On January 12, 2015, President Obama announced a new cyber security initiative during a Federal Trade Commission event. The purpose of the proposed legislation is to build upon the President's prior efforts to protect Americans from cyber threats, while safeguarding personal information and civil liberties. There is a growing perception that individuals have lost control of their personal information; a negative implication of such a view is it may serve as an inhibitor of the use of technology, stymie innovation, and contribute to a less productive economy.
The President's announcement included four key parts:
1) National Standards for Banks and Retailers to Respond to a Data Breach –The Personal Data Notification & Protection Act, a key component to the initiative, will establish a national standard applicable to banks and retailers clearly outlining the notification responsibilities of companies responding to a data breach. Currently, data breach notification requirements are set by the states. The proposed legislation will provide for a 30-day requirement to notify consumers that their personal information has been exposed. The 30-day notification period will be triggered by the day of a breach. The purpose of setting a national standard is to help companies be more proactive when it comes to protecting consumer information by providing certainty through a single, national standard.
2) Free Credit Scores for Consumers – By providing free access to one's credit report, individuals will be able to regularly check for fraudulent transactions and monitor their credit health. Several leading financial institutions have already agreed to participate in the President's program.
3) Consumer Privacy Bill of Rights – This legislation would give individuals the right to determine what personal information may be collected and how it is used. In addition, an individual will have the right to have their personal information stored securely.
4) Student Digital Privacy Act – This Act has two central parts. The first will be to ensure that data collected in the educational context is used only for educational purposes. The second aspect of the legislation will be to prevent the sale of student data to third parties for purposes unrelated to the educational mission and prevent companies from engaging in targeted advertising to students.
It is anticipated that the new legislation, with additional components building upon steps previously taken by the President, will be introduced this week.
To sign-up for future alerts regarding data breach and cybersecurity issues, click here.