The offices of state attorneys general have an active and growing role in data breach and privacy enforcement. They worked together in 2020 and 2021 on several large multistate settlements and have obtained greater authority over routine cybersecurity – at least 25 states now mandate reasonable security efforts. Speaking at International Association of Privacy Professionals and Practising Law Institute events, leaders from six state AG offices discussed their approaches to breach notifications, top enforcement concerns and tips for companies to best navigate the process. This article also includes commentary from state AG practice specialists at Cozen O’Connor. See “Steps to Protect Privilege for Data Breach Forensic Reports” (Jan. 27, 2021).