In the wake of high-profile data breaches, President Obama proposed legislation to require companies to notify customers within 30 days of discovering that their personal information was exposed to hackers.
The initiative was one of several data protection measures that Obama said Monday he would present to Congress in his State of the Union address next week.
Pointing to what he called a “landmark” California law, Obama also said that federal protection is needed for information collected from students, who increasingly are using computers, tablets and other electronic devices in the classroom.
The California law, enacted last year, prevents companies from selling student data to third-party firms for purposes unrelated to education, such as sending them targeted advertising.
Obama said Monday that the recent hacking at Sony Pictures Entertainment and data breaches at major retailers showed the “enormous vulnerabilities” of the nation and the economy to cyberattacks. Among major retailers hit by large data breaches were Target Corp. and Home Depot Inc.
“This is a direct threat to the economic security of American families, and we’ve got to stop it,” Obama said in a speech at the Federal Trade Commission, which enforces privacy laws. “If we are going to be connected, then we need to be protected.”
As if to demonstrate the vulnerabilities of digital information, hackers breached the Twitter and the YouTube accounts of the U.S. military’s Central Command, which oversees the war against Islamic State militants in Iraq and Syria, according to the Pentagon.
The cyberattack, which sent out threats to American soldiers, took place at about the same time Obama was speaking.
The president’s initiatives come as he focuses this week on technology issues to be included in his State of the Union address next Tuesday, including strengthening cybersecurity and increasing Internet access.
Obama said privacy and data security are not partisan issues, and he hoped that Republicans in Congress would agree to pass new laws. Key GOP lawmakers said they would work with Obama to address digital privacy.
The White House said the president’s proposal in what is called the Personal Data Notification and Protection Act would “help bring peace of mind to tens of millions of Americans whose personal and financial information has been compromised in a data breach.”
Obama said the proposal to require customer notification of such breaches within 30 days would “create a single, strong national standard” so consumers know when their information is stolen and make it easier for companies to deal with such hacks.
A patchwork of state laws govern data-breach notification, including some that are tougher than what Obama proposed.
California, for example, requires that a company notify customers when it discovers their information has been acquired by unauthorized parties. The company must make the notification “in the most expedient time possible, without unreasonable delay,” a standard many states have.
“California’s been on the front line of strong consumer privacy legislation, and one of the very real consequences of a national bill could be preemption” of the state’s requirements, said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a privacy advocacy group in Washington.
“Thirty days is too long,” he said. “If your wallet goes missing, you’re not going to wait 30 days to figure out where it is.”
Rotenberg recommended that the federal 30-day limit be a basic requirement and that states be allowed to mandate earlier notification. It was unclear if Obama’s proposal would allow states to have tougher requirements, and a White House spokesman did not respond to a request for comment.
Rotenberg said most of Obama’s proposals were “very good” and praised his call for Congress to enact a Consumer Privacy Bill of Rights. The Commerce Department is drafting the specifics in a process that began in 2012.
The White House also said that two of the nation’s largest banks, JPMorgan Chase & Co. and Bank of America Corp., would join other financial firms in making credit scores available for free to their credit and debit card customers.
Obama said credit scores are “like an early-warning system telling you that you’ve been hit by fraud.”