President Obama is today expected to call for new laws to unify data breach notification requirements across the country, safeguard student data and help individuals spot identify theft quicker.
The announcements will form part of a week long focus on cybersecurity ahead of the president’s State of the Union address next week and are expected to receive broad support from both parties, according to White House documents seen by the New York Times.
The Personal Data Notification and Protection Act will aim to standardize notification requirements so that all companies must inform their customers within 30 days if there’s been a major data breach.
A Student Data Privacy Act, meanwhile, will protect student data from being used by technology companies for profit.
Obama is apparently also set to announce new measures agreed to by industry to better protect home energy data and to enable quicker and easier access to credit scores as a means of spotting identity theft.
“As cybersecurity threats and identity theft continue to rise, recent polls show that nine in 10 Americans feel they have in some way lost control of their personal information — and that can lead to less interaction with technology, less innovation and a less productive economy,” a briefing document seen by the NYT said.
Ken Westin, senior security analyst at Tripwire, welcomed the news.
“Although many states already have laws in place regarding breach notification, with federal legislation it will remove any doubt with regards to the notification periods,” he argued.
“Particularly with the number of high profile breaches over the past year, many companies are reticent to notify consumers when credit card and other data are compromised, simply because of the effect it can have on the business, from loss of trust, lawsuits, fines and fees and other related expenses to clean up the mess after a breach occurs.”