Obama calls for US data breach notification law, privacy bill of rights

The White House will push Congress to pass new laws addressing data privacy and ID theft, the president says

U.S. President Barack Obama announces new data privacy initiatives during a speech at the Federal Trade Commission.

U.S. President Barack Obama announces new data privacy initiatives during a speech at the Federal Trade Commission.

U.S. President Barack Obama will push Congress to pass a law requiring companies that are victims of data breaches to notify affected consumers within 30 days and a second law that gives consumers more control over their digital data, he said.

Obama will call for a national data breach notification law and a Consumer Privacy Bill of Rights in ID theft and privacy initiatives in his State of the Union speech Jan. 20, he said Monday at the Federal Trade Commission.

Neither of those proposals is a new one -- the White House first called for a consumer privacy bill of rights in February 2012 and has backed a national breach notification law for years -- but Congress has failed to pass those proposals. With a growing number of data breaches coming to light, it's important for Congress to protect Internet users from a "direct threat" by hackers, Obama said.

"If we're going to be connected, then we need to be protected," Obama said. "As Americans, we shouldn't have to forfeit our basic privacy when we go online to do business."

More than 45 states have their own data breach notification laws, but there's no national standard. A lack of a national standard confuses consumers and raises compliance costs for companies, Obama said. "Sometimes folks don't even find out their credit card information has been stolen until they see charges on their bill, and then it's too late," he said.

The privacy bill of rights would allow consumers to decide what pieces of their personal data are collected by companies and decide how the data is used. The legislation would allow consumers to prohibit companies that collect their data for one purpose to use it for another purpose, Obama said.

Obama will also push Congress to pass a student digital privacy bill that would limit companies that collect data as part of educational services to use it only for educational purposes. The proposal would prohibit companies from selling student data to third parties for non-educational purposes and from using data collected in an educational setting to deliver targeted advertising.

Educational technology is delivering great benefits, but some companies have explored other ways to use the collected data, Obama said. "We want our kids' privacy protected, wherever they sign on or log on, including at school," he added. "We're saying that data collected from students in the classroom should only be used for educational purposes to teach our children, not to market to our children."

Obama noted that 75 educational tech companies have signed a pledge to protect parents, teachers and students from the misuse of personal data. Obama called on other educational tech companies to sign the pledge.

"If you don't joint this effort, we intend to make sure those schools and those parents know you haven't joined this effort," he said.

The push to provide consumer and student privacy protections shouldn't be a partisan issue in Washington, D.C., Obama said. The issue "transcends politics and transcends ideology," he said. "Everybody's online, and everybody understands the risks and vulnerabilities, as well as opportunities that are presented by this new world. Business leaders want their privacy and their children's privacy protected just like everybody else does."

Obama is scheduled to announce additional cybersecurity proposals on Tuesday and a broadband expansion plan on Wednesday.

Several groups applauded Obama's ID theft and privacy efforts, including the National Retail Federation, which praised his call for a national data breach notification law. Obama's proposals will "protect consumers while providing much-needed focus on concrete steps that can be taken now in order to protect consumers and businesses alike from cybercriminals," the trade group said in a statement.

But Obama's proposals related to a privacy bill of rights and student privacy may limit legitimate uses of collected data, said Daniel Castro, a senior analyst with tech-focused think tank, the Information Technology and Innovation Foundation.

The privacy bill of rights "would limit opportunities to use data-driven innovation across a variety of fields," Castro said in a statement.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags Information Technology and Innovation FoundationU.S. Federal Trade CommissionNational Retail Federationonline safetyU.S. White HouseregulationU.S. CongressgovernmentBarack ObamaprivacyDaniel Castrosecurity

More about BillFederal Trade CommissionIDGNewsTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts