Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 3 MINUTES AGO.
You are here: Home / Customer Data / White House Pushes Data Hack Law
White House Pushes for Privacy and Data Hacking Laws
White House Pushes for Privacy and Data Hacking Laws
By Dan Heilman / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
12
2015
President Barack Obama on Monday called on Congress to enact federal legislation that would force American companies to be more forthcoming with information and updates when credit card data and other consumer information are stolen in online breaches.

The move follows high-profile breaches at retailers and other companies last year including Target, Sony, Home Depot and Neiman Marcus.

In addition to the customer notification legislation, Obama will also ask lawmakers to pass the Student Digital Privacy Act. The measure would prohibit companies from selling student data to third parties, a move spurred by the increased use of technology in schools that can scoop up personal information.

One National Standard

The Personal Data Notification and Protection Act would create a single, national standard that would obligate companies to inform their customers within 30 days after discovering their data has been hacked. The proposed act was announced by Obama Monday during a speech at the Federal Trade Commission (FTC).

Obama said that the current assortment of state laws covering hacking incidents does not sufficiently protect Americans and is a burden for companies that do business across the country. The president's proposals are part of a weeklong focus on privacy and security ahead of next week's State of the Union address.

If passed by Congress, the Personal Data Notification and Protection Act could require companies located in the United States to notify customers within 30 days after their personal information has been compromised. Recent hackings have exposed the lack of uniform practices for alerting customers in the event of a breach. The legislation, which would be partly based on an existing statute in California, would also make it a crime to sell customers' identities overseas.

"As cybersecurity threats and identity theft continue to rise, recent polls show that nine in 10 Americans feel they have in some way lost control of their personal information -- and that can lead to less interaction with technology, less innovation and a less productive economy," according to a White House briefing document on the proposed legislation.

30-Day Shot Clock

We reached out to Rick Holland, principal analyst, Security & Risk Management, at Forrester, who told us that many companies don't provide breach notification unless they are compelled to do so via regulatory means. He said that Obama's proposal would address that issue.

"It would also reduce the extreme complexity of domestic breach notification laws," Holland told us. "There are entire consulting practices around helping companies understand who, what and how they must provide breach notification. A national breach notification law with a high-water mark would be a good step towards better protecting consumers."

Under the proposed law, the discovery of a breach would trigger a 30-day "shot clock" that requires notification of customers and clarifies when breaches must be disclosed. The FTC would have the power to issue penalties to companies that did not comply.

"One downside of a 30-day shot clock is that often times incident response activities are still continuing and required notification could tip off the adversary that the company is investigating the intrusion," Holland said. "This, however, is more likely to benefit the company versus the consumer."

It's unclear whether the new Republican-led Congress will take up either of Obama's legislative proposals or whether policy disputes in other areas could delay congressional action on the proposals.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN CUSTOMER DATA

NETWORK SECURITY SPOTLIGHT
President Trump has banned the U.S. government from using Kaspersky. The Russian cybersecurity company has been accused of -- but denied -- being in cahoots with Kremlin espionage.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.