The President stated that his plan would function on a national level and would require companies to notify customers within 30 days after the theft of personal information is discovered. Currently most states have their own laws on how companies must proceed after a cyber breach. However, these laws are confusing when breaches target large enterprises like Anthem or Target, which operate nationwide and have customers and members in almost every state. Obama’s plan is to make a single, federal standard to deal with such breaches. Such a plan would also close loopholes that make it difficult to track cyber criminals overseas.
The proposal is called the Data Security and Breach Notification Act, and is being considered by the House Energy and Commerce Committee. However, critics say that this bill may not mean progress. Instead, privacy advocates are worried that the bill’s current form actually leaves consumers less protected than they are under state laws. In addition, it would also eliminate some national protections.
“Fifty-one states or territories have some sort of data protection legislation on the books — 38 would see the data protection breach notification diminished in some way because this is a preemption law,” said Representative Jan Schakowsky (D-Ill.).
Breach notification standards in the current proposal respond to actual or potential financial harms. Many states, however, have lower thresholds for notification, such as unauthorized access or potential non-financial risks.
The bill would also eliminate protections for consumer data regulating cable and telephone companies. These companies are required to notify consumers of any breach involving private information. Currently these regulations are enacted by the Federal Communications Commission, but the proposal would shift authority to the Federal Trade Commission.
While privacy advocates agree that a uniform national standard is necessary to protect consumers, they are opposed to policies that weaken protections already in place.
Representative Peter Welch (D-Vt.), one of the co-sponsors of the bill, responded to critics by saying that supporters of the legislation will ensure that such weaknesses will be dealt with. “We have been constantly working on the language to make sure that doesn’t happen,” he said.
Whether the proposal becomes law or not, it is important that every person take steps on the individual level to protect their personal information. Here are some tips if you ever find yourself the victim of a data breach:
- Contact the company that was hacked out and find out the extent of the damage and find out what information was stolen.
- Change your online passwords immediately to ensure that your accounts are protected.
- Let your bank and credit card company know about the breach and how your information has been affected.