The offices of state attorneys general (AGs) have assumed active roles in data breach and privacy enforcement. They worked together in 2020 and 2021 on several multistate settlements and have obtained greater authority over routine cybersecurity, with at least 25 states now mandating reasonable security efforts. Privacy and security leaders from six state AGs recently discussed their views about the thousands of breach notifications they field each year and suggested how fund managers and other companies can best navigate the enforcement process. Speaking at International Association of Privacy Professionals and Practising Law Institute events, the regulators also described their approaches to investigations, their top enforcement concerns and recent changes in their regulatory powers and resources. This article also includes commentary from state AG practice specialists at Cozen O’Connor. See “What Fund Managers Can Learn About Cyber-Breach Disclosure From Yahoo’s $35‑Million SEC Settlement” (May 10, 2018).