On Monday, President Obama will propose the first ever national data breach notification law, requiring firms to notify customers when their personal information is inadvertently exposed within 30 days of an incident.
The legislative proposal is one of several cybersecurity efforts pushed by the White House to be addressed in the President’s State of the Union speech next week.
According to The New York Times, a White House briefing document stated:
“As cybersecurity threats and identity theft continue to rise, recent polls show that nine in 10 Americans feel they have in some way lost control of their personal information – and that can lead to less interaction with technology, less innovation and a less productive economy.”
If enacted, the Personal Data Notification and Protection Act would override the distinct laws currently in place across 47 states.
“Although many states already have laws in place regarding breach notification, with federal legislation, it will remove any doubt with regards to the notification periods,” said Tripwire security analyst Ken Westin.
Particularly with the number of high profile breaches over the past year, many companies are reticent to notify consumers when credit card and other data are compromised, simply because of the effect it can have on the business, from loss of trust, lawsuits, fines and fees and other related expenses to clean up the mess after a breach occurs.
“It will be interesting to see how the government will enforce [this new rule], and if it will have any effect on companies seeking assistance from law enforcement when there is a breach,” added Westin.
Additionally, President Obama intends to enact the Consumer Privacy Bill of Rights aimed to ensure American’s confidential information is kept securely in the hands of financial services companies.
Furthermore, a new Student Digital Privacy Act would prohibit technology companies from profiting on students’ personal information.