On July 7, 2015, forty-seven state and territorial attorneys general sent a letter to Congress requesting that any national law on data breach notification and data security not include a preemption provision and instead preserve their roles in protecting consumers against data breaches and identity theft. The letter cites the importance of state-level legislation and enforcement in combating injuries to consumers involving privacy violations and identity theft. The letter notes that data breaches are too numerous "for any one agency to respond effectively to all of them," and that certain data breaches may be too small for priority at the federal level, but could have significant regional impacts. The letter is available here