“If we’re going to be connected, we’ve got to be protected.” With those words President Barack Obama unveiled new consumer privacy legislation and new cybersecurity and privacy partnerships between the federal government and the private sector at the Federal Trade Commission (FTC) on January 12, 2015. The president recognized that the growing problem of cyber-attacks costs the U.S. billions of dollars, and stated that cybersecurity incidents were “…a direct threat to the economic security of American families, and we’ve got to stop it.”
The president’s new security initiatives include:
Initiatives to Improve Consumer Confidence and Fight Identity Theft
Initiatives to Safeguard Student Data in the Classroom and Beyond
Convening the Public and Private Sector to Tackle Emerging Privacy Issues
Promoting Innovation by Improving Consumers’ Confidence Online
The president will discuss his new proposed measures in more detail during the State of the Union address. The new initiatives build on the president’s previously announced consumer privacy and anti-identity theft proposals that include the BuySecure Initiative, which requires the use of chip and PIN technology in government credit cards and for federal agency facilities to update transaction terminals to use this technology, and new steps by the government to detect identity theft and help identity theft victims.
Impact on Business
The new laws would impose significant new restrictions on businesses’ use of student information, as well as restrict the collection, use, and disclosure of consumer information. Businesses should minimize the amount and type of data they collect to only what is necessary to perform the service they provide. Businesses may also begin to receive queries from consumers and business partners if they have adopted and comply with the applicable voluntary privacy practices.
It is unclear if and when Congress will act on the new bills – Congress has either stalled or rejected previous cybersecurity bills. The new breach notification law, if enacted, will set a standard notification period for businesses that suffer a security breach that exposes personal information and will significantly simplify businesses’ efforts to comply with the various time periods set forth in each state’s breach notification law. In the past, the challenge to passing a federal breach notification law was whether the law would preempt stricter state laws. While businesses are hoping for a single standard, privacy advocates are pushing to keep stricter state laws intact.
Additional information on these initiatives is available on the White House website.
Legal News Alert is part of our ongoing commitment to providing up-to-the-minute information about pressing concerns or industry issues affecting our clients and our colleagues. If you have any questions about this update or would like to discuss this topic further, please contact your Foley attorney or the following:
Chanley T. Howell
Steven M. Millendorf
San Diego, California
Let’s Talk Compliance | Provider Relief Fund: Reporting Requirements and Compliance Concerns