AG Enforcement Trending to New Technology, Says Lawyer

“There's certainly been a trend year over year of state regulators moving beyond personal information, name, social security number, date of birth, driver's license number that we're all used to seeing for the past 20 years,” said Clark. “They're really starting to move beyond that and looking at implementing frameworks where they're seeking to safeguard the functioning of our digital economy.”

“One example of this in the brain tech space is California and Colorado,” she said. "They're looking at ways to protect neural data, ways to classify it as sensitive data, and what to do if that data is misused.”

Wearable technology is also at the center of attention, depending on what data it captures, how it's captured and how it's stored, Clark said. “Players in a video game using immersive technology would imagine certain things are being captured for the game to work correctly, but what if that data is being used for other purposes that would not be anticipated?” she said. “There are other wearable technologies that don't rely on neural or non-neural data … things like your heart monitor that might be capturing certain information. What should be done with that? What are the consumers' expectations, and how is that classified?”

Clark cited a shift in remediation when there is a data breach or security risk. “There's ... always been a lot of focus on the dollar value of any fine issued to an organization,” she said. “What we're seeing again is that AGs are moving beyond just the dollar value and looking at these corrective action plans, because they're really looking to have higher standards across the board to prevent attacks and to respond appropriately.” This can be things like requiring risk assessments or third-party monitoring, she said.