States are stepping in to fill the enforcement gaps left by federal agencies, which have limited authority to address foreign data threats.
Several states have sued at least half a dozen companies in the past two years, citing exposure of Americans’ data to China. Their approach has been broad, targeting companies beyond those considered likely targets for the DOJ and FTC, like data brokers and firms handling genomic data.
Erin Prest, a former Privacy & Civil Liberties Officer and Deputy General Counsel at the Federal Bureau of Investigation, told Bloomberg Law that the litigation shows states are “finding ways to make it work with what they have.” She said, “It’s probably not as clean and not as easy as if it were coming at the federal level, but they’re still taking steps to try to protect their consumers.”