Speaking at the US Federal Trade Commission, as a precursor to his recent state of the union address, US President Barack Obama announced plans for the introduction of a suite of legislative changes to deal with cyber threats while safeguarding privacy and civil liberties.
The primary proposals, which are summarised briefly below, flow from a number of recent work streams including the blueprint for consumer privacy launched in 2012, the BuySecure initiative launched last year and the findings of a working group established to examine the issues related to big data and privacy in public services and the commercial sector.
Proposed Personal Data Notification and Protection Act
The central focus of this proposal is to increase the obligations businesses are under to notify customers when their personal information has been exposed, including establishing a mandatory 30-day notification requirement from the discovery of a breach.
Proposed Student Digital Privacy Act
This branch of the legislative framework will be aimed at ensuring that data collected in the educational context is used for such purposes only. The proposals, which are modelled on an existing Californian statute, would prevent companies from selling student data to third parties for any purpose unrelated to the educational mission and from engaging in targeted advertising to students based on data collected in schools.
Proposed Consumer Privacy Bill of Rights
Perhaps the most interesting and far-reaching of the proposals, the Consumer Privacy Bill of Rights, will be aimed at codifying and advancing data protection regulation in the US through applying the globally recognised Fair Information Practice Principles. During his speech, President Obama described the objective as being to “create a single, strong national standard so Americans know when their information has been stolen or misused” and he confirmed that a legislative proposal was expected to be delivered by mid-March 2015.