President Barack Obama unveiled new data protection and cybersecurity legislative proposals Monday, including a nationwide data breach notification standard — an issue that’s already received a significant amount of congressional attention.
Most of Obama’s proposals would involve increasing consumers’ ability to control how companies can use, distribute and sell their data. The president said he’s looking to establish privacy rights that would allow customers to forbid companies from collecting data for one purpose, then using it for another. Industry groups are cheering President Obama’s call on Monday for a national data breach bill. The companies would prefer to follow a single national standard than the current patchwork of state laws.
The three legs of the proposal include:
- Enabling Public-Private Sector Information Sharing: Obama’s plan encourages the private sector to share cyber threat information with DHS which would then share it in as close to real-time as practicable with relevant federal agencies and with private sector-developed and operated Information Sharing and Analysis Organizations (ISAOs). Participating companies would qualify for targeted liability protection but would have to comply with certain privacy restrictions.
- Modernizing Law Enforcement Authorities to Combat Cyber Crime: The Administration’s proposal contains provisions that would allow for prosecution of the sale of botnets, criminalize the overseas sale of stolen U.S. financial info, would expand federal law enforcement authority to deter the sale of spyware used to stalk or commit ID theft, and would give courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity.
- Creating a National Standard For Data Breach Notification: The Administration’s updated proposal puts forward one federal statute, and puts in place a single clear and timely notice requirement to ensure that companies notify their employees and customers about security breaches.