President Obama proposed two new data protection laws Monday, calling cybercrime a "direct threat to the economic security of American families." One of the measures, the Personal Data Notification and Protection Act, would give hacked businesses 30 days to notify customers of a data breach.
The customer-minded bills would enact new requirements for businesses and reduce the amount of effort in finding out if your information has been stolen in a security breach. They also would create a cohesive federal model for state legislators, who have been largely on their own when trying to compel companies to be more transparent.
Cybercrime “is a direct threat to the economic security of American families and we’ve got to stop it,” Obama said in a speech at the Federal Trade Commission in Washington. His policy initiative comes one week before the State of the Union address and after a year in which trusted corporations from Home Depot to JPMorgan Chase and Sony found themselves hacked.
The president also proposed the Student Data Privacy Act, which would prevent companies from profiting from information obtained in an educational setting. The inspiration for the act came from California’s student privacy law, which Obama described as a “landmark law” for protecting children in the digital age.
“Before states had these laws, consumers rarely heard about data breaches,” Pam Greenberg, a privacy and technology researcher at the National Conference of State Legislatures, told International Business Times. “Now, they are notified if their personal information has been compromised, and they can take action to protect themselves from fraud or identity theft by monitoring their records or closing credit card accounts.”
Indeed, experts hope the federal recommendations also will provide state leaders with enough freedom to make their own laws applicable to each state.
“We support the president’s effort to strengthen U.S. privacy laws,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, who warned against impeding individual states with an overly broad law.
“There should be a federal baseline,” he said. “The federal standard should leave room for strong state laws. We also think that Washington has a role to play here, but it’s a baseline role.”
The White House also has convinced a number of major financial institutions – including Bank of America, USAA, Allied Financial and JPMorgan Chase, which was recently hacked by foreign cyber thieves – to make it possible for customers to easily check their credit report, a reliable method of detecting identity theft early.
Meanwhile, 75 companies, Apple and Microsoft among them, have voluntarily agreed to protect privacy for students, teachers and parents as educational technology becomes more popular.
Both the Personal Data Notification and Protection Act and the Student Data Privacy Act have a good chance of becoming law. There would be a single uniform policy for businesses to follow, as opposed to nearly 50 different laws, and many states have passed legislation with support from both sides of the aisle.
“This should not be a partisan issue. It should be something that unites us all as Americans,” Obama said Monday. “It’s one of those new challenges that unites our modern society and crosses the old divides. ... We pioneered the Internet but we also pioneered the Bill of Rights and the sense that each of us as individuals have a sphere of privacy around us that should not be breached.”