This month, Massachusetts Attorney Maura Healey announced the creation of a new data privacy and security division to protect consumers and police businesses’ use of personal data. The division will be headed by Sarah Cable, who has headed the AG’s cybersecurity and data privacy protection efforts since 2016, and won an $18.2 million settlement following the 2017 Equifax data breach.
In California, Democratic VP hopeful founded privacy protection and “eCrime” units while she was AG; the state has since hired dozens of staffers to enforce the CCPA, and in November voters will decide whether to create a standalone agency focused on state-level privacy laws.
In Florida, the AG’s office has established a dedicated privacy and security enforcement team to triage cybersecurity and data-breach cases and identify cases that are harming consumers
Connecticut’sPrivacy and Data Security Department has a focus on joining cross-state inquiries, such as the $148 million settlement following Uber’s 2016 data breach.
Coupled with legislative efforts such as the CCPA and New York’s Shield ACT, such initiatives show a growing awareness and determination from local officials to take data privacy into their own hands. That creates challenges for companies that need to navigate overlapping and frequently changing regulatory landscapes — and makes it all the more important to streamline your internal data handling procedures, so your data-governance teams can focus their energy on developing procedures and guidelines that will ensure compliance and help you avoid regulatory pitfalls in the months and years to come.