Today, President Obama announced a series of new bills and voluntary partnerships the White House will launch in order to further protect individual privacy in the wake of several high-profile data breaches at major U.S. and multinational companies. Speaking at the Federal Trade Commission, the president announced that the White House will send Congress two pieces of proposed legislation in the coming weeks.
The first, dubbed the “Personal Data Notification and Protection Act” would create a single, national standard for notifying impacted consumers of a data breach at a private company. The draft legislation would require companies to notify customers within 30 days of the discovery of a breach. The legislation would likely preempt the patchwork of a multitude of state laws pertaining to breach notification. While business interests will likely greet the announcement favorably, several privacy groups are worried that the draft bill could create a weaker standard than is already in place in several states, while not allowing states to enact or retain stronger standards. The bill would also criminalize illicit overseas trade in identities.
President Obama also announced the release of the “Student Data Privacy Act,” draft legislation intended to protect student data as schools and teachers adopt newer technologies into the classroom. The draft bill would prohibit private companies from profiting via the sale or use of student data collected in schools, especially for use by third parties for targeted advertising. The president highlighted previous commitments by 75 companies who have pledged to protect student privacy and challenged other companies to do so as well. Going further, he announced that the White House will also issue a forthcoming model terms of service for education technology, as well as teacher training assistance that will seek to ensure that educational data is used appropriately and in accordance with educational missions.
The president’s announcements today kick off a week-long focus on privacy and data security, including a visit to the National Cybersecurity and Communications Integration Center on Friday, all leading up to his annual State of the Union Address to Congress on January 20, 2015. In addition to the release of the two draft bills, the president also touted new, voluntary agreements by several companies, including Bank of America, JP Morgan Chase, and the Fair Isaac Corporation to make personal credit scores available for free to their customers. The White House believes easier and free access to credit scores will help serve as an “early warning system” for consumers to spot and remedy cases of identity theft.
Additionally, the president announced the release of the Department of Energy and the Federal Smart Grid Task Force’s voluntary code of conduct to protect data about consumers' electricity use collected by smart grid technology. The code is based on a year of work by the Energy Department and the Federal Smart Grid Task Force, in consultation with industry, privacy advocates and the public. He also renewed his call for a bill that establishes a baseline consumer privacy bill of rights, which the White House released in 2012. The White House plans to release a revised proposal based on the Commerce Department’s consultation with the public within the next 45 days. The president’s initiatives today build on actions he took last October, including an executive action to roll out a program called BuySecure to improve government payment security, and enhancement of identitytheft.gov, a consumer website managed by the Federal Trade Commission.
Congressional Republicans’ responses to the president’s announcements have been positive. Reps. Fred Upton (R-MI) and Michael Burgess (R-TX) — chairmen of the House Energy and Commerce Committee and subcommittee on trade, respectively — both stated that they welcomed the president’s actions and focus on privacy and cybersecurity. Senate Commerce Committee Chairman John Thune (R-SD) also applauded President Obama’s input on cybersecurity ahead of presidential Hill meetings to be held on Tuesday, January 13, 2015.
Correction: an earlier version of this post stated the President would be visiting the NCCIC on Friday, January 16, 2015. The President will visit the center on Tuesday, January 13, 2015.