAGTRI Center for Ethics & Public Integrity
      • NAGTRI Center for International Partnerships & Strategic Collaboration
      • NAGTRI Center for Leadership Development
      • NAGTRI Center for Legal Advocacy & Faculty Development
    • Committees
    • Initiatives
      • Presidential Initiative
      • Strategic Partnerships
      • ConsumerResources.org
      • International Fellows
      • COVID-19
    • Bankruptcy
    • Policy & Advocacy
  • Events & Training
    • Event Calendar
    • Attorney General Symposium
    • Presidential Summit
    • Capital Forum
    • Region Meetings
    • CLE Credit
    • NAGTRI Trainings
    • Online Learning
    • NAGTRI Faculty
    • Video Library
  • News & Resources
    • Attorney General Journal
    • Reports & Publications
    • Newsroom
    • NAAG Policy Letters
    • Podcasts
    • Online Learning
    • Research & Data
    • Member Directory
  • Attorneys General
    • What Attorneys General Do
    • Who is my Attorney General?
    • Research & Data
    • Awards & Recognition
    • Careers in Attorney General Offices
  • About NAAG
    • NAAG Staff
    • NAGTRI
    • NAAG Leadership
    • NAAG Member Services
    • NAAG Regions
    • NAAG FAQs
    • SAGE
    • NAMFCU
    • Newsroom
    • Careers at NAAG
  • Find my AG
  • NAGTRI
  • Contact Us

Data Breaches

Home / Issues / Consumer Protection / Consumer Protection 101 / Privacy / Data Breaches

A data breach can be defined as the unlawful and unauthorized acquisition of personal information that compromises the security, confidentiality, or integrity of personal information. What is considered personal information depends on state law but typically includes an individual’s first name (or initial) and last name plus one or more of the following:

  • Social Security Number 
  • Driver’s license number or state-issued ID card number 
  • Account number, credit or debit card number, combined with any security code, access code, PIN or password needed to access an account 

Additional categories may include:

  • Medical history or health information 
  • Biometric information 
  • Email address and password 
  • Tax ID number 

All 50 states, the District of Columbia, Guam, Puerto Rico, and the U.S. Virgin Islands have established data breach laws to protect consumers. These laws generally require organizations to notify individuals in the case of a data breach involving certain personal identifying information. In addition, the following topics are also addressed in many data breach notification laws:

  • Notice to the Attorney General: Some states require a notice be sent to the state attorney general or a state agency informing them of a breach. 
  • Time-Sensitive Notification: States have differing requirements on when and how notifications must be sent out to individuals.   
  • Risk of Harm Analysis: Some states allow for exceptions to their notification requirements upon an assessment of the risk of harm to the affected individuals. 
  • Encryption Safe Harbor: States have different laws affecting the definition of a breach and the notification requirements based on whether the data was encrypted.  
  • Paper or Electronic: States also differ as to whether their laws affect only electronic materials, paper materials, or both. 

When determining whether to pursue a data breach matter, attorneys general may consider several criteria:

  • Violation of statute 
  • Severity and scope 
  • Remedies available 
  • Legal value of the case 
  • Resources 

The severity and scope of a data breach is an important component attorneys general must consider when pursuing a data breach case. Additional factors include: 

  • Data sensitivity  
  • Number and type of consumers affected 
  • Impact on consumers 
  • Is the harm ongoing? 
  • Can the compromised information be modified to the detriment of the consumer? 
  • How culpable is the entity for the breach? 
  • Liability for vendors or third-parties 

Following a successful action against a company in violation of data breach laws, attorneys general may pursue different remedies: 

  • Injunctions: Companies may be required to take steps to protect consumer data, or update their systems and/or corporate governance.  
  • Civil penalties: Most state consumer protection laws list penalties for each violation.  
  • Consumer restitution: This could include free credit monitoring or freezes.  
  • Attorneys fees/costs. 

Data Breach Multistate Settlements and Investigations 

Attorneys general frequently work together on data breach matters and have successfully negotiated multistate settlements on behalf of consumers, resulting in significant civil penalties and added protections. Recent multistate settlements include: 

  • Uber Technologies, Inc. 
  • Lenovo 
  • Nationwide Mutual Insurance Company & Allied Property & Casualty Insurance Company 
  • Target 
  • Google Safari and Google Streetview 

Latest News

  • Supreme Court Report: Great Lakes Insurance SE v. Raiders Retreat Realty Co., 22-500 March 13, 2023
  • Supreme Court Report: Pulsifer v. United States, 22-340 March 13, 2023
  • Supreme Court Report: Consumer Financial Protection Bureau v. Community Financial Services Ass’n of America, Ltd., 22-448 March 13, 2023
  • Supreme Court Report: Helix Energy Solutions Group, Inc. v. Hewitt, 21-984 March 13, 2023
  • Supreme Court Report: Bittner v. United States, 21-1195 March 13, 2023

Recent Posts

  • Supreme Court Report: Great Lakes Insurance SE v. Raiders Retreat Realty Co., 22-500
  • Supreme Court Report: Pulsifer v. United States, 22-340
  • Supreme Court Report: Consumer Financial Protection Bureau v. Community Financial Services Ass’n of America, Ltd., 22-448
  • Supreme Court Report: Helix Energy Solutions Group, Inc. v. Hewitt, 21-984
  • Supreme Court Report: Bittner v. United States, 21-1195

Connect with NAAG and the Attorney General Community

Create a NAAG account to subscribe to our newsletters or mailing lists.

Create Account
Subscribe
Marble columns and the top of a federal building

scroll to filters

White Logo for the National Association of Attorneys General

1850 M Street NW
12th floor
Washington, DC 20036

TEL 202-326-6000
EMAIL 

Youtube
  • Issues
    • Issues
      • Anticorruption
      • Antitrust
      • Bankruptcy
      • Charities
      • Civil Law
    • Issues
      • Consumer Protection
      • Criminal Law
      • Cyber and Technology
      • Disaster Preparedness & Response
      • Elder Justice
    • Issues
      • Ethics
      • Human Trafficking
      • Medicaid Fraud
      • Opioids
      • Powers & Duties
    • Issues
      • Public Health
      • The U.S. Supreme Court
      • Tobacco
      • Veterans & Military
  • Our Work
    • Training & Research
    • Centers
      • NAAG Center on Cyber and Technology
      • NAAG Center for Excellence in Governance
      • NAAG Center for Supreme Court Advocacy
      • NAAG Center for Tobacco & Public Health
      • NAGTRI Center for Consumer Protection
      • NAGTRI Center for Ethics & Public Integrity
      • NAGTRI Center for International Partnerships & Strategic Collaboration
      • NAGTRI Center for Leadership Development
      • NAGTRI Center for Legal Advocacy & Faculty Development
    • Committees
    • Initiatives
      • Presidential Initiative
      • Strategic Partnerships
      • ConsumerResources.org
      • International Fellows
      • COVID-19
    • Bankruptcy
    • Policy & Advocacy
  • Events & Training
    • Event Calendar
    • Attorney General Symposium
    • Presidential Summit
    • Capital Forum
    • Region Meetings
    • CLE Credit
    • NAGTRI Trainings
    • Online Learning
    • NAGTRI Faculty
    • Video Library
  • News & Resources
    • Attorney General Journal
    • Reports & Publications
    • Newsroom
    • NAAG Policy Letters
    • Podcasts
    • Online Learning
    • Research & Data
    • Member Directory
  • Attorneys General
    • What Attorneys General Do
    • Who is my Attorney General?
    • Research & Data
    • Awards & Recognition
    • Careers in Attorney General Offices
  • About NAAG
    • NAAG Staff
    • NAGTRI
    • NAAG Leadership
    • NAAG Member Services
    • NAAG Regions
    • NAAG FAQs
    • SAGE
    • NAMFCU
    • Newsroom
    • Careers at NAAG
  • Find my AG
  • NAGTRI
  • Contact Us
  • Find My AG
  • NAGTRI
  • Member Benefits
  • Consumer Complaints
  • Contact Us
  • Accessibility Statement
  • Privacy & Cookies Notice
  • Sitemap
  • Member Login

About the National Association of Attorneys General

As the nonpartisan national forum for America's state and territory attorneys general and their staff, NAAG provides collaboration, insight, and expertise to empower and champion America's attorneys general.
Learn More

© 2023 Copyright National Association of Attorneys General

Website by Yoko Co

Internal Feedback / Report an Error

Request an Update / Report an Error

The change you are requesting will be linked to this page. The URL for the page will be included in a hidden field when the form is submitted.
Please enter your change or describe your request. Be sure to reference where the error appears on the page and what needs to be done specifically.
Upload any files that need to be linked to this page. PDF only. Submit another request if you have more than five files to upload.
Drop files here or
Accepted file types: pdf, Max. file size: 50 MB, Max. files: 5.

    Who is requesting this change?(Required)

    Scroll To Top

    Insert/edit link

    Enter the destination URL

    Or link to existing content

      No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.