President Proposes New Legislation To Protect Consumers’ And Students’ Data

President Obama speaking to an audience at the FTC on January 12, 2015.

President Obama speaking about cybersecurity and privacy to an audience at the FTC on January 12, 2015.

From hacks and data breaches to identity theft and good old-fashioned money theft, crime and privacy in the digital world are shaping up to be the big buzzwords of 2015. Protecting consumers from harms like retail and website hacks is one of the bigger, newer challenges facing the feds going forward. Today, President Obama outlined his proposals for some laws that could help protect American consumers online.

The President delivered his proposals in remarks today at the Federal Trade Commission. Saying that cybersecurity “should not be a partisan issue,” President Obama put forth proposals for what he called “basic, common-sense, pragmatic steps that we all ought to be able to support.” They proposals fall into three key areas:

Responses to Data Breaches
Retail data breaches are, for the time being, basically inevitable. But the responses to them are all over the map. Some retailers spend not just days but weeks or even months quietly keeping news to themselves before notifying customers. Others say nothing at all. There is a patchwork of state-level laws requiring affected businesses to notify their customers in a certain window, but there is no nationwide, federal standard.

The proposed Personal Data Notification & Protection Act would tackle that particular gap. The proposal would “clarify and strengthen the obligations companies have to notify consumers when their personal notification has been exposed,” according to a White House fact sheet, including establishing a federal requirement for all companies to notify customers within 30 days of discovering a data breach has occurred.

The President also announced that Chase, Bank of America, and USAA were joining the ranks of banks providing free FICO credit scores to their cardholders (Discover began offering free FICO scores to their customers in 2014), as the CFPB has been urging for nearly a year. He called the free FICO scores “an early warning system telling you if you’ve been hit be fraud,” so that consumers can do something about it sooner rather than later.

Consumer Data Privacy Rights
Citing a poll finding that 9 in 10 Americans feel they have lost control over their personal data, the President said that consumers have a fundamental right to control not only what information companies can collect from them, but also how it is used. Data collected by Company A for one reason should not be able then to be sold or traded to Company B for another reason without a consumer’s permission.

Those tenets, and other “basic baselines across industries,” will form the backbone of the Consumer Privacy Bill of Rights that the administration plans to introduce to Congress.

If the Consumer Privacy Bill of Rights sounds familiar, that’s because this isn’t the White House’s first try. The Obama administration first proposed it in February, 2012 but in the nearly three years since then it hasn’t really gone anywhere. Last year, on the two-year anniversary of the proposal, consumer and civil liberties advocates called on the White House to make the law happen. Congress, however, made no move to act on the earlier proposal.

Student Privacy
And finally, in the “won’t somebody think of the children” department, the White House proposed a set of privacy regulations specifically aimed at educational software and childrens’ data.

While software aimed at children is already subject to some regulations, President Obama expressed concern about the way that educational software companies can use data collected by programs used by schools and teachers. The proposed Student Digital Privacy Act would make it so that companies could not sell student data to third parties for targeted advertising or “any purposes other than education.”

The White House has made a fact sheet covering today’s proposals available on their website. More details about the proposed bills will come out next month, after President Obama makes the need for better cybersecurity protections one of the major themes of his annual State of the Union address on January 20.