In a speech before the Federal Trade Commission on Monday, President Obama called for new federal legislation intended to protect private customer data in the event of business hackings, and also to prevent technology companies from exploiting the ever-growing amount of data they collect from students as schools become more technology-dependent.
Obama said that various forms of online attack cost the U.S. economy “billions of dollars” each year, and called this “a direct threat to the economic security of American families … If were going to be connected, we've got to be protected.”
Ironically – or perhaps not – while Obama gave this speech, hackers apparently breached the Twitter and YouTube accounts of the U.S. Central Command, temporarily flooding both accounts with messages supporting ISIS terrorists.
The president's proposed Personal Data Notification and Protection Act would, among other things, require companies to inform customers within 30 days of the companies' discovering that customer data has been hacked. The proposed Student Data Privacy Act would make it illegal for tech firms to profit from any student information they collect in schools.
Might be too lax
Thus far, Obama hasn't unveiled the exact details of these proposals, yet some observers fear they might be too lax. For example, 48 out of 50 states already have state-level laws governing how companies must inform customers of a data breach – and some of those state laws are even stricter than Obama's proposed 30-day notification window. Mark Rotenberg, president of the Electronic Privacy Information Center, told the New York Times that he fears a 30-day federal law might pre-empt stronger state laws already in play.
But until the president releases more information, it's still too early to tell. Obama's annual State of the Union speech is next week, and observers think cybersecurity is going to be one of its themes; to that end, Obama and his press office have been dropping “spoilers” regarding upcoming legislative proposals.
As NetworkWorld's TechWatch blog observed: “mentioning anything tech-related in the State of the Union is completely unprecedented — but so is the threat.”