Skip to content
National Association of Attorneys General
  • Issues
    • Issues
      • Anticorruption
      • Antitrust
      • Bankruptcy
      • Charities
      • Civil Law
    • Issues
      • Consumer Protection
      • Criminal Law
      • Cyber and Technology
      • Disaster Preparedness & Response
      • Elder Justice
    • Issues
      • Ethics
      • Human Trafficking
      • Medicaid Fraud
      • Powers & Duties
    • Issues
      • Public Health
      • The U.S. Supreme Court
      • Tobacco
      • Veterans & Military
  • Our Work
    • Training & Research
    • Centers
      • NAAG Center for Excellence in Governance
      • NAAG Center for Supreme Court Advocacy
      • NAAG Center for Tobacco & Public Health
      • NAGTRI Center for Consumer Protection
      • NAGTRI Center for Ethics & Public Integrity
      • NAGTRI Center for International Partnerships & Strategic Collaboration
      • NAGTRI Center for Leadership Development
      • NAGTRI Center for Legal Advocacy & Faculty Development
    • Committees
    • Initiatives
      • Presidential Initiative
      • Strategic Partnerships
      • Consumer Resources.org
      • International Fellows
      • COVID-19
    • Bankruptcy
    • Policy & Advocacy
  • Events & Training
    • Event Calendar
    • Attorney General Symposium
    • Presidential Summit
    • Capital Forum
    • Region Meetings
    • NAGTRI Trainings
    • Online Learning
    • NAGTRI Faculty
    • Video Library
  • News & Resources
    • Attorney General Journal
    • Reports & Publications
    • Newsroom
    • NAAG Policy Letters
    • Podcasts
    • Online Learning
    • Research & Data
    • Member Directory
  • Attorneys General
    • What Attorneys General Do
    • AGs in the News
    • Who is my Attorney General?
    • Research & Data
    • Awards & Recognition
    • Careers in Attorney General Offices
  • About NAAG
    • NAAG Staff
    • NAGTRI
    • NAAG Leadership
    • NAAG Member Services
    • NAAG Regions
    • NAAG FAQs
    • SAGE
    • NAMFCU
    • Newsroom
    • Careers at NAAG
  • Find my AG
  • NAGTRI
  • Contact Us
  • Log In
National Association of Attorneys General
  • Find My AG
  • NAGTRI
  • Contact Us
Log In
  • Issues
    • Issues
      • Anticorruption
      • Antitrust
      • Bankruptcy
      • Charities
      • Civil Law
    • Issues
      • Consumer Protection
      • Criminal Law
      • Cyber and Technology
      • Disaster Preparedness & Response
      • Elder Justice
    • Issues
      • Ethics
      • Human Trafficking
      • Medicaid Fraud
      • Powers & Duties
    • Issues
      • Public Health
      • The U.S. Supreme Court
      • Tobacco
      • Veterans & Military
  • Our Work
    • Training & Research
    • Centers
      • NAAG Center for Excellence in Governance
      • NAAG Center for Supreme Court Advocacy
      • NAAG Center for Tobacco & Public Health
      • NAGTRI Center for Consumer Protection
      • NAGTRI Center for Ethics & Public Integrity
      • NAGTRI Center for International Partnerships & Strategic Collaboration
      • NAGTRI Center for Leadership Development
      • NAGTRI Center for Legal Advocacy & Faculty Development
    • Committees
    • Initiatives
      • Presidential Initiative
      • Strategic Partnerships
      • Consumer Resources.org
      • International Fellows
      • COVID-19
    • Bankruptcy
    • Policy & Advocacy
  • Events & Training
    • Event Calendar
    • Attorney General Symposium
    • Presidential Summit
    • Capital Forum
    • Region Meetings
    • NAGTRI Trainings
    • Online Learning
    • NAGTRI Faculty
    • Video Library
  • News & Resources
    • Attorney General Journal
    • Reports & Publications
    • Newsroom
    • NAAG Policy Letters
    • Podcasts
    • Online Learning
    • Research & Data
    • Member Directory
  • Attorneys General
    • What Attorneys General Do
    • AGs in the News
    • Who is my Attorney General?
    • Research & Data
    • Awards & Recognition
    • Careers in Attorney General Offices
  • About NAAG
    • NAAG Staff
    • NAGTRI
    • NAAG Leadership
    • NAAG Member Services
    • NAAG Regions
    • NAAG FAQs
    • SAGE
    • NAMFCU
    • Newsroom
    • Careers at NAAG
  • Find my AG
  • NAGTRI
  • Contact Us
  • Log In

Data Breaches

Home / Issues / Consumer Protection / Consumer Protection 101 / Privacy / Data Breaches

A data breach can be defined as the unlawful and unauthorized acquisition of personal information that compromises the security, confidentiality, or integrity of personal information. What is considered personal information depends on state law but typically includes an individual’s first name (or initial) and last name plus one or more of the following:

  • Social Security Number 
  • Driver’s license number or state-issued ID card number 
  • Account number, credit or debit card number, combined with any security code, access code, PIN or password needed to access an account 

Additional categories may include:

  • Medical history or health information 
  • Biometric information 
  • Email address and password 
  • Tax ID number 

All 50 states, the District of Columbia, Guam, Puerto Rico, and the U.S. Virgin Islands have established data breach laws to protect consumers. These laws generally require organizations to notify individuals in the case of a data breach involving certain personal identifying information. In addition, the following topics are also addressed in many data breach notification laws:

  • Notice to the Attorney General: Some states require a notice be sent to the state attorney general or a state agency informing them of a breach. 
  • Time-Sensitive Notification: States have differing requirements on when and how notifications must be sent out to individuals.   
  • Risk of Harm Analysis: Some states allow for exceptions to their notification requirements upon an assessment of the risk of harm to the affected individuals. 
  • Encryption Safe Harbor: States have different laws affecting the definition of a breach and the notification requirements based on whether the data was encrypted.  
  • Paper or Electronic: States also differ as to whether their laws affect only electronic materials, paper materials, or both. 

When determining whether to pursue a data breach matter, attorneys general may consider several criteria:

  • Violation of statute 
  • Severity and scope 
  • Remedies available 
  • Legal value of the case 
  • Resources 

The severity and scope of a data breach is an important component attorneys general must consider when pursuing a data breach case. Additional factors include: 

  • Data sensitivity  
  • Number and type of consumers affected 
  • Impact on consumers 
  • Is the harm ongoing? 
  • Can the compromised information be modified to the detriment of the consumer? 
  • How culpable is the entity for the breach? 
  • Liability for vendors or third-parties 

Following a successful action against a company in violation of data breach laws, attorneys general may pursue different remedies: 

  • Injunctions: Companies may be required to take steps to protect consumer data, or update their systems and/or corporate governance.  
  • Civil penalties: Most state consumer protection laws list penalties for each violation.  
  • Consumer restitution: This could include free credit monitoring or freezes.  
  • Attorneys fees/costs. 

Data Breach Multistate Settlements and Investigations 

Attorneys general frequently work together on data breach matters and have successfully negotiated multistate settlements on behalf of consumers, resulting in significant civil penalties and added protections. Recent multistate settlements include: 

  • Uber Technologies, Inc. 
  • Lenovo 
  • Nationwide Mutual Insurance Company & Allied Property & Casualty Insurance Company 
  • Target 
  • Google Safari and Google Streetview 

Latest News

  • States’ Tobacco Master Settlement Agreement Helps Implement CDC Strategies to Reduce Tobacco Use January 14, 2021
  • National Association of Attorneys General Condemns Attack on U.S. Capitol January 13, 2021
  • Challenge to the FTC’s Disgorgement Authority to be Heard by Supreme Court January 12, 2021
  • Attorneys General Push FDA to Examine Progress in Opioid Fight January 11, 2021
  • “Admitted to Practice,” “Practicing Lawyer,” “Active Practice”—What Attorney General Qualifications Mean January 7, 2021

Connect with NAAG and the Attorney General Community

Create a NAAG account to subscribe to our newsletters or mailing lists.

Create Account
Subscribe
Marble columns and the top of a federal building
White Logo for the National Association of Attorneys General

1850 M Street NW
12th floor
Washington, DC 20036

TEL 202-326-6000
EMAIL support@naag.org

  • Issues
    • Issues
      • Anticorruption
      • Antitrust
      • Bankruptcy
      • Charities
      • Civil Law
    • Issues
      • Consumer Protection
      • Criminal Law
      • Cyber and Technology
      • Disaster Preparedness & Response
      • Elder Justice
    • Issues
      • Ethics
      • Human Trafficking
      • Medicaid Fraud
      • Powers & Duties
    • Issues
      • Public Health
      • The U.S. Supreme Court
      • Tobacco
      • Veterans & Military
  • Our Work
    • Training & Research
    • Centers
      • NAAG Center for Excellence in Governance
      • NAAG Center for Supreme Court Advocacy
      • NAAG Center for Tobacco & Public Health
      • NAGTRI Center for Consumer Protection
      • NAGTRI Center for Ethics & Public Integrity
      • NAGTRI Center for International Partnerships & Strategic Collaboration
      • NAGTRI Center for Leadership Development
      • NAGTRI Center for Legal Advocacy & Faculty Development
    • Committees
    • Initiatives
      • Presidential Initiative
      • Strategic Partnerships
      • Consumer Resources.org
      • International Fellows
      • COVID-19
    • Bankruptcy
    • Policy & Advocacy
  • Events & Training
    • Event Calendar
    • Attorney General Symposium
    • Presidential Summit
    • Capital Forum
    • Region Meetings
    • NAGTRI Trainings
    • Online Learning
    • NAGTRI Faculty
    • Video Library
  • News & Resources
    • Attorney General Journal
    • Reports & Publications
    • Newsroom
    • NAAG Policy Letters
    • Podcasts
    • Online Learning
    • Research & Data
    • Member Directory
  • Attorneys General
    • What Attorneys General Do
    • AGs in the News
    • Who is my Attorney General?
    • Research & Data
    • Awards & Recognition
    • Careers in Attorney General Offices
  • About NAAG
    • NAAG Staff
    • NAGTRI
    • NAAG Leadership
    • NAAG Member Services
    • NAAG Regions
    • NAAG FAQs
    • SAGE
    • NAMFCU
    • Newsroom
    • Careers at NAAG
  • Find my AG
  • NAGTRI
  • Contact Us
  • Log In
  • Find My AG
  • NAGTRI
  • Contact Us
  • Accessibility Statement
  • Privacy & Cookies Notice
  • Sitemap
  • Member Login

About the National Association of Attorneys General

As the nonpartisan national forum for the 56 state and territory attorneys general and their staff, NAAG provides collaboration, insight, and expertise to empower and champion America's attorneys general.
Learn More

© 2021 Copyright National Association of Attorneys General

Website by Yoko Co

Scroll To Top
To provide you more clarity about how we collect, store and use personal information, and your rights to control that information, we have updated our privacy policy, which also explains how we use cookies. You consent to our cookies if you continue to use our website.I Agree