Responding to the escalating threat of cyber-attacks, notably the high-profile breach and release of Sony’s internal documents, President Barack Obama on Monday proposed several new initiatives and legislative proposals intended to enhance data security, combat identity theft, secure utility company data, and protect student privacy rights.
The announcement, made at the headquarters of the Federal Trade Commission, will also be incorporated into the annual State of the Union Address. A breakdown of the proposals follows:
Personal Data Notification & Protection Act
This legislative proposal seeks to clarify and strengthen the obligations companies have to notify customers when their personal information has been exposed. It establishes a 30-day notification requirement from the discovery of a breach and criminalizes illicit overseas trade in identities.
Student Digital Privacy Act
This proposed bill, modeled on a California statute, builds upon the recommendations of the White House’s Big Data and Privacy review released earlier this year. It would prevent companies from selling student data to third parties for any purpose unrelated to educational reasons. It would also prohibit them from engaging in targeted advertising to students based on data collected in schools.
Code of Conduct for Smart Grid Customer Data
On Monday, the Department of Energy and the Federal Smart Grid Task Force released a new Voluntary Code of Conduct (VCC) for utilities and third parties aimed at protecting electricity customer data, including energy usage information. The Code reflects a year of expert and public consultation, including input from industry stakeholders, privacy experts, and the public. As companies begin to sign on, the VCC is intended to help improve consumer awareness, choice and consent, and controls on access.
Consumer Privacy Bill of Rights
That “online interactions should be governed by clear principles that look at the context in which data is collected and ensure that users’ expectations are not abused,” were key themes of the Obama Administration’s 2012 Consumer Privacy Bill of Rights. On Monday, the Commerce Department announced the completion of its public consultation on revised draft legislation. Within 45 days, the Administration will release a revised legislative proposal.
Secure Federal Payments
In October, as part of the White House’s BuySecure Initiative, the President issued an Executive Order presenting a new policy to secure payments to and from the Federal government by applying chip and PIN technology to newly issued and existing government credit cards, and upgrading retail payment card terminals at Federal agency facilities to accept chip and PIN-enabled cards. This accompanied an effort by major companies like Home Depot, Target, Walgreens, and Walmart to roll out secure chip and PIN-compatible card terminals in stores across the country.
Preventing Identity Theft
The White House also announced new efforts to assist victims of identity theft, including its support of the FTC’s development of a new one-stop resource for victims, IdentityTheft.gov, and expanding information sharing to ensure Federal investigators’ ability to regularly report evidence of stolen financial and other information to companies whose customers are directly affected.
It was also announced that JPMorgan Chase and Bank of America, in partnership with Fair Isaac Corporation (FICO), will join the list of firms making credit scores available for free to their consumer card customers. USAA and State Employees’ Credit Union will also offer free credit scores to their members, and Ally Financial will make credit scores available to auto loan customers. The additions mean that more than half of all adult Americans with credit scores will now have access to the tool to help spot identity theft.