President Obama made a speech at the Federal Trade Commission recently calling for federal data breach legislation. The proposed legislation, The Personal Data Notification & Protection Act, would create a unified standard, improving the current system of State-by-State laws that companies need to comply with:
“Right now, almost every state has a different law on this, and it’s confusing for consumers and it’s confusing for companies -- and it’s costly, too, to have to comply to this patchwork of laws. Sometimes, folks don’t even find out their credit card information has been stolen until they see charges on their bill, and then it’s too late,” Obama notes.
The new standard would require organizations to notify consumers of a breach within 30 days. The legislation would also make it possible to pursue criminals who steal and sell identities overseas.
The legislation was proposed within a broader set of mandates designed to safeguard American consumers. Obama also spoke to a Consumer Privacy Bill of Rights, legislation which would set forth basic protections and the right for consumers to say what and how their information is used.
There has been a push for national data breach legislation for many years and privacy advocates are optimistic that Presidential support will help push this legislation through. Past attempts to pass federal data breach notification legislation have all stalled. We don’t yet know the details of the proposed Personal Data Notification & Protection Act, but we will stay on top of the news to brief you of any updates.