Security Hacking Stories

The Obama Administration Introducing Legislation for Breach Notification

The Obama Administration Introducing Legislation To Implement Breach Notification and Fight Identity Theft

President Obama introduces the Data Breach Legislation.

When a Security breach strikes an organization (such as we have seen with the recent attacks on Home Depot and Target), very often, it is the customer whom is last to find out that they have been a victim of Identity Theft. Then, people question why did the Security hacks occur in the first place, and why was the customer not notified as soon as it was discovered?

It seems that President Barack Obama is now stepping in, and offering legislation to protect the American consumer. At a speech given to the Federal Trade Commission (FTC), the President outlined his plans, which would compel businesses and organizations to be much more forthcoming about Security breaches.  Also, these entities would be required to notify customers within 30 days if their financial or personal information was compromised in any way.

But what is different about this legislation is that the President is attempting to replace the ‘patchwork’ of State laws into one piece of federal, cohesive legislative framework. Here is a direct quote from President Obama from his speech with regards to this:

“We're introducing new legislation to create a single strong national standard so Americans know when their information has been stolen or misused. Right now almost every state has a different law on this and it's confusing for consumers and it's confusing for companies - and it's costly too, to have to comply with this patchwork of laws.”

(SOURCE: https://nakedsecurity.sophos.com/2015/01/13/barack-obama-calls-for-stricter-data-privacy-disclosure-laws/ and http://www.govinfosecurity.com/obama-seeks-to-nationalize-breach-notification-a-7774).

To an overview of the complexity of the varying laws regarding Security breaches and Identity Theft across all of the 50 states, click here:


More information about the Breach Notification bill of 2011 can be found here - http://www.govinfosecurity.com/obama-offers-breach-notification-bill-a-3637


The Components of the Legislation

If passed, this new legislation would be entitled the ‘Personal Data Notification and Protection Act’.  There are specific components to it, which are detailed as follows:

Identity Theft Protection:

Under this, the largest US financial organizations, such as JPMorganChase, the Bank of America, the Fair Isaac Corporation (more commonly known as ‘FICO’), the USAA and State Employee’s Credit Union, and Ally Financial will make credit reports free to their respective customers.  As a result of this, more than 50% of adult Americans will now be able to access their credit scores very quickly, and spot any hints of Identity Theft.


The Student Digital Privacy Act:

This legislative proposal is designed to ensure that any data collected from students will stay only in the educational environment, and will not be used for any other purpose.  The model for this stems from the White House based ‘Big Data and Privacy Review’, released some time ago.  This report mandated that student information could not be sold to any third party, and prevents targeted advertising to students. So far, a total of 75 companies have advocated this new proposal, led by the Future of Privacy Forum, and the Software & Information Industry Association.

The Voluntary Code of Conduct for Smart Grid Customer Data Privacy:

Under this ‘Code of Conduct’, the Department of Energy and the Federal Smart Grid Task Force are gearing up to protect the data of utility customers.  Included in this is the confidentiality of energy usage information, as well as increasing consumer awareness.


The Consumer Privacy Bill of Rights Legislation:

With this piece of legislation, all information garnered from online transactions conducted by the American consumer will not be released to any third party. Also, assurances will be guaranteed that the consumer’s expectations of their right to privacy will not be abused in any manner.


The BuySecure Initiative:

This policy directive will help to make payments made by federal government employees more secure.  This will be achieved by using new Smart Card technology, and upgrading Point of Sale (POS) terminals located at federal agency facilities to accept these cards.  Walmart and Walgreens have also been instrumental in crafting this piece of legislation.

It should be noted that this is not the first time the Obama Administration has introduced legislation to help protect the American consumer from Identity Theft and Cyber related threats.  The last piece of legislation was sent to the House and Senate back in 2011, but it never came up to a vote. 

Are Smart Cards the Answer? I think not, but it will delay the issues for some, and get first adopters to be the new Gineua Pigs for the technology.  With that being said, the Consumers should use their buying power to shop where they feel the most comfortable with what companies are doing to improve their security.