White House Outlines New Cybersecurity Initiatives
Ahead of President Barack Obama's visit to the Federal Trade Commission on Monday, the White House released details about privacy and cybersecurity proposals Obama will discuss there and in his State of the Union speech on Jan. 20.
Here are the biggest takeaways:
Among proposed legislation is the Personal Data Notification & Protection Act, which would require companies that have a data breach to notify customers within 30 days of its discovery. The act would also criminalize “illicit overseas trade in identities.”
The announcement also name-checks Bank of America, JPMorganChase, USAA, State Employees' Credit Union, and Ally Financial for their efforts to expand consumers' access to their credit scores, which can be used as a monitoring tool for identity theft.
Another new proposal is the Student Digital Privacy Act, which would require that data gathered about students through educational programs can be used only in an educational context, not sold to third parties—a measure modeled after a California statute.
In addition, 75 companies have signed a pledge to protect students from having their data used inappropriately, the White House said. The Department of Education's Privacy Technical Assurance Center will also put out a "model terms of service” relating to educational data and its use.
The Department of Energy and the Federal Smart Grid Task Force are putting out a “voluntary code of conduct” for utilities providers and third-party companies that will serve to protect consumer data about energy use, the White House said.
Bill of rights
The president will push for provisions of the 2012 Consumer Privacy Bill of Rights, which lays out principles for online data collection, to be made into a law. A revised legislative proposal with draft legislation is coming in the next 45 days, the White House said.