Last week we summarized the four must-know things regarding the New York Attorney General’s new data security proposal. Commentary still surrounds the proposal and has wide appeal. Christopher Avery offered the following insights to Law 360: "The 47 state breach notification laws are reactive…But the New York proposal, instead of being reactive, is focusing on what are the things that companies can be doing in advance to eliminate the breaches that result in those notifications.” "It would probably make the most sense for Congress to start by enacting a straightforward and sound national data breach notification law and then potentially come back and re-evaluate how effective that is and what data security standards are needed moving forward.”