This blog post has been cross posted from the High Technology Section Blog.
By Megan Baca, CIPP/US, and Georgina Jones Suzuki, CIPP/US
Ropes & Gray LLP
Last Tuesday in his State of the Union address, President Obama indicated that one of his priorities this year will be cybersecurity – in particular, legislation to meet the evolving threat of cyber-attacks, combat identity theft, and protect children’s privacy. The President intends to introduce a Personal Data Notification & Protection Act, to replace the patchwork of state laws governing data breach notification with a national standard that would require companies to report a data breach to customers within 30 days. The legislation would also criminalize overseas trade in stolen identities. The White House will also introduce a revised Consumer Privacy Bill of Rights, building on its 2012 proposal which has since received input from the Department of Commerce. Another key legislative goal will be a Student Digital Privacy Act, aimed at preventing companies from selling student data to third parties for purposes unrelated to education, such as targeted advertising. This bill will be modeled after a California statute enacted last year, the Student Online Personal Information Act. In addition, the White House has updated a legislative proposal to promote the sharing of cyber threat information between the private sector and government.
Cybersecurity laws are more likely to see bipartisan support in Congress, especially compared to other polarizing issues. However, the specific form of any legislative proposal will affect such bill’s prospect for Congressional passage. We may have a glimpse very soon into what such legislation may look like, as a House Energy & Commerce subcommittee will hold a hearing on data breach legislation on January 27. More information about these White House proposals is available here and here.