Today, president Obama proposed a new piece of legislation that would order all hacked companies to disclose their breach publicly within 30 days of the companies knowledge.
The president’s new piece of legislation is being informally referred to as the national data breach notification standard. “Right now, every state has a different law,” Obama said, introducing the Personal Data Notification and Protection Act before the Federal Trade Commission (FTC) in Washington, D.C. “It’s confusing for consumers and companies, and costly to comply with this patchwork of laws.”
The current law that mandates state data breach laws is California’s landmark SB 1386, which was put in place back in 2003 near the time data breaches started to be publicized. According to EFF legislative analyst, Mark M. Jaycox, what comes of Obama’s proposed standard must be on par with California’s current enacted law.
“California’s law is simple and gives a very clear standard for notification,” Jaycox told Threatpost. “If any person’s information is leaked, the company has a reasonably quick time period to inform. It stands out for its clarity and simplicity.”
At the time of this article, three states including Alabama, New Mexico and South Dakota have no laws regarding data breach disclosures, meaning companies incorporated in those states are not forced to disclose breach or hack attacks. Leaving possibly affected customers at risk if not properly handled.
In Obama’s meeting, he said the national legislation would be working towards closing current legislative loopholes hindering law enforcements ability to take action against hackers selling Americans personal payment card information online overseas. Obama also said he is scheduled to meet with the Department of Homeland Security (DHS) to help put proper security measures in place to help the private sector defend against cyber attacks.
“This is a direct threat to the economy and the security of American families. We’ve got to stop it,” Obama said, referring to the amass of severe hacks that penetrated companies in 2014, including Target, Home Depot and the devastating Sony Hack. “If we are going to be connected, we need to be protected. We shouldn’t forfeit our privacy when we’re going online to do our business.”
Alongside Obama’s proposed national data breach disclosure standard, he also mentioned a pending piece of legislation called the Student Digital Privacy Act, which aims to protect the personal information of school children that learn in classrooms with modern technology such as computers and tablets. As schools move towards digital textbooks and online classrooms, the proposed legislation aims to stop large corporations from mining and abusing the information of children using digital tools in the classroom.
“We’ve seen instances where companies are collecting student data for commercial purposes for targeted advertising,” Obama said. “Parents have legitimate concerns about those practices. [The legislation] ensures that data collected from students in the classroom is used for education, to teach children, not to market to our children.”
The past two years have been about the countless privacy violations and barrage of data collection on the people, this year may be aimed at the corporations aiding marketers and others that abuse personal information.
Photo via Wikipedia [Public Domain]