“Aloha” Means Cybersecurity, Consumer Multistates, and Swimming with Turtles at Conference of Western Attorneys General

Attorneys General, meeting at the Conference of Western Attorneys General (“CWAG”) on Maui recently, tackled as usual a range of issues from the Rule of Law, an ongoing and important initiative with Mexican police, prosecutors and businesses, to EPA regulatory actions. Through daily multiple panels and Q & A, AGs of several terms’ experience and some still within their first six months of service rubbed shoulders with federal regulators from the FTC as well as the Chief Information Security Officer from Comcast and the General Counsel from LexisNexis.

With some focus on more traditional criminal law enforcement, e.g. how to try a murder case with no body, many of the sessions also addressed cyber issues and consumer enforcement. An update on different state data breach notice laws, noting an uptick on date breaches themselves, and a look at new chip technology in credit cards and payment technologies was a good reminder that AGs are very active in the digital and cyber space and will continue to be.

One presenter from the ID Security Alliance noted that for states, moving to chip and PIN technology, not just chip and signature, would not only provide better security for retailers and consumers but also provide a key tool to permit less fraud and significant savings with SNAP and EBT cards, making sure those entitled get benefits while fraudsters do not.

A lively panel with AG representation and lawyers (some, recent AG staff now in private practice; others with many years of experience with matters before AGOs) discussed the best ways to assist clients to not play ostrich while at the same time not waiving red flags before bullish regulators. Most AGS agreed that a meeting early on can often resolve issues even before a document request or extensive discovery, and that at a minimum a business request to narrow discovery and/or proceed in stages is worth the ask. Pet peeve of businesses? An experienced, focused consumer assistant AG, perhaps not always in direct contact with the AG or first deputy, who may dig in for the long haul or won’t communicate to the subject even if inquiry is winding down or done. Those experienced in representing clients in AG matters found they sometimes did have to go “over the head” of the line assistant and some AGs acknowledged that this practice was not necessarily discouraged. Memo to new AGs: good idea to have a policy and protocol for communication and approval of consumer related investigations to avoid mission creep and keep you advised of what staff is up to.

Note from one panelist:

With new disruptive technologies and business models emerging, AGs should remember that one size does not fit all whether looking at industry-wide issues or just a perceived bad actor. Consumer protection under Unfair and Deceptive Acts or Practices authority needs to keep up with emergent business trends as well as consumer needs. It’s not always as predictable as swimming with turtles in Lahaina Bay.

Leave a Reply

Your email address will not be published. Required fields are marked *