Obama proposes new privacy laws, including mandatory data breach warnings

Ahead of the State of the Union later this month, the president's proposed laws aim to force companies to disclose hacks and breaches inside a month.
Written by Zack Whittaker, Contributor
President Obama speaks at the FTC ahead of the State of the Union
(Image: live video)

President Obama unveiled Monday proposed laws aimed at protecting Americans' data, after a turbulent year in cybersecurity and data protection.

The three new proposed laws, announced ahead of the president's State of the Union address later this month, land in the aftermath of a year of high-profile hacks and data breaches which affected millions of Americans.

Among the proposals, Obama announced a new federal standard -- dubbed the Personal Data Notification and Protection Act, which would require companies to tell their customers within 30 days from the discovery of a data breach that their information had been compromised.

The White House said on Sunday the draft law aims to replace dozens of state laws, which the president explained do not adequately protect Americans' rights.

Congress, which failed during its last session to address the issue on a federal level, will need to approve the law.

Last year, JP Morgan, Target, and the US Postal Service -- among others -- contributed to the disclosure of hundreds of millions of records in a series of high-profile hacks and data breaches.

The president also announced during his Monday speech that he will resurrect the "Consumer Privacy Bill of Rights" which he announced during the last few months of his first term in office. The privacy bill, which Obama also asked Congress to codify into law, aims to give Internet users the right to control what data is collected and how their data is shared.

A third proposed law, the Student Data Privacy Act, will prohibit tech companies from profiting from data collected on students in schools, amid an increasing drive to bring technology to the classroom.

Apple and Microsoft are on a list of 75 companies that signed a pledge to protect student data.

Consumer and privacy groups have not yet been briefed on the president's proposals, according to The New York Times, but White House officials said they do not anticipate "fierce opposition."

That said, Marc Rotenberg, president of the Electronic Privacy Information Center, told the Times he favored the disclosure of data breaches sooner than 30 days.

Editorial standards