About two years ago, President Obama signed an executive order on the date that he delivered his State of the Union address which directed certain federal agencies to develop voluntary standards for achieving cybersecurity. Preparing for his 2015 State of the Union address, Bloomberg and other news outlets are reporting this morning that President Obama will be proposing legislation, including the Personal Data Notification & Protection Act, designed to increase protections for personal data. This announcement comes in advance of the President’s visit to the Federal Trade Commission today, and apparently will be a topic during the coming State of the Union address later this month.
According to the reports, the President wants a national standard for data breach notification, one that requires notice to customers within 30 days of discovering the breach. Criminal sanctions also would be enacted for persons engaged in illegal trading of identities, the economic engine behind massive payment card breaches. The President’s proposal also would tighten protections for student data and consumer data pertaining to energy use. The President also will seek to enact into law provisions of the Consumer Privacy Bill of Rights that the White House issued in February 2012.
Over the past 10 or so years, there have been many calls for broad-based data security measures at the federal level, including a national data breach notification standard. Many members of the House and Senate proposed a number of laws in this area. Those efforts have largely failed. Whether the President’s call for action following a year of massive data breaches will yield a different result remains to be seen, particularly as the Republican Party has a stronger grip on the legislative branch.