Target and Sony Pictures attacks: Barack Obama wants '30 days max' for customer data loss reports
The US government will propose new laws to force companies report customer data losses within 30 days of security breach.
US President Barack Obama will outline the new legislation on Monday 12 January, which will seek to improve the way security breaches are reported to consumers by US companies that hold their financial and personal information.
The proposed laws come in the wake of a period of significant and high-profile cyber-security breaches in the US, which started with the massive Target breach at the beginning of 2014 and ended with the hugely damaging attack on Sony Pictures at the end of last year.
Imposing blanket mandatory breach disclosures on companies will be seen as a positive step by privacy advocates and is unlikely to see much in the way of opposition from other parties in the Senate. The Personal Data Notification and Protection Act, if passed by Congress, will replace what is currently a patchwork of state laws that are very difficult for national companies to comply with.
At the speech to the Federal Trade Commission, Obama will outline his vision for an updated data protection policy that is also set to criminalise the sale of stolen data overseas.
The US president is set to continue to focusing on data protection and cyber-security over the next few days ahead of his State of the Union address on 20 January.
'Lost control of personal information'
"As cybersecurity threats and identity theft continue to rise, recent polls show that nine in 10 Americans feel they have in some way lost control of their personal information — and that can lead to less interaction with technology, less innovation and a less productive economy," according to a White House briefing document on the proposed legislation that the New York Times was shown.
As well as protecting consumer data, Obama is also keen to protect data collected by companies in the education sector. The president will propose a ban on selling student data collected by companies who provide hardware and software to schools and universities.
Companies claim the collection of data is to allow for more customised lessons for students but parent groups have raised worries that it could potentially be sold to third parties or used for targeted advertising.
© Copyright IBTimes 2024. All rights reserved.