Data Security and Privacy Issues Are Top Priority in State of the Union Address

A special to USLAW NETWORK and USLAW DigiKnow

By Karen Painter Randall, Connell Foley LLP, Roseland, New Jersey

In the lead-up to the annual State of the Union Address, President Obama has made clear that cyber security and privacy are top issues facing the country today calling for the need to enact legislation to combat this growing threat in 2015.

Recently, the President spoke at the Federal Trade Commission and National Cyber Security and Communications Integration Center about his plan to enact legislation for the protection of American consumers from identity theft, as well as to adopt better privacy legislation.  The following are some of the highlights of his proposed plan:

• • Federal Standard for Data Breach Notification

 

The proposed Personal Data Notification & Protection Act would require companies to notify customers when their personal information has been exposed, including establishing a 30-day notification requirement from the discovery of a breach, while providing companies with the certainty of a single, national standard.  Currently, almost every state has a different law as to breach notification, making it both confusing and costly for consumers and companies to comply.

• • Making Credit Scores Available to Customers

 

The President stated under the new law, JPMorgan Chase and Bank of America, the USAA and State Employees’ Credit Union, and Ally Financial must make credit scores available to customers free of charge to help prevent and/or spot identity theft.

• • Consumer Privacy Bill of Rights/Student Digital Privacy Act

 

The President announced the introduction of a Consumer Privacy Bill of Rights, which will allow consumers the right to decide what personal data companies collect from them and how companies use that data; the right to know that their personal information collected for one purpose cannot then be misused by a company for a different purpose; and the right to have their information stored securely by companies that are accountable for its use.  The President also revealed the introduction of the Student Digital Privacy Act, which will make sure that data collected in the educational context, is used only for educational purposes. These companies would be prevented from selling student data to third parties and using the information for targeted advertising.

• • Sharing of Information by Private Sector Businesses

 

The President intends to introduce cyber security legislation that will encourage private sector companies to share cyber threat information with the Department of Homeland Security’s National Cyber Security and Communications Integration Center (NCCIC), which in turn will share with relevant federal agencies and the private sector. The legislation would also protect from liability a company that participates in same, as well as encourage private-sector businesses to share this information among them, while protecting the privacy of its customers by removing their unnecessary personal identifiable information.

• • Modernizing Law Enforcement

 

The President announced a push towards modernizing law enforcement authorities to combat cybercrime.  The Administration’s proposal contains provisions that would allow for the prosecution of the sale of botnets, would criminalize the overseas sale of stolen U.S. financial information like credit card and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware used to stalk or commit ID theft, and would give courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity.

While cyber-attacks and data breaches have been a serious threat for years affecting both consumers and the corporate world alike, the recent cyber-attack on Sony Entertainment Pictures, has garnered much attention thrusting the issues to the forefront of mainstream media. Ultimately, it will be important to monitor President Obama’s 2015 legislative agenda to determine what impact, if any, it will have on cyber security and privacy issues facing clients today.