Tuesday, January 13, 2015

Obama proposal: Hacked companies have 30 days to fess up

By Jose Pagliery 
January 12 2015
CNNMoney

In a State of the Union preview, President Obama on Monday demanded quicker confessions from companies that lose your data as well as better privacy for students.

One proposed law would give a company 30 days to let you know if your personal information--such as your address or Social Security number--has been exposed by hackers or careless employees.

The Personal Data Notification & Protection Act is an attempt at a nationwide, uniform rule. Right now, there are 47 different state laws that govern data breaches. Depending on the situation, people in some states get notified, while others are left in the dark. It's a mess.

Data breaches are increasingly common. Last year, hackers broke in to Home Depot, Albertson's and so many others that CNN developed it's own tool: What hackers know about you

The president's other proposed law, the Student Digital Privacy Act, is meant to stop the sale of sensitive student data for non-education purposes. Now that students routinely use laptops, tablets, and computer programs at school, lots of that data is being collected--and sometimes sold to advertisers and financial companies.

The fear? That information might be used by money lenders to prey on students--or by colleges or future employers to judge students unfairly. 

"Parents have a legitimate concern about these kinds of practices," Obama said at a midday speech Monday before the Federal Trade Commission. "Our children are growing up in cyberspace."

The president also endorsed the "student privacy pledge", already signed by 75 firms including Apple and Microsoft. It's a promise by companies to only use student data collected at school for education purposes, not observe behavior to target advertisements and not keep data for long. 

Obama said any companies that provide school services and don't sign the pledge will be singled out and censured. 

The president also called for a "consumer privacy bill of rights" that gives consumers the ability to decide what personal data is collected and how it's used. He tried this in 2012, but the idea failed to take off. 

"This should not be a partisan issue. It's one of those new challenges our modern society and crosses our old divides," he said. "We pioneered the Internet, but we also pioneered the Bill of Rights and the sense that each of us as individuals have a sphere of privacy around us that should not be breached."
The administration cited a recent poll that showed 91% of Americans feel they've lost control of their personal information. Last year was so riddled with cyber break-ins that, early on, half of American adults had their personal information exposed.
"The more we protect consumer data, the harder it is for hackers to damage our businesses and hurt our economy," Obama said.
Other privacy and security bills
The national consciousness for cybersecurity peaked with the Sony hack over the holidays.
As a result, expect to hear a lot more about privacy and cybersecurity from politicians in 2015. Some in Congress are trying to revive a controversial cybersecurity bill that increases information sharing between companies and government to stop hackers.
The nameless bill, H.R. 234, was introduced to the House of Representatives on Friday by C. A. Dutch Ruppersberger, a Democrat from Maryland.
It's essentially another go at the Cyber Intelligence Sharing and Protection Act (CISPA), which passed the House in 2012, but got knocked down in the Senate.
The idea is to provide basic rules to develop closer bonds between law enforcement and all types of companies: banks, energy providers, retailers, etc.
When hackers attack an industry, companies already share some information. But they often hold back data, afraid to give competitors an edge or admit they were hacked. Also, the tips they get from the FBI and Department of Homeland Security are late and vague, because few companies have permission to know "classified" government secrets.
This proposed law would protect firms from lawsuits related to this kind of data sharing and make them government insiders. But these ideas scare privacy advocates, because they could be used as a blanket excuse for snooping on your personal life. That's why President Obama threatened to veto it the first time around.

No comments:

Post a Comment