With recent high profile cyber‐attacks against Sony and other companies, data hacking has quickly risen to forefront of issues on the President’s agenda. That’s why, as widely anticipated, the President took the opportunity during his recent 2015 State of the Union address to urge Congress to enact additional cyber security protections, including legislation that would introduce data breach notification laws requiring companies to notify affected consumers within 30 days of an attack.
As the President cautioned during his State of the Union address, “[n]o foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber‐attacks, combat identity theft, and protect our children’s information.”
Privacy advocates, like the Electronic Frontier Foundation, have cautioned that any new legislation threatens to undermine consumer privacy. In addition, watered down federal legislation could unwittingly weaken existing laws in some states like California if it preempts state laws that are more restrictive than any federal law eventually enacted. For now, companies and consumer advocates should continue to monitor what action, if any, may be taken at the federal level. At this point, it is not clear that this Congress will pass such legislation given the current political climate.